I am a professional with over 13 years of experience, currently living in Southwest Virginia. I have excellent analytical, organizational, and leadership skills. I have the ability to work in teams and individually with little to no supervision. Excel in working with individuals with varying technical backgrounds and have the ability to communicate technical issues in a non-technical manner.
Virginia Tech – Audit Manager (October 2014 – Present)
- As part of the University Internal Audit leadership team, provide direction and day-to-day oversight to ensure completion of the annual audit plan.
- Directly responsible for supervising the University Audit Team, consisting of five full-time staff members and two part-time student employees.
- Provide direction during the planning, fieldwork and reporting phases of all risk-based audits, compliance reviews, and a portion of the projects designated as advisory projects.
- Act as the primary reviewer on an average of 25 audit projects annually.
- Oversee the follow-up process for the department to ensure that management has completed their management action plans as prescribed within each audit report.
- Lead the process to develop the schedule and assignments for the annual audit plan.
- Report the results of the department’s issued audit reports to the Finance and Audit Committee of the Board of Visitors on a quarterly basis.
Radford University – Information Security Officer & Identity Management (August 2011 – Present)
- Manage the day-to-day operations of the IT Security Office including the tracking and completion of short and long term projects, strategic planning, and managing of the departmental budget.
- Supervise the IT security team to assure timely completion of day-to-day task assignments, short and long term projects, as well as the completion of performance evaluations, monitoring time and attendance, and the development of employee training programs.
- Operate and maintain the IT security systems of the University, such as intrusion prevention systems, firewalls, and vulnerability scanners.
- Perform control reviews to evaluate the performance of the University’s security program and make necessary adjustments in order to comply with policies, laws, and federal and state regulations.
- Conduct assessments of operational processes and controls from departments across the University, and produce reports and recommendations to ensure compliance with policies, laws, and regulations.
- Develop and maintain the University’s security policies, standards, Business Impact Analysis, Information Security Plans, Risk Assessments, and Disaster Recovery Plans for the University’s sensitive IT systems.
- Serve as a liaison to internal and external auditors, the State of Virginia’s Information Security Officer, and the University’s upper level management for issues related to information security.
- Provide training to key University stakeholders such as System Owners, Data Owners, and System Administrators.
- Keep the campus community informed of security issues through training, awareness campaigns, and notices.
- Managed the planning process, request for proposal process, vendor selection, and now the project implementation phase for the University’s identity management project. This project has utilized agile project management concepts during its implementation.
- Completed comprehensive business process reviews to validate how identity data is collected, maintained, and stored. These reviews included working with departments across the University to gather data, review results, and update business processes where necessary.
- Provide excellent end user support to the campus community to resolve issues related to account and system access.
Deloitte & Touche – Senior Consultant (March 2010 – August 2011)
- Supported the Information Assurance Division (IA) at Acquisition, Logistics, and Technology Enterprise Systems and Services (ALTESS) who hosts information systems supporting millions of users across the U.S. Army and Department of Defense (DOD).
- Was responsible for directly supporting fifteen Army and DOD customers during the development, certification and accreditation, and the sustainment of their systems hosted at the facility.
- Created policies and standard operating procedures based on applicable regulations, and best business practices for ALTESS and for the customers that the organization supports.
- Monitored and reviewed information technology (IT) security controls in order to validate compliance with DOD, federal, and Army regulations.
- Created and maintained several Microsoft Access databases which assisted IA with data collection, creating reports, and tracking customer information.
Radford University – Information Technology Auditor (March 2007 – March 2010)
- Instrumental in the development of the initial IT audit function for the University.
- Completed an analysis, which identified the University’s IT universe, and based on the analysis, assisted in the development of a three-year IT audit plan as required by State regulations.
- Created comprehensive audit programs to monitor compliance with state laws, regulations, and standards such as Virginia Information Technology Agency (VITA) SEC 501-01, ISO 27002, and the PCI Data Security Standard.
- Conducted multiple audits on systems such the University’s card system (RU Express), the University’s police case tracking system, and IT Infrastructure including Windows and UNIX servers, switches, routers, DNS, DHCP, Active Directory, Anti-Virus, Voice over IP telephone system, and the University’s Network Access Control system. Each audit was completed following the Institute of Internal Auditor (IIA) standards.
- Created a comprehensive set of work papers for each audit and special project including planning documentation, working papers, final reports, and follow up analysis.
- Completed special projects to investigate University compliance with regulations such as the Payment Card Industry (PCI) Data Security Standard, Red Flag Rules, HIPAA, I-9 compliance, inventory controls, money handling and disbursement controls, and the Gramm-Leach-Bliley Act.
- Completed follow up analysis to determine if previous audit issues have been resolved.
- Advised the Division of IT on security and compliance issues facing the University such as regulatory compliance, data security, data classification, disaster recovery planning, and incident response.
- Served on the Steering Committee to oversee the implementation of the University’s new Banner administrative system.
- Elected as chair for the Information Technology Advisory Committee, which recommended the approval of IT related policies, planned action, and strategy based on the University’s mission.
BearingPoint – Senior Consultant (July 2005 – March 2007)
- Led the Department of Justice’s (DOJ) IT Audit Oversight Program, where I directly managed four team members, kept the program on task and on schedule, and completed project management tasks such as budgeting, invoicing, and daily interactions with the client’s management.
- Conducted audit oversight for the IT portion of the DOJ’s financial statement audit.
- Developed and monitored corrective action plans for each of the ten major agencies of the DOJ.
- Assisted with the remediation of IT related weakness from the financial statement audit and internal reviews.
- Provided guidance to the DOJ on maintaining compliance with federal laws and audit regulations such as FISMA, NIST 800-53, FISCAM, and others.
- Supported the design, development, and testing of a Customer Relationship Management (CRM) application for a federal agency, which included designing and developing application changes based on system requirements received from the client.
KPMG LLP – Associate (July 2001 – August 2003)
- Evaluated and tested general and application security controls in various IT environments throughout several departments within the Federal Government.
- Reviewed processes related to access control, change management, system software, security planning, segregation of duties, and business continuity management.
- Created a comprehensive set of work papers for each audit including planning documentation, working papers, final reports, and follow up analysis.
- Assigned as the site lead for four locations during the IT audit of the Department of Energy, which included keeping the team members on task, on schedule, reviewing and providing comments of their work papers and reports, and acting as the point of contact for the client, and the manager of the project.
- Assisted in the development of several engagement proposals with the objective to earn revenue numbering in the millions of dollars, as well as creating relationships with existing and new clientele.
- Completed engagements individually and within a group setting.