Risk Management Regulatory Compliance
Resume:
Highlights
Experience in IT security, risk, controls, audit, operations, and/or regulatory compliance.
I have extensive experience implementing NIST security and privacy standards, internal/external audit on 50+ projects, operations management in my current role and numerous industries for regulatory compliance; I am also a thought leader and US Patent holder of compliance algorithms for audit and software calculus.
Experience with SOX testing
18 SOX projects implemented with Ernst & Young as a problem solver for the President of the Americas Group; rebuilt companies from the ground up with policies, procedures, processes and controls.
Experience of standards and frameworks — for example, NIST Cybersecurity Framework, International Standards Organization (ISO) 27001, IT Infrastructure Library and ISO 20000, Capability Maturity Model Integration and Six Sigma
I have designed compliance programs and prepared companies for the audits of NIST Cybersecurity, ISO 27001, Organizational and Capability Maturity Models. I have used Six Sigma on one financial project.
Experience of common risk management methodologies — for example, Control Objectives for Information and Related Technology and Committee of Sponsoring Organizations Enterprise Risk Management.
With EY, I have implemented RAC-Ms (Risk and Control Matrices, pronounced “Rackems” on numerous projects). These are COSO based in the way of methodologies and demonstrate control effectiveness from which an external auditor can opine upon adequacy, deficiencies, significant deficiencies or material weaknesses. The goal is always to have no more than 2 significant deficiencies and no material weaknesses.
Experience developing and maintaining risk and control programs in complex IT environments.
Just completed the design and implementation of a risk-based program with complete flowcharts indicating the interaction of operations for a 50B global enterprise. Controls and narratives complimented the process flows which illustrated the controls. Internal testing justified automated and preventive control effectiveness.
PROFESSIONAL SUMMARY
Accomplished Executive Level Manager, Project Manager and Software Governance Architect with over twenty years intensive, extensive experience in Software Development and IT Consulting, including internal controls projects with Big Four Accounting Firms.
Extensive Infrastructural Technology expertise including SAP, Energy Trading Risk Management, Oracle (Financials), PeopleSoft, HRMS, ColorCodeIT Compliance Suite, and various custom ERP implementations, interfaces, and upgrades.
SKILL SET
Excellent Oral, Interpersonal, Engagement, and Negotiation
Software Management: Agile, Waterfall, & Cloud Architecture Microsoft Office, Business Analyst
Extensive Utility Industry Experience
Project Management / Lead
Staff leadership of 25+ Team Members
Management Style is “Lead by Example”
Impeccable record of successful delivery
Microsoft Project
MS Excel Mastery Level
Power Point / Presi Delivery Strategic & Budget Presentations
Mastery of ISO 2700x, PCI DSS & SOC2 Frameworks
Legal Expertise:
Legal IT Solutions supporting method and application processes such as:
Privacy Governance management
Merger and Acquisition (M&A) Project Planning
TISAX, ISO27001, NIST, SOC1 & SOC2, PCI, ITIL
SOX, FERC/NERC PCI, OSHA, Coast Guard, Gas, and all CFR Corporate Compliance
Ethics, and Risk Intellectual Properties
Forensics & Electronic Discovery
Litigation
MS Document Management Systems
SQL Database query driven document retrieval system
JavaScript / MongoDB custom implementations
SAP (FI, CO, SC, MM, SD, PM, ESH)
Software Architect
Interfacing Strategies ICW:
Crystal Reports
Impromptu
MS Visio
Microsoft Project
Ernst & Young RACM System, Mercury Scripts
Deloitte & Touche CRAT System
Price Waterhouse Coopers RCM Methodology
Access Basic
PowerBuilder
CERTIFICATION
CISA, CISM (Pending Certification Examinations December 2025)
ProSci Management Certification
HIPAA – Meaningful Use Certified Provider MUCP
ARMP – Automated Risk Management Professional (DL2C Certified)
ColorCodeIT Mastery Certification
USPTO – Patent Holder in Cyber Intelligence Algorithms
State of Texas Public Officer – Signing Agent Notary
World Youth Foundation – Innovation Officer
PROFESSIONAL EXPERIENCE
NRG (Energy Trading) August 2024 – March 2025
AI Governance Program Lead
Design and execute a world-class AI Governance Program based on NIST AI RMF 1.0
Train and manage team of 4 governance professionals
Manage the intake of all AI trustworthy solutions for integration into the business and IT systems
Perform Risk Assessments, NIST governance audits and performance monitoring for the C-Suite
ABM (Facilities Management) November 2023 – August 2024
GRC Compliance Program Director
Design an integrated RACM (Risk and Control Matrix) for all enterprise-wide compliance requirements
Liaise with KPMG Auditors to report maturity advancements for SOX, NIST CSF, PCI, HIPAA & others
Manage the ABM Resiliency Program to develop backup procedures in case of loss or disaster
Train process owners in the practice of mature risk management and auditability of process controls
Applied Materials (Semiconductor) February 2022 – November 2023
Global Privacy and Data Governance Program Director
Designed Global Compliance Program and crosswalk standards for Privacy & Data Governance
Managed the applicable internal controls design and implementation for
NIST PF27701:2019, GDPR, China DPA, & globally cross walked compliance laws
Managed the maturity development of the Privacy team via NIST Privacy Framework
Managed a team of 8 international attorneys for this program under the CPO
Program Managed a OneTrust global rollout with 4 modules
Coordinated Sievo-based structured data revamp for use with SAP and other systems
Created VP & C-Level reporting dashboard system for insights and decision-making
Redesigned and implemented the program overseeing IAM processes and controls
CDK (Contract - Automotive) June 2021 – November 2021
Senior Program / Project Manager – Technical Compliance (Infrastructure)
Designed Global Compliance Program and crosswalk standards for Privacy Governance
Managed the applicable internal controls design and implementation for TISAX, SOC 1 & 2, ISO27001, PCI, ITIL, and SOX compliance for Identity & Access Mgmt. (Infrastructure Ops)
Interfaced between IOPS, GSO, Internal Audit and various control/process owners to build sustainable internal control workflows, matrices and a compliance crosswalk
Managed the CDK Lockdown Program to improve security for critical systems
Coordinate d& automated the routine evidence gathering process for audits/assessments
Assisted with long-term automation efforts to progress IT organizational/control maturity levels
Interfaced with Big4 auditors to use the corporate budget and SME cycles efficiently
Managed AWS Cloud Infrastructure compliance with CIS Control Framework
Managed the Security Lockdown Program ICW the PMO for 19+ projects
Direct Line to Compliance (DL2C) January 2009 – June 2021
Program / Project Manager NERC, HIPAA, SOX, NIST, CFR, & Privacy Governance
Coordinate the globalization structure for SOC 1 & 2, ISO27001, PCI, ITIL, and SOX compliance
Managed 21+ projects for this successful consulting firm for 11 years, additional examples available upon request:
City of Denton – Managed the strategic reorganization of all software and hardware operational systems that drove Critical Infrastructure Protection NERC (CIP) business objectives.
Prepared for and supported a system-wide external audit May 2019-Nov 2019
Houston Health Department – Performed gap analysis of HIPAA privacy and disclosure rules for Healthcare Compliance & Privacy and delivered a comprehensive assessment in conjunction with Bridgepoint Consulting Group. (Nov 2019)
Texas Department of Transportation (TXDoT) – Implemented a comprehensive compliance program for NIST-TX CSF compliance, mapping to several other frameworks and automating the evidence delivery system for this large state public agency with a $1.3 Trillion dollar budget.
Quanta Services (Creative Financial Staffing) - Developed and implemented application and cloud technology/solutions.
Designed and implemented the entire Azure cloud infrastructure consistent with business objectives for security and privacy as per the OWASP framework.
Fieldstone Mortgage Company (Real Estate) August 2006 – January 2009
Senior Project Manager
Corporate IT Restructuring Project
Analyzed and managed configuration of all custom applications and Infrastructural IT Processes for proper governance and risk mitigation
Designed, Coordinated, and Implemented initial structure for all future SOX Compliance Audits
Documented Legal and Business Processes from an “As-Is” perspective
Managed the full cycle of internal controls development and implementation prior to the SOX audit. Consulted with SMEs to facilitate the collection of information and lead the effort
Designed and implemented the new SDLC and program development controls during implementation of the custom ERP.
Ernst and Young - Volt Services, Orange, CA April 2006 – August 2006
Project Lead
PeopleSoft Upgrade – Change Management
Performed compliance documentation for data Import and Export
Managed Change across the HR and Financial Modules
Conduct Sarbanes-Oxley IT Compliance Audit
Plan and coordinate IT activities with the Merger Team
Introduced automated processes to resources all related infrastructure, presenting change as a positive element
Performed Ombudsman role for Dept. Manager’s needs to C-Level Management
Created more scalable and efficient maintenance documents and established ongoing risk analysis which was applauded by the Ernst & Young auditors
Managed PeopleSoft 7.5 to 8.4 upgrade from risk re-analysis through testing which resulted in certification from Ernst & Young external auditors.
Ernst and Young - Vanguard, Tulsa, OK November 2005 – March 2006
IT Project Manager
Business Transformation
Conduct Sarbanes-Oxley IT Compliance Audit
Transitioned this client from private to Enterprise-Class Operation
Synergized with a five-member management team and an IT Outsourced Company for Change Management during an IPO
Provided a low-stress program to usher the management team into new responsibilities within the IT Organization
Redesigned IT Organization for control effectiveness, enhanced SAS 70 contents for future reviews, provided design for efficient quarterly reviews and risk assessment.
Ernst and Young - MI-Swaco, Houston, TX July 2005 – November 2005
IT Project Manager
Managed 5 client and E&Y resources to execute Oracle Financials upgrade for second year SOX audit.
Conducted GAAP analysis and documentation with external auditors. Reconstructed all SOX deliverables from Risk Assessment to Testing for a successful compliance project.
The Controller Group – Hastings Ent., Amarillo, TX April 2005 – July 2005
IT Project Manager
Business Transformation
Performed comprehensive assessment of operating effectiveness
Designed a Change Rollout Program sponsored by 5 Change Agents
Conducted weekly public sessions to adjust the program to accomplishable goals
Managed staff of 10 IT Compliance Auditors in the presentation of all IT Deliverables for this middle market company.
Prepared Project Charter/Scope and Designed customized COBIT methodology to achieve certification in record time (half the time allowed by external auditor).
Redesigned Security Administration protocols in remediation for SAP FI-CO and ancillary applications and developed COSO inspired process maps, narratives, control matrices, test plans, and reports to assure SOX compliance.
Ernst and Young - Digital Recorders Inc., Houston, TX April 2005 – September 2005
IT Manager
Scope SOX Process and IT Compliance Audit Project with project plan and deliverables.
Developed IT Policy and established security and general controls to facilitate SOX certification.
Ernst and Young - Yellow-Roadway Corporation, Houston, TX November 2004 – March 2005
Project Lead
Managed Issues Database for the team.
Reworked all COSO / COBIT-based deliverables which were currently inadequate for external audit firm.
Performed 2004 & 2005 compliance and remediation testing, December 2004 BACKTESTING, successfully achieving SOX compliance for this large trucking and Freight Corporation.
Service Corporation International, Houston, TX (JW) July 2004 – November 2004
Senior IT / Finance Controls Auditor Lead
Managed project plan for the back-end section of the project.
Baselined databases and servers in preparation for audit and testing by Big 4 external auditors while guiding client towards successful 404 compliance.
Ernst and Young - Duke Energy, Houston, TX May 2004 – July 2004
Senior IT / Finance Controls Auditor
Performed Energy Trading IT Compliance Documentation
Audited software and hardware and related activities tied to financials.
Identified gaps in primary and backup controls to harden applications, databases, and processes.
Guided process owners through documentation of SBO Narratives and Controls.
DACG – Hewlett Packard Project, Houston, TX February 2003 – December 2003
Project Manager / SAP FI/CO/SD/MM Finance & IT Consultant
Managed the full life cycle of this SAP implementation
Functioned as Information Liaison with the business and IT Technicians to achieve SOX compliance under the COBIT Framework
Evaluated SAP Finance Modules (FI/CO), Supply Chain Modules (SC), Sales and Distribution (SD), Order to Cash, and Procure to Pay
Developed and implemented SOX Financial Reporting Policy and training courses for migration to SAP 4.6 for Hewlett Packard.
Delivered financial training in the U.K., Sydney, Hong Kong, Amsterdam, and Tokyo.
Assured policies were in place and SAP financial and systems flows were in place to maximize efficiency for entering internal audit firms.
Voyager Leasing, Houston, TX December 2001 – February 2003
Project Manager
Oversaw the operations of IT programming and support in VB, Brio SQR / SQL, Oracle database and UNIX environments and custom design of enterprise software.
Consult with executive staff to steer Web and IT deployment on an ongoing basis.
ExxonMobil, Houston, TX December 2000 – December 2001
Programmer / Analyst
Developed original SQR code in Brio 8.0 with Oracle database.
Tuned SQL statements and formatted very complex reports for this Oil and Gas Company.
Shell Oil Company, Houston, TX January 2000 - December 2000
Legal Software Analyst
Interfaced with SAP users and Shell Legal Executives for support and training.
Performed light maintenance of MS SQL Server database.
Managed conversion of MS Access data to SQL Server database. Performed ongoing enhancements to Access Basic.
Norrell Information Services – SCI, Houston, TX December 1998 – January 2000
Programmer / Analyst
Utilized advanced interpersonal skills to analyze needs of the client. Tuned SQL code for maximum efficiency.
Programmed extensive Tax Reports in Brio SQR, using SQL. Maintained Sybase SQL Server database integrity along with DBA’s.
Managed PowerBuilder Version Control System.
Conducted conversion testing with incremental go-live rollout. Created financial reports with Impromptu reporting software.
DACG – BFI, Exxon, Compaq, Houston, TX October 1997 – December 1998
Analyst / Consultant
Conducted training, authored extended help menus, converted documentation with TRANSIT software.
Edited raw HTML on intranet browser, conducted analysis.
Developed training curriculum and teaching aids for SAP (MM, SD, PM, ESH, FI).
Assisted field managers in setting up workflow for ESH module for OSHA compliance regs at BFI.
Conducted extensive training of FI, PM, MM, & SD modules at Compaq.
Salt of the Earth Broadcasting, Houston, TX January 1995 – October 1997
General Sales / Operations Manager
Managed sales staff of 10 people.
Managed inventory and production values.
Serviced major clients for annual contracts. Brought this group of AM radio stations into a significant rating share and tripled sales in 6 months.
EDUCATION
Bachelor of Arts Degree (Magna Cum Laude) 1991
Major: Telecommunications Minor: Journalism Texas Southern University, Houston, Texas
Contact this candidate