Printable version


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Printable version

  1. 1. Susan A. Johnson, C.A., CISSP E-mail: PROFESSIONAL PROFILE: Susan has over 25 years experience in business and information technology, in a variety of industries including banking, insurance, telecoms, IT (software, consulting services), public sector, and transportation (airlines and railroads). She has worked with and provided consultation services to large organizations in the UK, Canada, USA, Australia, Singapore and Hong Kong. She is comfortable at all organizational levels. She has also travelled extensively, to over 50 countries. Susan's primary consulting focus is on information privacy. She helps organizations to go beyond regulatory compliance and use privacy management to attract and retain customers, reduce risks and cut costs through progressive corporate policy, improved business practices and security of customer information. Susan has made presentations and served as a subject matter expert on privacy to various groups, ranging from the Vancouver Board of Trade and the Wired Woman Society of Vancouver to the Information Systems Audit and Control Association and the Canadian Information Processing Society Security Group. She chaired a panel on Privacy and E-Commerce at the Freedom of Information and Privacy Association conference on private sector privacy legislation. Security consulting expertise includes the identification, assessment and management of business risk. Many organizations are extending previously internal processes to suppliers and customers via the Web, in order to reduce cycle time and cut costs. A 'fortress' approach to security is not realistic. Security issues must be addressed within an integrated risk management framework, which considers people, business policies, processes and physical environment, as well as information technology. Susan also believes that security is a continuing process, not a one-time effort, and must involve key stakeholders to ensure that recommended controls are actually implemented and sustainable over time. In depth experience in auditing, financial management, process redesign and organizational change, combined with completion of an intensive UBC / Justice Institute of B.C. Certificate program in Technology and Information Security, provide a solid foundation. AREAS OF PROFESSIONAL EXPERTISE • Privacy opportunity and risk assessment, including legislative compliance • Security risk assessments, management and audit • Security training and awareness sessions • Financial management and controllership • Project management and systems development, including business requirements, prototyping, data process and object modelling and methodologies • Workshop facilitation (IT strategy, planning, business solutions design) • Business and IT strategic planning, including E-Business and CRM strategies • Business process redesign/innovation, and managing the organizational change process • Software package evaluation and implementation
  2. 2. Susan A. Johnson Page 2 SELECTED PROFESSIONAL EXPERIENCE Information Security and Privacy Conducted a privacy risk assessment for a financial services regulatory agency, to identify risk areas in current privacy policy and practices. Subsequently drafted a 'plain English' privacy policy suitable for reading by the 1.5 million customers of the financial service providers in the province, and information access procedures and forms to implement the policy. Worked with senior management and the board of directors of a large non-profit arts organisation to review current privacy practices, draft a privacy policy in compliance with PIPEDA, Canada’s privacy legislation, and present it to the Executive Committee of their board for review and approval. The policy covered the collection of personal information from patrons, donors, sponsors and volunteers, and addressed a number of issues around forms of consent, and potential impacts to their marketing and fundraising practices. Conducted a privacy risk assessment and strategic security analysis for a professional services firm in the financial industry.The project included identifying threats and vulnerabilities, and recommending appropriate and cost-effective controls to safeguard critical assets and protect client privacy. Subsequently assisted with implementation of the recommendations, which addressed people, policy and business process aspects, the physical environment and information technology. As the Privacy Officer, developed a privacy policy, procedures, and supporting systems for Horizons Unlimited, an e-business site serving a niche market in the travel sector. As co-founder, responsibilities include strategy, design and implementation planning, content development, monthly e-zine, web design and usability, community building, marketing and online sales. The site is supported by a rapidly growing (over 7 million hits and 139,000 user sessions per month) and incredibly loyal user group, and is a respected provider of specialized content (currently over 10,000 pages) to a desirable demographic segment. The privacy policy covers an active bulletin board, and information content provided by travellers using electronic forms and web logging software. Business and Information Technology Strategy and Enterprise Architecture As a Consulting Executive for a major UK outsourcing and consulting firm, assumed the role of Head of E-Business for a professional services joint venture in the banking industry. The mandate combined both management and consulting roles, and included developing an E-Business strategy, defining an E- Business consulting service offering and value proposition, and creating a professional team through recruiting and retraining, while exceeding ambitious revenue targets. The subsequent mandate focused on creating a new innovation service to nurture e-business ideas within the bank and its subsidiaries and joint venture partners. Coached and facilitated the development of a technology strategy for the corporate banking department of a large UK bank. The assignment featured extensive use of structured workshops with senior business and technology executives to determine future business requirements, establish guiding principles and the technology architecture and define the strategic technology work programme. The programme included Internet banking, e-Commerce, customer relationship management, and the replacement of legacy product processing systems. Subsequently assisted with mobilization of the programme, including programme management structure, resourcing and benefits management. Participated in the development of a financial systems architecture for a major multinational high-tech manufacturer in the telecommunications industry. The assignment was an adaptation of a strategic information planning project. It included an assessment of the current financial and related systems in a decentralized environment, design of a target architecture encompassing applications, data and technology, and development of a migration strategy. Conducted a follow-on market survey to identify
  3. 3. Susan A. Johnson Page 3 financial and manufacturing software packages available on the corporation's preferred technology platform (relational DBMS offering SQL access to the data). As a Senior Consultant associated with Price Waterhouse Management Consultants in their Advanced Technology special practice unit, conducted strategic planning assignments to provide advice to clients in various industries on the application of information technology to business functions. Directed research and developed executive-level seminars on emerging technologies such as smart cards. As the Finance Division representative on a strategic information planning project for BC Rail, a $300 million transportation company, conducted management interviews, developed business function and data models and the application architecture for the company. Business Process Innovation and Organizational Change Management Supported a large Australian telecommunications company in their redesign of workflow and processes in the Customer Service and Payroll departments. Facilitated workshop sessions to refine the understanding of business goals, critical success factors and priorities for redesign, and to set ambitious targets for productivity improvements, laying the foundation for system architecture and for structured prototyping of new systems Facilitated and coached the downsizing and restructuring of the IT department for a major (50,000 employees) Australian bank with international operations. Re-engineered the department processes for greater efficiency. Developed systems to enable monitoring of projects and effective resource utilization. Designed and implemented new career and reward structures to encourage skills development and flexibility. Knowledge Management and Competence Development Managed the DMR Group Education Services function in Melbourne, encompassing education of DMR professional staff and clients. Responsibilities included marketing of education services, course organization and scheduling, training trainers. Also provided coaching, facilitation and quality assurance services to clients on systems development and implementation projects in the airline and insurance industries. Designed, developed and delivered professional development seminars for management consultants for DMR Group in Australia. Topics included the consulting process, business development, interpersonal skills, conflict resolution, presentation and report-writing skills, business ethics and quality management in consulting. Project Management and Systems Development, including methodologies Project director and thought leader of the Accelerated Value Method (AVM) - the system development methodology now used by the consulting division of Lotus (a subsidiary of IBM). This integrated approach incorporates business process innovation, rapid application development / prototyping, enterprise-wide deployment, organizational transformation and project management in order to deliver business value rapidly using new technologies. The AVM team incorporated worldwide best practices in these disciplines and produced checklists and questionnaires for use by consultants and clients. Concurrently developed and taught a series of five two-day courses for Lotus Consulting, Lotus’ business partners and clients in North America, Europe, Australia and Asia. The courses consisted of Process Innovation, Collaborative Development, Enterprise Deployment, Transformation Management and Engagement Management. Managed the development of a customer relationship management system for the corporate banking department of a UK bank, using rapid prototyping techniques to deliver a system ready for worldwide implementation in less than six months. The work was done in Singapore for a worldwide user base of corporate bankers, and training took place in the UK, Hong Kong and Singapore.
  4. 4. Susan A. Johnson Page 4 Conducted training in Productivity Plus (DMR's system delivery life cycle methodology) for both clients and DMR staff in Australia, New Zealand and Asia. Courses taught included project management techniques; definition of business requirements; data and process modeling and prototyping techniques; and software package evaluation. As Freight Revenue Project Manager for BC Rail, managed a multi-divisional project (Finance, Marketing and Information Systems) to replace the freight invoicing and interline settlement systems in a dual vendor mainframe hardware environment. Developed the logical database design for the system using data modelling techniques. Subsequently used a prototyping approach to develop a working model of the invoicing system, including inquiry capability and automated interfaces to other systems. Package Evaluation & Implementation As a consultant to the Ministry of Finance of the Province of British Columbia, planned the implementation of Oracle financial systems (General Ledger, Accounts Payable, Purchasing, Asset Management, and Projects) for several large and decentralized provincial government departments. Working closely with the business representatives, developed strategies and detailed plans for redesign of work processes, documentation, end-user training, and acceptance testing and communications activities necessary to successfully implement Web-enabled processes using the Oracle financial systems. Developed a generic implementation guide as a template for these and other provincial departments to be used for planning their Oracle financials implementations in succeeding years. Directed the development of internal DMR methodology for selection and implementation of application software packages, including package evaluation guidelines, generic functional specifications for financial and human resource applications and implementation planning aids. Conducted numerous package evaluation and implementation projects for companies in various industries, including government departments, telecoms, airlines and professional services. The approach made extensive use of workshops and coaching of client personnel. As Financial Projects Coordinator, managed the requirements definition and selection of software packages for financial systems in an IBM mainframe environment for the British Columbia Government Ministry of Lands, Parks and Housing. Subsequently, directed the implementation of Walker Interactive General Ledger and Accounts Payable software in a complex, decentralised organization. Developed and conducted management and user training in field offices and headquarters. Financial and Security Management As Manager of General Accounting for BC Rail (Canada’s third largest railway), managed a staff of 25, responsible for payroll of 2,600 employees, accounts payable, billing and interline freight settlement functions for a $300 million transportation company. Security management responsibilities included the implementation of policy and procedures to establish and maintain effective security controls on complex mainframe billing and freight settlement systems, and implementation of all external audit recommendations. Established administrative security controls over critical assets, including separation of duties, job rotation, backups, record retention and audit trails. As Manager of Financial Operations, managed the Financial Services Branch of the Ministry Of Lands, Parks And Housing, Province Of British Columbia (staff of 23), responsible for payroll of up to 2,000 full- and part-time employees, accounts payable and internal controls on assets and revenues. Security management responsibilities included development and implementation of security policies, procedures and administrative controls protecting key financial and payroll systems, and implementation of audit recommendations. Supervised and trained accounting staff. As Financial Controller for Shaw Festival Theatre, Niagara-on-the-Lake, Canada, managed the accounting department, including the accounts payable and payroll functions for up to 200 employees. Responsible for planning and budgeting, reporting, banking and cash management. Developed new financial systems and computerized payroll in a complex and unionized environment.
  5. 5. Susan A. Johnson Page 5 Internal and External Audit As Audit Supervisor in the Office of the Auditor General, British Columbia, Canada, participated in comprehensive financial management audits of government departments and corporations. These audits encompassed a review of the planning and budgeting processes, control of assets, revenues and expenditures, management of the financial function and internal audit, and included reviews of the security controls on critical assets, revenues and expenditures. Responsible for conducting interviews, liaison with senior executives in the client organizations, writing and presenting audit reports. As Audit Supervisor for Joscelyn, Laughlin, Harper, Tory, Chartered Accountants (now part of Ernst & Young), planned and executed audits of organizations in a variety of industries over a 5-year period. These audits included reviews of the security controls (administrative, operations and technical aspects) in place to protect the confidentiality, integrity and availability of critical information systems and assets, and recommendations for security improvements. Supervised articling students, and provided consulting and tax planning services to small- and medium-sized clients in a variety of industries. EDUCATION AND PROFESSIONAL DEVELOPMENT • CISSP (Certified Information Systems Security Professional) designation from the International Information Systems Security Certification Consortium (ISC)2, 2002 • Certificate Programme in Internet and Technology Security, (joint program of the Justice Institute of BC / University of British Columbia), 2002 • Guest lecturer in E-Business at UBC Continuing Studies, 2002 • Chartered Accountant, 1977. Member of the Institute of Chartered Accountants of British Columbia, Canada. • BA (Major in Accounting & Finance), Brock University, Canada, 1974 OTHER Nationality and Canadian and Australian dual citizenship. Work Permits: UK Ancestor work permit valid until Oct/06. Qualified for USA TN-1 work permit under NAFTA regulations. Marital Status: Married, no children. Prepared to relocate and to travel. Languages: Written and spoken English and Spanish