Susan A. Johnson, C.A., CISSP
Susan has over 25 years experience in business and information technology, in a variety of industries
including banking, insurance, telecoms, IT (software, consulting services), public sector, and
transportation (airlines and railroads). She has worked with and provided consultation services to large
organizations in the UK, Canada, USA, Australia, Singapore and Hong Kong. She is comfortable at all
organizational levels. She has also travelled extensively, to over 50 countries.
Susan's primary consulting focus is on information privacy. She helps organizations to go beyond
regulatory compliance and use privacy management to attract and retain customers, reduce risks and cut
costs through progressive corporate policy, improved business practices and security of customer
Susan has made presentations and served as a subject matter expert on privacy to various groups, ranging
from the Vancouver Board of Trade and the Wired Woman Society of Vancouver to the Information
Systems Audit and Control Association and the Canadian Information Processing Society Security
Group. She chaired a panel on Privacy and E-Commerce at the Freedom of Information and Privacy
Association conference on private sector privacy legislation.
Security consulting expertise includes the identification, assessment and management of business risk.
Many organizations are extending previously internal processes to suppliers and customers via the Web,
in order to reduce cycle time and cut costs. A 'fortress' approach to security is not realistic. Security issues
must be addressed within an integrated risk management framework, which considers people, business
policies, processes and physical environment, as well as information technology. Susan also believes that
security is a continuing process, not a one-time effort, and must involve key stakeholders to ensure that
recommended controls are actually implemented and sustainable over time.
In depth experience in auditing, financial management, process redesign and organizational change,
combined with completion of an intensive UBC / Justice Institute of B.C. Certificate program in
Technology and Information Security, provide a solid foundation.
AREAS OF PROFESSIONAL EXPERTISE
• Privacy opportunity and risk assessment, including legislative compliance
• Security risk assessments, management and audit
• Security training and awareness sessions
• Financial management and controllership
• Project management and systems development, including business requirements, prototyping, data
process and object modelling and methodologies
• Workshop facilitation (IT strategy, planning, business solutions design)
• Business and IT strategic planning, including E-Business and CRM strategies
• Business process redesign/innovation, and managing the organizational change process
• Software package evaluation and implementation
Susan A. Johnson Page 2
SELECTED PROFESSIONAL EXPERIENCE
Information Security and Privacy
Conducted a privacy risk assessment for a financial services regulatory agency, to identify risk areas in
reading by the 1.5 million customers of the financial service providers in the province, and information
access procedures and forms to implement the policy.
Worked with senior management and the board of directors of a large non-profit arts organisation to
legislation, and present it to the Executive Committee of their board for review and approval. The policy
covered the collection of personal information from patrons, donors, sponsors and volunteers, and
addressed a number of issues around forms of consent, and potential impacts to their marketing and
Conducted a privacy risk assessment and strategic security analysis for a professional services firm in the
financial industry.The project included identifying threats and vulnerabilities, and recommending
appropriate and cost-effective controls to safeguard critical assets and protect client privacy. Subsequently
assisted with implementation of the recommendations, which addressed people, policy and business
process aspects, the physical environment and information technology.
Unlimited, an e-business site serving a niche market in the travel sector. As co-founder, responsibilities
include strategy, design and implementation planning, content development, monthly e-zine, web design
and usability, community building, marketing and online sales. The site is supported by a rapidly growing
(over 7 million hits and 139,000 user sessions per month) and incredibly loyal user group, and is a
respected provider of specialized content (currently over 10,000 pages) to a desirable demographic
travellers using electronic forms and web logging software.
Business and Information Technology Strategy and Enterprise Architecture
As a Consulting Executive for a major UK outsourcing and consulting firm, assumed the role of Head of
E-Business for a professional services joint venture in the banking industry. The mandate combined both
management and consulting roles, and included developing an E-Business strategy, defining an E-
Business consulting service offering and value proposition, and creating a professional team through
recruiting and retraining, while exceeding ambitious revenue targets. The subsequent mandate focused on
creating a new innovation service to nurture e-business ideas within the bank and its subsidiaries and joint
Coached and facilitated the development of a technology strategy for the corporate banking department of
a large UK bank. The assignment featured extensive use of structured workshops with senior business and
technology executives to determine future business requirements, establish guiding principles and the
technology architecture and define the strategic technology work programme. The programme included
Internet banking, e-Commerce, customer relationship management, and the replacement of legacy product
processing systems. Subsequently assisted with mobilization of the programme, including programme
management structure, resourcing and benefits management.
Participated in the development of a financial systems architecture for a major multinational high-tech
manufacturer in the telecommunications industry. The assignment was an adaptation of a strategic
information planning project. It included an assessment of the current financial and related systems in a
decentralized environment, design of a target architecture encompassing applications, data and
technology, and development of a migration strategy. Conducted a follow-on market survey to identify
Susan A. Johnson Page 3
financial and manufacturing software packages available on the corporation's preferred technology
platform (relational DBMS offering SQL access to the data).
As a Senior Consultant associated with Price Waterhouse Management Consultants in their Advanced
Technology special practice unit, conducted strategic planning assignments to provide advice to clients in
various industries on the application of information technology to business functions. Directed research
and developed executive-level seminars on emerging technologies such as smart cards.
As the Finance Division representative on a strategic information planning project for BC Rail, a $300
million transportation company, conducted management interviews, developed business function and data
models and the application architecture for the company.
Business Process Innovation and Organizational Change Management
Supported a large Australian telecommunications company in their redesign of workflow and processes in
the Customer Service and Payroll departments. Facilitated workshop sessions to refine the understanding
of business goals, critical success factors and priorities for redesign, and to set ambitious targets for
productivity improvements, laying the foundation for system architecture and for structured prototyping
of new systems
Facilitated and coached the downsizing and restructuring of the IT department for a major (50,000
employees) Australian bank with international operations. Re-engineered the department processes for
greater efficiency. Developed systems to enable monitoring of projects and effective resource utilization.
Designed and implemented new career and reward structures to encourage skills development and
Knowledge Management and Competence Development
Managed the DMR Group Education Services function in Melbourne, encompassing education of DMR
professional staff and clients. Responsibilities included marketing of education services, course
organization and scheduling, training trainers. Also provided coaching, facilitation and quality assurance
services to clients on systems development and implementation projects in the airline and insurance
Designed, developed and delivered professional development seminars for management consultants for
DMR Group in Australia. Topics included the consulting process, business development, interpersonal
skills, conflict resolution, presentation and report-writing skills, business ethics and quality management
Project Management and Systems Development, including methodologies
Project director and thought leader of the Accelerated Value Method (AVM) - the system development
methodology now used by the consulting division of Lotus (a subsidiary of IBM). This integrated
approach incorporates business process innovation, rapid application development / prototyping,
enterprise-wide deployment, organizational transformation and project management in order to deliver
business value rapidly using new technologies. The AVM team incorporated worldwide best practices in
these disciplines and produced checklists and questionnaires for use by consultants and clients.
Concurrently developed and taught a series of five two-day courses for Lotus Consulting, Lotus’ business
partners and clients in North America, Europe, Australia and Asia. The courses consisted of Process
Innovation, Collaborative Development, Enterprise Deployment, Transformation Management and
Managed the development of a customer relationship management system for the corporate banking
department of a UK bank, using rapid prototyping techniques to deliver a system ready for worldwide
implementation in less than six months. The work was done in Singapore for a worldwide user base of
corporate bankers, and training took place in the UK, Hong Kong and Singapore.
Susan A. Johnson Page 4
Conducted training in Productivity Plus (DMR's system delivery life cycle methodology) for both clients
and DMR staff in Australia, New Zealand and Asia. Courses taught included project management
techniques; definition of business requirements; data and process modeling and prototyping techniques;
and software package evaluation.
As Freight Revenue Project Manager for BC Rail, managed a multi-divisional project (Finance,
Marketing and Information Systems) to replace the freight invoicing and interline settlement systems in a
dual vendor mainframe hardware environment. Developed the logical database design for the system
using data modelling techniques. Subsequently used a prototyping approach to develop a working model
of the invoicing system, including inquiry capability and automated interfaces to other systems.
Package Evaluation & Implementation
As a consultant to the Ministry of Finance of the Province of British Columbia, planned the
implementation of Oracle financial systems (General Ledger, Accounts Payable, Purchasing, Asset
Management, and Projects) for several large and decentralized provincial government departments.
Working closely with the business representatives, developed strategies and detailed plans for redesign of
work processes, documentation, end-user training, and acceptance testing and communications activities
necessary to successfully implement Web-enabled processes using the Oracle financial systems.
Developed a generic implementation guide as a template for these and other provincial departments to be
used for planning their Oracle financials implementations in succeeding years.
Directed the development of internal DMR methodology for selection and implementation of application
software packages, including package evaluation guidelines, generic functional specifications for financial
and human resource applications and implementation planning aids. Conducted numerous package
evaluation and implementation projects for companies in various industries, including government
departments, telecoms, airlines and professional services. The approach made extensive use of workshops
and coaching of client personnel.
As Financial Projects Coordinator, managed the requirements definition and selection of software
packages for financial systems in an IBM mainframe environment for the British Columbia Government
Ministry of Lands, Parks and Housing. Subsequently, directed the implementation of Walker Interactive
General Ledger and Accounts Payable software in a complex, decentralised organization. Developed and
conducted management and user training in field offices and headquarters.
Financial and Security Management
As Manager of General Accounting for BC Rail (Canada’s third largest railway), managed a staff of 25,
responsible for payroll of 2,600 employees, accounts payable, billing and interline freight settlement
functions for a $300 million transportation company. Security management responsibilities included the
implementation of policy and procedures to establish and maintain effective security controls on complex
mainframe billing and freight settlement systems, and implementation of all external audit
recommendations. Established administrative security controls over critical assets, including separation of
duties, job rotation, backups, record retention and audit trails.
As Manager of Financial Operations, managed the Financial Services Branch of the Ministry Of Lands,
Parks And Housing, Province Of British Columbia (staff of 23), responsible for payroll of up to 2,000
full- and part-time employees, accounts payable and internal controls on assets and revenues. Security
management responsibilities included development and implementation of security policies, procedures
and administrative controls protecting key financial and payroll systems, and implementation of audit
recommendations. Supervised and trained accounting staff.
As Financial Controller for Shaw Festival Theatre, Niagara-on-the-Lake, Canada, managed the
accounting department, including the accounts payable and payroll functions for up to 200 employees.
Responsible for planning and budgeting, reporting, banking and cash management. Developed new
financial systems and computerized payroll in a complex and unionized environment.
Susan A. Johnson Page 5
Internal and External Audit
As Audit Supervisor in the Office of the Auditor General, British Columbia, Canada, participated in
comprehensive financial management audits of government departments and corporations. These audits
encompassed a review of the planning and budgeting processes, control of assets, revenues and
expenditures, management of the financial function and internal audit, and included reviews of the
security controls on critical assets, revenues and expenditures. Responsible for conducting interviews,
liaison with senior executives in the client organizations, writing and presenting audit reports.
As Audit Supervisor for Joscelyn, Laughlin, Harper, Tory, Chartered Accountants (now part of Ernst &
Young), planned and executed audits of organizations in a variety of industries over a 5-year period.
These audits included reviews of the security controls (administrative, operations and technical aspects) in
place to protect the confidentiality, integrity and availability of critical information systems and assets,
and recommendations for security improvements. Supervised articling students, and provided consulting
and tax planning services to small- and medium-sized clients in a variety of industries.
EDUCATION AND PROFESSIONAL DEVELOPMENT
• CISSP (Certified Information Systems Security Professional) designation from the International
Information Systems Security Certification Consortium (ISC)2, 2002
• Certificate Programme in Internet and Technology Security, (joint program of the Justice Institute
of BC / University of British Columbia), 2002
• Guest lecturer in E-Business at UBC Continuing Studies, 2002
• Chartered Accountant, 1977. Member of the Institute of Chartered Accountants of British
• BA (Major in Accounting & Finance), Brock University, Canada, 1974
Nationality and Canadian and Australian dual citizenship.
UK Ancestor work permit valid until Oct/06.
Qualified for USA TN-1 work permit under NAFTA regulations.
Marital Status: Married, no children. Prepared to relocate and to travel.
Languages: Written and spoken English and Spanish