Information Technology Financial Services
Resume:
OBJECTIVE
Pro-active leader and mentor with management experience overseeing information technology audits, SOX testing, operational audits, risk assessments, quality assurance reviews, and fraud investigations seeking a leadership position within the financial services industry.
PROFESSIONAL PROFILE
Information Technology Audit Management professional with over 25 years of audit experience. Proven leader with the ability to be a detailed oriented individual with the capacity to view and approach processes from a broad perspective, as they would pertain to an organization’s strategic position. Value added recommendations consistently delivered around implementation of security and application best practices in the financial services industries, including compliance with applicable regulations and standards (FINRA, PCI-DSS, GLBA, FFIEC, and Cybersecurity (NIST)). Project leader with a track record of achievement for analyzing business processes, procedures and activities to identify information technology related issues and formulate recommended solutions. Well-versed communication skills to both mid-level and executive leadership.
EXPERIENCE
Dr. Amy Boyd, LLC November 2024 – Present
Chief Operating Officer (Temporary Consulting Role)
Spearheaded the development and strategic planning of Standard Operating Procedures (SOPs) to support the company’s growth trajectory toward achieving 7 figure revenue milestones
Sandy Spring Bank August 2024 - November 2024
(announced merger with Atlantic Union Bank in October, 2024)
Senior Audit Director, Information Technology and Security, Vice President
Oversee the information technology audit function and related aspects at Sandy Spring Bank
Manage co-sourcing relationship with third parties (Protiviti)
Vendor Management
Data Privacy/GLBA
Data Center
Information Security
Information Technology SOX
Oversee the audit recommendation validation and testing process
Develop a Continuous Monitoring process and develop relationships with key stakeholders (e.g. – CTO, CISO, PMO)
HTLF Bank January 2022 – August 2024
(announced merger with UMB in April, 2024)
Information Technology Audit Director, Vice President
Oversee the information technology audit function and related aspects at Heartland Financial Bank (HTLF)
Successfully brought IT Audits (previously outsourced) back in-house to the HTLF Audit environment
Oversee the risk assessment process related to information technology and perform internally (previously outsourced)
Audit Group liaison to Federal Reserve Board and FDIC examiners, external audit (KPMG) and consultants (e.g. - NetSpi, Crowe, RSM, and Protiviti)
Formulate an application risk assessment in order to streamline and drive the Audit Department’s integrated audit program
Develop and initiate the integrated audit testing program within HTLF Audit.
Evaluate, develop, and mentor IT Audit staff
Oversee the audit recommendation validation and testing process
Develop relationships with key stakeholders (e.g. – COO, CRO, CIO, CISO, etc.) in order to establish an ongoing and effective Continuous Monitoring program
M&T Bank June 2017 – January 2022
IT Audit Manager, Vice President
Responsible for attesting to the effectiveness of controls and formulating recommendations for enhancing internal controls related to information technology
Manage the risk assessment process related to information technology
Manage and oversee integrated audit testing within the asset management and wealth environments
Audit Group liaison to senior and executive management, bank examiners, external audit and consultants.
Hire, evaluate, develop and mentor IT Audit staff
Oversee Sarbanes-Oxley (SOX) testing
Coordinate SSAE18 IT control testing with PWC and internal team
Oversee the audit recommendation validation and testing process
Strativia, Inc. September 2016 – June 2017
Consultant – Information Technology Audit
Responsible for managing the consulting engagement with Naval Supply Operations (NAVSUP)
Manage a team of three auditors and technical staff
Liaison to senior management regarding ongoing technical review of financial statements including audit findings/recommendations, the audit validation process, and compliance with NIST standards and controls
Oversee the technical writing of control agreements, standard operating procedures, concept of operations – to align with NIST standards and controls
Hillside Lavender, LLC March 2016 – June 2017
Chief Operating Officer
Responsible for managing all operational aspects of the newly formed company.
Manage the creation of the operational business plan and execution.
Responsible for organizational budgeting and oversight of expenses.
Manage all resources required for the business.
Susquehanna Bancshares Inc. (BB&T Acquired 2015), Lititz, PA April 2006 – January 2016
Corporate Audit
IT Audit Director August 2014 – January 2016
IT Audit Senior Manager April 2013 – August 2014
IT Audit Manager January 2010 – April 2013
Oversee the information technology audit function and related aspects at Susquehanna Bancshares Inc.
Manage the risk assessment process related to information technology and operational business lines.
Manage the ongoing data analysis process using ACL, IBM Query, etc. specific to continuous auditing and monitoring efforts as well as to support the financial/operational auditors.
Audit Group liaison to senior and executive management, Federal Reserve Board examiners, external audit (PWC) and consultants.
Hire, evaluate, develop and mentor staff of six.
Member – Susquehanna Bancshares, Inc. – Technology Committee
oCommittee comprised of senior and executive management - convened to assess operational and information technology governance and oversight.
Member – Susquehanna Technology Engineering Practices (STEP) Council
oCommittee comprised of IT Leadership group responsible for the oversight and governance of technology systems implementations and solutions in support of business investment and advancement decisions.
Additional Committee Participation
oVulnerability and Threat Management
oServer Compliance
oInfrastructure Compliance
Internal Quality Assessment Review (QAR) – Team Lead
Manage Compliance Reviews in the following areas:
oSarbanes Oxley
oGramm-Leach-Bliley Act (Financial Privacy)
oPurchasing Card Industry – Data Security Standards
oCyber Risk and Security Management (NIST/FFIEC)
IT Audit Supervisor March 2007- January 2010
Transmission Control Protocol/Internet Protocol – Responsible for the development and oversight of this audit of SBI’s information control infrastructure environment (firewalls, routers and switches)
SQL Server and Oracle Database Security Audit – Responsible for research and evaluation of complex audit testing.
Continuous Audit/Assurance (including those audits performed traditionally on an annual basis) – Developed an ongoing audit approach relating to continuously evaluate the control environment over key business areas using ACL and manual processes. Methodology allowed for audit efficiencies and expansion of audit plan to include new and more technical audits.
Integrated Audits
Senior IT Audit Consultant April 2006-March 2007
Data Security – Firewall, Encryption, IDS, Anti-Virus, Remote Access, Security Monitoring, Active Directory, Network/iSeries Reporting, Incident Reporting, Policy Review, Data File Utility Reviews (DFU).
Information Systems Support – Application Development, Change Control, Logical Access, Application Maintenance, Version Control.
Computer Operations – iSeries, Batch processing, Change Promotion, SOD Conflicts
Network Services – Windows 2003 Network, External Connections, Firewall Changes, Redundant Backup
Audits performed using COBIT framework/guidance
Sarbanes Oxley – IT Coordinator
oDeveloped risk based testing procedures
oDocumented control environment – compliance
oPWC/External Audit Liaison
Dupont – Wilmington, DE September 2005-April 2006
Finance – Internal Audit
Senior Auditor – IT Applications
Systems Access Security
Backup and Recovery
Maintenance & Security
Systems Development/Implementation
Sarbanes Oxley Audits (SOX)
In-house ACL trainer for DuPont Internal Audit
PA Department of the Auditor General – Harrisburg, PA
Bureau of Technical Audit Services March 2004-September 2005
Information Technology Auditor
ACL - Providing technical support for financial auditors
SAP - HR Security Roles & Cost Allocation Process Audits
General Computer Controls Reviews
Training Specialist – In-house ACL trainer for the Department
Bureau of Federal Audits August 1999-March 2004
Compliance Auditor
Single Audit
GAAP Audit
Special Projects - Numerous
EDUCATION
Pennsylvania State University of Harrisburg, Middletown, PA July 1999
Bachelor of Science in Professional Accountancy
Dean’s List
CERTIFICATIONS & PROFESSIONAL AFFILIATIONS
Certified Information Systems Auditor (CISA)
Member of the Information Security Audit and Control Association (ISACA)
Member of the Institute of Internal Auditors (IIA)
Contact this candidate