Risk Management It Compliance
Resume:
Sheri Bertrand
Valley View, TX 940-***-**** ******@**********.*** linkedin.com/in/sheri-bertrand
IT Compliance and Security Manager
Sarbanes-Oxley IT Controls Internal or External Audits Business Continuity Management
Solutions-focused IT security and compliance manager strategist with comprehensive experience in information security oversight, risk management, third-party vendor risk management, and security control validations within advanced digital environments. Proven skills in evaluating current and future threat landscapes, implementing robust countermeasures, and providing a realistic overview of threats to strengthen the security posture of corporations. Proficient in implementing an insight-based reporting framework to increase the effectiveness of security and compliance initiatives.
Adept at building external networks with industry peers and ecosystem partners while remaining up to date with emerging trends and major security risks. Recognized for utilizing best architecture practices to incrementally modernize organization IT infrastructures and deliver flexible and cost-effective solutions to boost reliability. Engaging presenter and communicator, able to collaborate with key stakeholders on large compliance and security projects. Proficient in the development and continuous evaluation of short- and long-term strategic goals and success measures aligned with corporate mission. Advanced skills within testing, conducting walkthroughs, fieldwork, reporting, and then facilitating remediation requirements. An agile and proactive change agent excels at identifying areas of improvement and initiating positive changes to propel forward-moving efforts across multiple initiatives.
Core Competencies
Compliance Program Leadership
Cyber Risk Management
Controls Review & Improvement
Regulatory & IT Compliance
Technology Infrastructure Design
Team Training & Development
Third Party Risk Management
Data Analysis & Reporting
Audit Project Development
Professional Experience
July 2024 to Present • Consolidated Electrical Distributors Inc., Irvin, TX
IT Compliance Manager
Spearhead the development and implementation of IT policies, processes, standards, and guidelines to drive enterprise-wide compliance aligned with industry frameworks and organizational goals (NIST CSF, ISO 27001/27002, PCI DSS, NIST 800-171)
Lead preparation for each external audit by aligning the design, planning, testing, and reporting for each assessment.
Implemented PCI 4.01 Controls audit initiatives requirements, and completed the annual PCI DSS audit assessment successfully ahead of schedule and without deficiencies.
Implemented a thorough Third-Party Risk Assessment processes and reviewed all external relationships based on risk assessments.
October 2022 to July 2024 • Yesway Inc. Fort Worth, TX
IT Compliance Manager
Develop and maintain an IT compliance structure from scratch to meet PCI DSS 4.01 standards. Ensure seamless execution of external audits by leading the audit process, identifying requirements, communicating deliverables, collecting data, tracking progress, and delivering accurate reports. Introduce IT SOPs to comply with the IT controls framework and SDLC guidelines. Deliver timely responses to IT-related audits and privacy-related inspections, including PCI 4.01, AICPA, PII, and Financial SOX external audit engagements.
IT Compliance and Security controls based on NIST 800-53, ISO 27001, AICPA, SSAE 18, ITIL, FISMA, COBIT, SANS.
Ability to facilitate, organize, and manage multiple audits and work tasks while prioritizing them to meet all deadlines.
Implemented PCI 4.01 Controls and audit initiatives requirements.
Received positive feedback and was recognized by executive leadership for managing the seamless execution of external audits and mitigating evolving regulatory risks.
Led global information technology compliance programs in information security (PCI, ISO, PII, and AICPA) by working with multidisciplinary teams, including operations, legal, finance, Third Party Risks Management, and human resources.
2017 to 2022 • White Smiles of Denton • Denton, Texas
Senior Manager IT Compliance
Established an IT Compliance department and managed all audit activities for internal and external audits. Led each of the audits for SaaS with Amazon Web Services (AWS), IAAS, and PaaS as the organization was migrating away from an on-site data center. IT Compliance and Security controls based on NIST 800-53, COSO, ISO, ITIL, FISMA, COBIT, AICPA, SSAE 18, and TPRM.
2012 to 2016 • CoreLogic Inc., Westlake, Texas
Corporate Compliance Consultant
Planned and established an IT compliance department by leading 12 individuals and overseeing all areas of internal and external audits. Analyzed emerging risks, assessed remediation plans, and implemented corrective action plans to mitigate risks. Performed assessments to evaluate the unified control matrix, prioritization, and non-compliance risks.
Led the company through challenging legal situations with the Consumer Financial Protection Bureau (CFPB), with accusations of misleading consumers by overseeing responses and safeguarding crucial equipment.
Ensured SLA compliance with internal security and compliance requirements by nurturing productive relationships and audit services of external service providers.
Reviewed design and tested operating effectiveness of key controls to recommend enhancement opportunities in line with best practices and applicable frameworks, including NIST 800-53, COSO, ISO, ITIL, FISMA, COBIT, TPRM, and AICPA, SSAE 18.
Advised corporate business partners, leaders, and security departments to implement impactful controls, mitigate risk, incorporate regulatory changes, and provide compliance assurance.
2001 to 2011 • Lockheed Martin Corporation • Bethesda, MD
IT Auditor Senior Staff
Evaluated risks and conducted corporate-wide audits, including network perimeter, financial data warehouse, and entity-level IT Control audits. Maintained documentation of key control weaknesses in Sarbanes-Oxley financial reviews (SOX) and compliance testing. Identified obsolete process controls and implemented corporate policy statements to highlight industry best practices.
Planned and organized audit status meetings to communicate findings, issues, and new areas for improvement to client management, internal executive leadership, and corporate internal audit leadership.
Improved the reputation of the company and built world-class compliance infrastructure by delivering leadership to direct reports on managing external audits and improving enterprise risk management procedures.
Education
Master of Science in Information Engineering and Management(CGPA:3.8)
Southern Methodist University
Bachelor of Business Administration in Management (Magna Cum Laude, CGPA 3.85)
American Intercontinental University
Associate of Business Administration (Magna Cum Laude, CGPA 3.9)
American Intercontinental University
Certifications
ISACA CRISC ISACA CISM LM21 Green Belt- Six Sigma Lean Methodology
ITIL Foundation Security+ MCP#3177596 MCSA MCSE CNA 5.1
Contact this candidate