Senior Manager Project Management

Scott Travis Crowell *****.*********@*****.***

***** ****** ****** **** ***.linkedin.com/in/scott-travis-crowell

Katy, Texas 77494

713-***-**** (cellular)

Core Competencies

Regulatory Compliance Risk Management & Remediation Change & Project Management Portfolio Management Client Engagement & Relationship Building Stakeholder Engagement & Collaboration Client & Vendor Onboarding & Implementations Financial Oversight Strategic Leadership Cross-Group Collaboration Analytical Problem Solving

Work Experience

Senior Manager, Innovation, HITRUST; Frisco, Texas August 2023 – December 2024

Led the HITRUST Shared Responsibility & Inheritance Program which enables HITRUST certified organizations to inherit the assessment scores of their certified vendors (primarily cloud service providers)

Developed a control inheritability assessment process to both streamline and automate the assignment of inheritability values to new and modified controls within the HITRUST Common Security Framework (CSF)

Worked closely with Cloud Service Providers (CSPs) to create tailored Shared Responsibility Matrices (SRMs) used by the CSPs and their assessors to facilitate the inheritance of control scores for controls fully or partially owned by the CSPs

Worked daily with Client Services to respond to frequent requests from assessors, HITRUST certified organizations, and CSPs regarding inheritance and SRM interpretation

Onboarded third-party providers to the application using automated tools such as AI to link their solutions to the relevant HITRUST CSF controls and developing the application user guide

Developed functional requirements for the HITRUST Product and Services Directory application which links controls within the HITRUST CSF to products and services owned by third-party providers, enabling HITRUST certified organizations to quickly identify available solutions for their business needs

Promoted effective partnership among cross-functional teams and provided day to day direction for core team

Facilitated weekly meetings with project delivery teams, stakeholders, and project sponsors on a regular basis regarding project updates, tasks, and risks to ensure projects remained on track

Proactively identified and managed risks, issues, task sequencing, critical pathways and cross-project dependencies

Vice President, Head of Global Third-Party Audit, Fiserv Inc.; Sugar Land, Texas September 2022 – August 2023

Led team of 40+ associates responsible for managing the timely delivery of Fiserv’s 250+ annual PCI-DSS, PCI PIN, PCI Card Production, and SOC 1 & 2 + HITRUST assessments and certifications as well as other mandated audit, compliance, and certification obligations

Owned annual budget of over $15 million in assessor and auditor fees and expenses and managed the relationship between Fiserv and all external audit and assessor firms

Prepared and delivered frequent reporting on audit status and results to the Chief Controls & Compliance and Chief Risk Officers

Aligned cross departmental functional leads in discussion and organization of potential solutions to identified problems

Understood potential resource (financial and labor) constraints in implementation of various solutions and pivoted accordingly

Worked closely with all Fiserv business units to identify audit needs and properly scope all external audits

Facilitated the issuance and gathering of 18,000 annual audit evidence requests from external auditors

Validated and communicated all audit findings to process and control owners and led efforts to draft management responses and tracked issue remediation to completion

Vice President, Risk & Compliance Officer, Fiserv Inc.; Sugar Land, Texas August 2015 – September 2022

Led Risk & Compliance team for Fiserv’s second largest Business Unit, Fiserv Output Solutions (FOS)

Developed internal and external facing controls, and risk & compliance policies, processes, and procedures

Worked directly with several departments including operations, finance, accounting, technology, privacy, business continuity and disaster recovery, IT infrastructure, legal, cyber, physical security, and human resources to identify, measure, quantify and monitor risk associated with functions, products, and services and their potential organizational impact

Led execution of the FOS business risk program across the various products, services, and industries including healthcare, financial services, insurance, and government

Facilitated business unit-level audits including SOC 1 & 2 + HITRUST, PCI-DSS, PCI Card Production, and corporate internal audits

Facilitated 100+ business unit-level audits and assessments in support of FOS client’s third-party compliance requirements

Provided ongoing governance and support of risk and compliance activities and monitored and validated compliance with applicable corporate policies and external standards, regulations and legislation including PCI, HITRUST, NIST, ISO-27001, & AICPA

Supported the sales and product teams from a risk and compliance standpoint during the request for proposal (RFP) and contract negotiation processes

Ensured all new client and vendor contracts met Fiserv standards from a risk and compliance standpoint working closely with legal, the business, and clients/vendors

Global IT Internal Audit Manager, CEVA Logistics; Houston, Texas July 2010 – August 2015

Performed yearly enterprise risk assessments to determine the upcoming year’s global IT audits

Scoped, planned, and managed global internal audits ranging from applications, IT General Controls, integrated audits, data centers, project audits, software licensing and other special request audits as they arise

Discussed and validated audit findings with business/application owners and produced audit reports to be distributed to senior management and the audit committee

Worked closely with process/financial internal audit team to ensure that IT audits were in line with business needs

Member of Global Compliance Committee responsible for developing and implementing internal controls and their associated policies and procedures

Senior Manager, Grant Thornton; Houston, Texas August 2006 – June 2010

Managed engagement teams responsible for completing business process and information technology internal controls documentation, attest readiness, control environment scoping, testing, and reporting for both internal and external audit clients

Acted as the practice leader for information technology external audit support responsible for performing risk assessments, scoping internal controls work with audit teams, planning with client management, managing all fieldwork, and communicating issues to client management and audit committees

Member of region wide leadership team responsible for developing information technology internal controls testing tools and methodology used on all audit support engagements

Performed several practice management duties including coaching and mentoring, campus recruiting, engagement scheduling, staff training, client billing, and practice development

Provided software selection services for clients including documenting business and technical requirements, vendor communication, facilitate software demonstrations, calculate total cost of ownership, and consulted on management’s decision

Manager, PricewaterhouseCoopers (PwC); Houston, Texas April 2002 – August 2006

Managed project teams during Sarbanes-Oxley (SOX) compliance projects working with the companies’ internal audit group, information technology group, and business units during the SOX certification process while educating the various departments and locations in the on-going requirements related to attestation and certification

Documented and tested business processes and Information Technology General Controls (ITGCs) and the internal controls related to those processes while identifying control weaknesses and potential risks

Provided external audit support to middle market client audit teams, specifically general computer controls reviews including security, disaster recovery, backup and restoration, system maintenance, development and implementation review, change management, and information technology infrastructure

Performed information technology process and controls reviews reporting findings to management and assisting the companies in evaluating, resolving, and remediating any control deficiencies

Assisted clients in the financial software selection process while documenting current business processes and designing and streamlining future business processes

Manager, Enron Corporation; Houston, Texas September 2001 – December 2001

Managed team responsible for implementing a Lodestar/Siebel billing and customer service solution for Enron Energy Services (EES) retail gas and power subsidiary

Worked with implementation partner and software vendor to gather and define end user requirements and worked with technical team to define interface and conversion requirements and capabilities

Assisted business users in designing business and system architecture and processes and facilitated demonstrations between business users and software vendors

Assisted in the development of project work plans and mapping business user requirements to software capabilities and reported project status to project steering committee and other Enron leadership

Education

University of Houston, Clear Lake Bachelor of Science, Accounting

Certifications & Memberships

Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), HITRUST Certified Highly Qualified Professional (CHQP), HITRUST Certified CSF Practitioner (CCSFP)

Information Systems Audit and Control Association (ISACA)

Contact this candidate