Risk Management It
Resume:
KIP SHOEMAKER
Pottstown, PA ***** 610-***-**** *************@*****.*** WWW: Bold Profile
Professional Summary
Dynamic IT Risk Officer with extensive experience at JPMorgan Chase, excelling in risk management and compliance. Spearheaded the implementation of a global control framework, achieving a 50% reduction in testing efforts. Adept at vendor management and problem-solving, I drive strategic initiatives that enhance organizational security and governance.
Key Skills
ISO, Nist, PCI and cloud standards
Program Management
Global compliance/Regulatory
Risk Management
Vendor Management
Data privacy
Audit
Governance and oversight
Control testing
IT governance
Cloud security
Monitoring and oversight
Project Management
Contract Management
Artificial Intelligence
GRC tools (Archer, one trust)
Professional Experience
Senior IT Risk Officer 02/2016 to Current
DLL Wayne, Pa
Lead organization's global efforts to monitor, third party oversight, technology risk management, compliance, regulatory, governance, control measurement.
Provided guidance on management of the risk portfolio.
Advised senior management at all levels of technical risks and emerging threats.
Assisted senior management to create and implement the organization's cyber security program and multiple initiative.
Answered all technical questions asked of the organization by outside parties.
Collaborated with team to enhance the risk portfolio (privacy, compliance, risk, and regulatory).
Coordinated response and incident management protocols testing.
Facilitated all assessments of technology (external, internal, regulatory and compliance)
Played a.key role in the creation of organization's 1st and 2nd line of defense of risk.
Designed and implemented an IT GRC solution and reporting.(archer)
Monitored and reported the progress of numerous security initiatives to senior management.
Implemented risk management strategies and frameworks.
Collaborated with various teams to interpret relevant compliance and regulatory requirements.
Matured a program to continuously monitor which reported on several hundred aspects through central processes and automation. Reducing the organization's effort by thousands of hours a year and allowing for cross utilization of results.
Implemented a risk management process that allowed for remediation time to be reduced 50% in two years, allowing resources focus and prioritizing more efficiently.
Acted in the capacity of CISO as needed, helping to develop strategic direction of the organization
Onboarded and mentored numerous members into the organization.
IT Risk Officer 04/2015 to 02/2016
DLL
Drove the organization's design and implementation of a global control framework, IT Risk, and Information Security efforts.
Developed a continuous monitoring program aligned numerous standards (ISO2700, COBIT, NIST) with the organization's requirements.
Led all aspects of information security assessments and standards for organization.
Identified, created interpretations, strategies and advice on diverse topics to senior management.
Reduced internal/external efforts related to controls testing by approximately 50%.
Increased awareness of senior management of efforts like cyber security, privacy, compliance, and regulatory lead to the reduction of findings by sixty%.
The monitoring program was cited by internal auditors as best practice.
Vice President – Technology Regulatory Interface 01/2012 to 02/2015
JPMorgan Chase New York, New York
Global liaison between the organization and all technical inquiries, advising as subject matter expert in areas of breach, regulatory, SOX and compliance.
Coordinated all responses and communications to third party's inquiries.
Oversaw the performance and support of all corporate SOX program.
Reviewed all documentation for accuracy and completeness before submission.
No significant SOX findings reported (thousands of hours of testing coordinated).
Ten examinations were conducted with no matters requiring attention issued to technology.
Vice President – IT Technology Auditor – Team Lead 01/2012 to 02/2015
JPMorgan Chase New York, New York
Lead and ensure the quality of all technical audits done within two multi-billion dollar business units.
Leveraged personal knowledge of the organization to develop audit plan and rationale.
Communicated with all levels of senior executives to ensure accurate and value of deliverables.
Represented Internal Audit in various steering committees and initiatives.
Advised Internal Audit organization on Sox, PCI, risk, privacy, and compliance.
Oversaw four full time IT auditors who conducted twenty internal audits in a timely manner and producing value to the auditee and organization through accurate and insightful findings.
Vice President – Information Risk Leader 01/2012 to 02/2015
JPMorgan Chase New York, New York
Developed and monitored the performance of all aspects of technology risk management for several multi-billion dollar business units.
Key collaborator in financial, operational, governance, and Information Risk committees.
Led JPMorgan Chase's PCI program office and merchant assessments.
Oversaw the performance of the business unit's control self-assessment program.
Coordinated and supervised the execution of multiple SSAE16 and other outside assessments.
Led the performance of multiple security, projects, privacy, and operational risk assessments.
Coordinated all aspects of the Internal Audit technical findings.
Functioned as a single point of contact for all inquiries about IT Risk for these business units reduced efforts by 100s of hours.
Created heightened awareness of the risk portfolio therefore increasing risk mitigation speed increased 10% and reduction of overdue findings by 20%.
Internal Assessments were leveraged for multiple purposes and net realization of mitigation was increased an estimated 15%.
Education
Bachelor of Science: Business Administration Concentration in MIS, Accounting and Economics
Drexel University Philadelphia
Certifications
CISM, Certified Information Security Manager, 02/01/05
CISSP, Certified Information Systems Security Professional, 01/01/07
CRISC, Certified Risk & IS Controls, 01/01/07
CCSP, Certified Cloud Security Professional, 01/01/17
CISA, Certified Information System Auditor, 01/01/97 - 12/31/16
CIPP, Certified Information Privacy Professional, 01/01/14 - 12/31/16
#HRJ#fb5badc9-a09c-403c-b0a4-0db6ae65519a#
Contact this candidate