This document provides a summary of Dennis L. Batdorf's professional experience and qualifications. He has over 20 years of experience managing projects and audits related to governance, risk management, and compliance frameworks. His experience spans multiple industries and includes roles such as Project Manager, Senior Regulatory Compliance Specialist, and Audit Manager. He has expertise in areas such as SOX, PCI DSS, ISO, and information security auditing.

1. Dennis L. Batdorf
Woodridge, Illinois 60517
Cell (714) 865-4821
Email: dennisbatdorf@earthlink.net
Professional Profile
GRC is neither a project nor a technology, but a corporate objective for improving governance through more-effective compliance and a better
understanding of the impact of risk on business performance. Governance, Risk Management and Compliance have many valid definitions.
Extensive experience in the domains of Retail, Energy (Oil), Telecommunications, Call Centers, ISP, Financial (Banking, Mortgage, REIT, and Data
Center); Mergers/Acquisitions/Corporate Split, Medical, Manufacturing (Auto, Aircraft), Software, and Point Of Sale (POS). Direct Management of
Engagements, IT/Business Projects, and teams with Big 4 on Internal/External Audit Implementation/Remediation/Testing, team members consisting of
CISSP, CIA, MBA, CPA, Testers, Tech Writers, client Department Management, and Executive Management, Vendor Management, and Offshore
personnel.
As a Project/Implementation Manager, and Senior Regulatory Business Compliance Specialist/Senior Functional Security Specialist I have interpreted
Global/Federal/State/Local regulations for corporations and completed Active Security Risk Assessments (Physical/Logical/Clandestine, Ethics, and Social
Engineering, Fraud Risk Assessment of Business/ IT/Operational Controls and employees), Implementations (SAP/Remedy/Peregrine/SOX), Audits and
Remediation in the Regulatory Compliance Frameworks of: GRC, SOX (Sarbanes-Oxley, SOX 404, Risk Assessment, Risk Control Matrix (RCM), Process
Risk Analysis (PRA) Test Matrix (TM), NIST, ITGC, Department of Justice, AML (Anti-Money Laundering), Home Affordable Modification Program
(HAMP), 2MP, TILA, RESPA, and the Dodd Frank Compliance, Equal Credit Opportunity Act, PCI DSS, HIPAA, CIPP, GLBA, SSAE16, SOC I, SOC II
(Vendor Management), SAS 70, ITIL V3, F.D.A. 21 CFR 11, F.A.A., FAR, F.A.A. ACSEP, D.O.D., D.O.E., ISO (9000, 17799, 2001, 20001, 20022,
27001), ATA, ASTM F-24, OSHA, Legal, Privacy, COSO, COBIT, National Futures Association, AORS, FDM, Software as a Service (SaaS) Hosted
solution, Infrastructure/Applications auditor, Root Cause Analysis, Corrective Action/Follow-Up and Failure Analysis, and implemented Change
Management systems, Development of plans and procedures for the Security Incident Response Reports, Implementation Project Manager for SAP,
Remedy, Change Management, and Self Audit Programs
I have been a Director of SOX, Program Project Manager SOX, PCI DSS, ISO, Senior GRC Regulatory Compliance and Functional Security Specialist, Full
Cycle Audit Manager IT/Financial/Operational/Testing, and Business Process Improvement/Business Analyst/Technical Writer/Facilitator with the Big 4
Responsible for managing complex projects and being accountable for the successful delivery of the overall project timeline, and project execution plans.
Interpret applicable Federal and State law compliance/regulation; maintain current and future identification of the risks and creating strategies to mitigate
them while communicating with leadership project status, risks and issues by ensuring stakeholder input regularly. Driving the final results from
interviewing, documenting, testing, preparation and presentation of final report of findings to client
Full Cycle Client Facing Senior Audit Manager supervised multiple audits to multiple frameworks/regulations/compliance/testing, which focus on the
assessment and/or evaluation of business processes and the mitigation of related risks, complete audit cycles and yearly attestation audits. Audits designed
for strengthening internal controls and in so doing, helping to improve business performance. In addition to audits that support Business, Financial, IT,
ITGC, and Business Operational audit objectives, audits also focus on effectiveness of line of business within SLAs’. Working with stakeholders in the
business operations to analyze, evaluate, and enhance the internal control process. Evaluate the identified deficiencies in the systems/applications, including
the root causes, security risks, magnitude/impact to the financial statements audit, uniqueness of deficiencies, and severity/materiality/relevance ranking, and
remediate the risks.
Give direction to audit team members for Business/IT/Financial in planning the audit and developing work programs, timelines, risk assessments, testing,
and other planning documents, directing daily progress of fieldwork, informing Management of audit status, and managing staff performance through
completion of the project. Work with business stakeholders to document the business processes, identify, and test controls. Use knowledge of the current
environment and industry trends to identify potential audit issues, and communicate this information to management through written correspondence and
verbal presentations.
An SME Writer/Documentation, Technical Publications Coordinator, that has developed and implemented Global Library, and Policies/Procedures
Business/IT/Financial/Operational/Organizational/Change Management/Disaster Recovery processes, business/operational process mapping,
compliance/regulation, policy/procedure/process/job instructions documentation, and Due Diligence to adapt to current and future business needs.
Professional Project and Functional Technical Skills
• Project Manager: Octave, Agile, Waterfall, SDLC
• Project Manager for implementations of SAP, Remedy, and Self Audit Program
• Senior Regulatory Compliance and Security Specialist IT/Business
• Director of SOX, Senior Engagement Manager, Program Project Manager SOX, PCI DSS, ISO
• Compliance/Regulation Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA) Test Matrix Regulation/Compliance/Rules
• Senior Audit Project Manager: oversee and support Project Teams, Business Units and IT/Financial/Operational process leaders to ensure
implementations/remediation
• Develop planning and defining security requirements and security awareness programs for: Information Security, IT Security, Enterprise Security,
Security Incident Reporting, IT Audit, ITGC, Segregation of Duties (SOD), and User Access (Roles, Rules, Groups)
• Evaluation of Internal Controls for Business and IT, ITGC, Identifying Controls, Analyzing Control Gaps, Evaluating the design and operating
effectiveness, Risk Assessment, and develop recommendations for entities under audit
• Identify and recommend potential improvements, with consideration to cost and benefit to the Business Unit
• Perform Business/IT operational and compliance reviews, and non-IT operational audits to determine compliance with policies, procedures,
and rules.
• Review audit reports and work papers to insure adequate documentation supports the audit findings
• SME/Documentation Regulation/Compliance/Rules with both Business and IT, Business Process Management, Finance Business Process
Mapping and Design, Due Diligence, Best Practice, GRC (Governance Risk and Compliance), Business Process Development/Business Process

2. Improvement, Disaster Recovery, Business Continuity, Organizational Change Management, Change Management, System Operations,
Transaction Processing, and Safety
PROFESSIONAL EXPERIENCE
Synchrony Financial Consumer financing, credit cards, royalty cards, and FDIC insured savings products (Consultant) Chicago, Illinois 2/2016 – 5/2016
PCI DSS V3.1 Readiness Program Project Manager, develop and document a corporate-wide PCI DSS Audit program in accordance with PCI Data
Security Standards (DSS) requirements, including an alignment to the company's strategic goals and Business/IT functions after the initial corporate entity
split. Assist in managing IT risks, advising IT business partners in risk assessment and remediation activities. Ensure that the appropriate PCI controls and
oversights are implemented. Facilitate an annual PCI risk assessment and ongoing monitoring activities to ensure that results, risks, and issues are properly
documented, issues are escalated and addressed, and results are used as input back to the program for ongoing improvement. Risk Assessment research
scenario on third party vendor’s compliance and analysis.
• Exposed vulnerability in security system of email server and management being reactive and not proactive, resulting in new controls,
policies/procedures
• Develop, implement, and maintain processes throughout the organization to identify new PCI in-scope areas, including third parties. Develop new
process templates, and attestation forms for evidence.
• Perform appropriate cross-training for select IT partners to serve as first-line subject matter experts (SMEs) and initial points of contact for PCI
guidance. Serve as escalation point for most complex PCI questions. Schedule, oversee, and ensure the execution of the annual PCI certification
examination with the QSA to obtain the RoC on an annual basis.
• Act as an advisor to the domains regarding risk-related matters. Assist in providing the businesses with expert advice, guidance, and support on
risk assessments, ensuring that risks within the domain are identified, assessed, managed, and monitored. Assist in the determination, setting, and
review of performance and risk indicators/metrics, and assist management in the early identification of risk and trends
Millward Brown Digital, Social, Television, Marketing Brand Analytics (Consultant) Lisle, Illinois 9/2015 to 1/2016
Program Project Manager Regulation Business Compliance Audit Specialist Global ISO 27001-2013 Implementation, Final Phase, overall
management including PM/BA/IC analyst activities, drive meetings, mapping of Internal Controls, development of Internal Control Design and Risk
Assessment, working with Information Security and Governance, Risk and Compliance (GRC), Process Improvement, Business, primary responsibilities
supporting the Information Risk Management Program (IRMP), manage and support the MBNA ISO 27001: 2013 Program, contract compliance review and
approval, Vendor Management, engagement of External Auditors. Facilitate C level meetings for GRC completion and tasks for stakeholders for
compliance. Performing Risk Assessments, exposing vulnerabilities of system and business, audits, remediation, implementation and work flow integration
of end-to-end solutions across multiple disciplines in these areas, and deliver advisory services focused on risk and compliance to IT management, Business,
and senior executives across MB and its 3rd party partners. Provide guidance relative to the internal control framework during internal control assessments,
and contract negotiations, and review of contracts for compliance with external clients. Gather, review of audit evidence, writing of updated
policies/procedures to meet new requirements of compliance. Plan coordinated audit and assessment activities initiated by external audit teams. Facilitate
vendor management activities including analysis of services against Service Level Agreements and regular vendor assessments. Glean information from
business and technology partners to determine current and future process requirements, build to be workflows, policies, identify and document process
improvements. Client facing with external auditors for Global ISO certification of Millward Brown
• SME development of new Internal Controls/Policies/Procedures/Change Management
• Educate Stakeholders on all aspects of internal control testing including: prepare audit test plan, selection of samples and obtaining of sufficient
artifacts and supporting evidences for testing, execution of specific test procedures and preparation of test documentation.
• Liaison with partners from systems and other business units regarding compliance requirements, risks, and remediation
BP (British Petroleum) (Consultant) Warrenville, Illinois 9/2013 – 7/2015
IT Service Delivery Support Project Coordinator Business Process Analyst – IT Service Delivery, Marketing, Business Process Mapping, SME
Technical Writer Documentation, and compliance for Point Of Sale (POS), VeriFone, Service Delivery Management, End 2 End Category Management of
Retail Marketing for west coast operations, AM/PM, ARCO. Business model was changed from company owned stations to franchise owned.
• Mapping of business in As Is configuration and design to Will Be model, creating swim lane diagrams of LOB, and business process development
of the Business/IT/Marketing line of business, business units, and Service Delivery Management to verify where improvements, and compliance in
the POS Category Management life cycle, and SLA can be made
• POS Category Management of retailing and purchasing of products, Loyalty, Gift Cards, or sold by a Franchisee retailer
• Each category is run as a business unit, with its own set of turnover and/or profitability targets and strategies
U.S. Cellular (Consultant) Bensenville, Illinois 4/2013 – 8/2013
IS Security Operations Senior Regulatory Compliance Security Audit Specialist Driving the final phase of IT security for PCI DSS v2.0, alignment with
SOX, CPNI, and the Audit Implementation and support of user access controls for recently implemented applications Conducted Risk review, mapping, and
testing of existing and writing of policies/procedures for compliance to audit regulations of PCI DSS, and SOX Risk Assessment, remediation, and
coordinate the implementation of new user access control testing processes and procedures for PCI DSS compliance, Design, Audit, and Test Internal
Controls for Financial and IT, ROC (Report On Compliance)/SQA (Self Assessment Questionnaire), and presentation of evidence to QSA. Control testing
processes and procedures include analysis of recurring user account assignments, user application and role assignments, and access entitlement assignments
within the Identity and Access Management environment, which leverages Role Based Access Control (RBAC) best practices.
• Interpret applicable Federal and State law compliance/regulation; maintain current and future identification of the risks and creating strategies to
mitigate them
• SME Technical Writer/Documentation, Interviewing, writing of new Policies/Procedures for User Access, Change Management, Vendor
Management, Annual Review, SOD, and testing
• SOX 404, Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA) Test Matrix Regulation/Compliance/Rules
• Consult with partners from systems and other business units regarding access compliancy requirements
• Act as a liaison between system and business partners on user access and security topics
• Work with business partners and auditors to answer and resolve audit questions related to PCI DSS compliance

3. Charles Schwab OptionsXpress (Consultant) Chicago, Illinois 10/2012 – 4/2013
Brokerage Services and Trading
Charles Schwab acquisition of OptionsXpress an online options trading company with 8.2 billion assets and 416,000-customer base. Client Facing with
Deloitte, Merger Senior GRC Regulatory Business Compliance Specialist Audit Project Lead for alignment of the two companies’, where prior
delisting from stock exchange and wrong doing within the company had occurred. Documenting Business/IT/compliance/regulation/operational (SOX Risk
Assessment, SSAE16, SOC1, SOC II, NFA, AORS, CFTC, FDM, FFIEC, CIPP, AML (Anti-Money Laundering), ISO 20022), Business Process
Management, Audit Remediation of ITGC, Design, Audit, Risk Assessment, and Test Internal Controls for Financial and IT, Security Configuration,
Business Process Mapping, SME Technical Writer Business/IT
• Interpret applicable Federal and State law compliance/regulation; maintain current and future identification of the risks and creating strategies to
mitigate them
• Reporting directly to and recommending remediation solutions to Vice President of Technology, Vice President of IT, Project Manager, and Point
of Contact for meetings and correspondence with Deloitte External Auditors for remediation of audit findings and closure of audit items
• Collaborate with business users and act as a liaison between business owners and technical teams, coordinate development, testing, and
implementation of solutions with offshore vendors
• SOX 404, Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA) Test Matrix Regulation/Compliance/Rules, COSO, COBIT
• Designed new internal controls, oversee support of core project, including gathering and documenting requirements, Business re-engineering,
translating functional requirements to writing technical policy/procedure requirements
• Development of plans and procedures for the Security Incident Response Reports
• SME Technical Writer/Documentation, Interviewing, writing of new Policies/Procedures for User Access, Change Management, Vendor
Management, SDLC, Annual Review, SOD, and testing of ITGC
Amcor Flexibles (Consultant) Vernon Hills, Illinois 5/2012 – 8/2012
Medical Device Packaging
SAP Project Manager for Agile final phase Go Live Global SAP ECC 6 Atlas implementation and interface, A/P, A/R, GL, Lock Box, HR, Master Data,
Fixed Assets, around software (PRMS, SAGE, Great Plains, VIM, Fox Pro, HFM, FDM)
• Provide supervision; develop group goals and objectives; develop and evaluate staffing plans; coordinate system testing activities; cutover testing;
month end close testing
• provide project status reports; identify and define business needs; analyze project proposals; develop conceptual systems requirements; develop
systems integration requirements; develop systems phasing plan; provide business application consultation; and provide problem
tracking/management; prepare and deliver presentations
Bank of America (Consultant, Remote) Dallas, Texas 10/2011 – 5/2012
Home Mortgage Division
IT Change Control Management Board Implementation Senior Regulatory Business Compliance Specialist for: Home Affordable Modification
Program (HAMP), 2MP, and Dodd Frank, Department of Justice, AML (Anti-Money Laundering), TILA (Truth In Lending Act), RESPA (Real Estate
Settlement Procedures Act), Bank Secrecy Act (BSA), Regulation Z, HUD’s Regulation X, Home Owners Protection Act, Flood Disaster Protection Act,
Service Members Civil Relief Act, S.A.F.E Act, CIPP Privacy, Fair Credit Reporting Act (FCRA), Fair and Accurate Credit Transactions Act (FACT Act),
Fair Debt Collections Act (FDCPA), Home Mortgage Disclosure Act, Fair Lending Laws (Reg. B, Fair Housing Act), ISERIES, Equal Credit Opportunity
Act, GLBA (Gramm–Leach–Bliley Act), and SOX (Sarbanes-Oxley, SOX 404, COSO, COBIT, Risk Assessment, Risk Control Matrix (RCM), Process Risk
Analysis (PRA) Test Matrix Regulation/Compliance/Rules), and SME Technical Writer.
• Interpret applicable Federal and State law compliance/regulation; maintain current and future identification of the risks and creating strategies to
mitigate them
• SME Technical Writer/ Documentation, Development and writing of policy/procedures and implementation of IT Change Management
Department, and Business Process Management
• Audit Remediation, Design, Audit, and Test Internal Controls for Financial and IT for the Department of Justice, Supporting GIS projects relating
to the Second Lien Modification Program (2MP) affecting multiple Home Equity business units, product lines, or business processes
• Transaction Analysis
• Change Board Meeting Facilitator, Creation of Change Management Statement of Work, Test Scenario/Scripts, approval of change
implementation, and defining Policy/Procedure/Process Projects require cross-divisional coordination, with negotiation skills while providing
advanced analytical support for change initiatives for contributions to the design, development and completion of project deliverables on all phases
of initiative
• Project Charter; Master Project Control Plan; Issue Log; Risk Management; Quality Management; Status Report; Project Change Control ; Change
Log; Operational Log
Abbott (Consultant, 50% Remote) Waukegan, Illinois 4/2011- 9/2011
Pharmaceutical and Nutritional
PMO Project Manager Senior Regulatory Business Compliance Audit Specialist for a Corporation Split-Up and reorganization of corporate entities
PMO global enterprise SAP ECC 6 implementation, SOX Financial/IT security operational/compliance/regulation/risk assessment, audit remediation, and
internal control testing per COSO and COBIT framework. Business Process Mapping of legacy applications retirement, and realization activities, support the
Global production environment proactively through tracking retirement of cloud legacy applications, and the SAP implementation.
• Develop conceptual level requirements in the analysis phase. Review and approve Financial Business IT audit internal control framework
templates, writing of new policies/procedures, and risk management
• SOX 404, Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA) Test Matrix Regulation/Compliance/Rules
• Provide supervision; develop group goals and objectives; monitor client production changes; develop and evaluate staffing plans; utilize formal
SDLC to coordinate system development activities; provide project status reports; identify and define user needs; analyze project proposals;
provide business application consultation, provide problem tracking/management; and prepare and deliver presentations

4. • Project Charter; Agile, Master Project Control Plan; Issue Log; Risk Management; Quality Management; Status Report; Project Change Control ;
Change Log; Operational Acceptance
My E Cities.com (Consultant), Yorkville, Illinois 1/2008 to 12/2011
Telecommunications Interactive Marketing Management of Ecommerce B2B cell phone SMS Live Interactive Direct Marketing Services and VIP opt-in
based CRM Membership Clubs, Live Interactive SMS Games, Live Interactive Promotions, Bluetooth, Proximity, Social Media, and Third Party
applications.
• Web page design, Web content writer, writing and editing of a wide variety of external marketing vehicles including product ads, sales letters,
Email campaigns, and sales collateral materials Provide B2B solutions including: Business and Marketing ROI analysis for Profit and Loss, Cell
Phone CRM marketing services application development, ring tones, mobile web design, wall papers, podcasts, mobile web sites, domain
registration, and web site submissions
• Development and presentation of sales project proposals to clients
• Winner of 2002/2003/2004 Golden Web Award
• Source and maintain competitive price for profitable relationships with clientele and subscribers
• Design and Optimize Live Interactive campaigns on an on-going basis to maximize ROI
New Horizons Computer Learning Center (Consultant), Austin, Texas, Custom Training Institute 10/2009 - 12/2009
SAP FICO R/3 Audit Training Instructor for the State of Texas Comptroller Office of Public Accounts Corporate Sales Tax Auditors. Designed class
courseware and presentations for a onetime class designed for State Sales Tax Auditors to audit SAP FICO R/3 for corporate owed taxes. Using audit trails,
auditing principles, security risks, fraud, transaction codes, SD, MM, PP, PS module functionality, workflow, business process, master data records, database
structure, batch processing, and how to find and correlate data within the SAP system. Consulted with Texas Comptroller Office to define and develop
course content, exercises, and class presentation materials to support SAP FICO R/3 audit tasks.
• Development of participant guides, instructor guides, lesson plans, presentations, classroom handouts, job aids and help materials for SAP end-
user training across client
• Plan, organize, coordinate, and schedule multiple tasks and adjust to changing priorities for class structure
ABeam ((Permanent Position) Deloitte & Touche Japan), Dallas, Texas 4/2007 - 6/2008
Client Facing Practice Manager/Client Management/Senior Engagement Special Projects Manager/Security Specialist/Senior Audit Manager
(Regulatory Compliance Specialist/IT/Financial/Operational/Security/Audit/Risk Assessment/Clandestine/Ethics/Social Engineering) Conducted research of
proposed and potential clients and presenting findings and project cost analysis to staff, development and presentation of sales project proposals, SOC/SOW
to clients (C-Level: CEO, COO, CFO, CIO). SOX and JSOX audit planning, Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA)
Test Matrix Regulation/Compliance/Rules, Full Cycle Audit Manager, Managing and leading IT/Financial Risk Audit Testing of Controls/Consulting
engagements, report preparation, compilation, supervise and document complex audit tests for compliance, and delivery of audit reports to management,
Prepare and review supporting work papers, Infrastructure/Applications Assess risks and key control activities, make recommendations to management,
Develop and manage project deadlines. Special Projects Manager of multiple engagements, manager of engagement teams, conducted interviewing, hiring of
team members, evaluation of new associates and consultants for business engagements and projects.
SME Technical Writer Compliance/Regulation Analyst developed best practices/due diligence documentation, policies/procedures,
IT/ITGC/Financial/Operational Controls/Security Solutions Advisor for COSO/COBIT, ISO17799, PCI DSS (Physical/Logical/Clandestine/Ethics/Social
Engineering), and Disaster Recovery. Created global library for use by employees consisting of: training materials, templates, documentation,
policies/procedures, RCM, Audit Test scripts, GRC, Best Practices, SOX/JSOX, and other pertinent regulatory information SME for new supporting
policies/procedures/process flows, and test scripts, Project Charter; Master Project Control Plan; Issue Log; Risk Management; Quality Management; Project
Change Control ; Change Log; Operational Acceptance
ABeam Client Managed Projects Under My Direction:
FUJI FILM Valhalla, New York and Boston Massachusetts
Global Retail Digital Imaging
Senior Engagement Special Business Project Manager Separate Corporate Media Entity, Business sales for the new organization is in excess
$1+ Billion annual sales revenue. Corporation Split-Up and reorganization of corporate entities, SAP Implementation of $5million project (sold
project services) for SAP FICO R/3 implementation, GL, Lock Box, Cash Management, AP/AR, Lock Box, HR, Credit, BW, defined scope,
Managed, interfaced, and negotiated with CEO, Division Managers, Department Managers and department personnel. Managed and defined
resources for SAP implementation team of 20 technicians for the Agile project (Daily Meetings, Project Gates, and Sprint). Documenting Business
Process Mapping, Business Process Reengineering, SME analysis of the existing company, and operational process redesign for effectiveness and
efficiency of Financial Business Process/Financial Controls, Infrastructure/Applications best practices/due diligence Documentation development,
JSOX internal controls GRC, HIPAA, Risk Assessment, Risk Mitigation, PCI DSS, and Security Solutions Advisor. Performing root cause
analysis on system issues and implementing corrective action plans. Design, Audit, and Test Internal Controls for Financial and IT, User Identity
Access (Roles, Rules, Groups) defining and testing. Work with functional experts to review and document the As Is – To Be Business process
requirements to incorporate into SAP training material. Designed and developed Organizational Change Management, Change Management, and
Business Analyst Facilitator, best practices/due diligence development, business process improvement, designing the financial accounting
processes (GL, A/P, A/R, Chargeback, and Close), accounting department, hiring and training of personnel for new FujiFilm Spin-off Company
FRMU. Identify key control points and testing adequacy of controls, coordination, User Acceptance Testing, and training of end users. SME
Technical Writer of test scripts and new supporting policies/procedures
• Reduced operating costs by $75,000 through negotiation, defining SLA requirements and analyzing accounting business processes
• Remediation, Business Process development and analysis of the existing company, and process redesign for effectiveness and efficiency
for the new spin-off company.
• SME Technical Writing/Documentation, Interviewing, writing of new Policies/Procedures, and of ITGC
MITSUI Honolulu, Hawaii

5. Sumitomo Bank, Holdings, and Trading Company
Client Facing Senior Engagement Project Manager Senior GRC Regulatory Business Compliance Security Specialist Business Process
Improvement /Audit Implementation IT/Financial of $1 million (sold project services) Full Cycle Audit Management/ JSOX
(Business/Operational/ITGC, Risk Assessment, internal control evaluation, design, testing, remediation) Audit Planning, conducted workshops
Agile gathering requirements, present the requirements to the client for JSOX, AML (Anti-Money Laundering) compliance regulatory
implementation. Business Process Management, design, Audit, and Test Internal Controls for Financial and IT, Point of Contact for detailed
correspondence with External Auditors for remediation and closure of audit items Defined scope, Business Process Re-engineering, IT/Financial
controls/operational Infrastructure/Applications process mapping, and as ITGC Security Solutions Advisor ISO17799, COSO/COBIT, PCI DSS
for compliance regulatory implementation and testing. Remediation of internal controls for financial and IT Security Audit, Threat Assessment,
planning and defining security requirements, Organizational Change Management, Change Management, Business Process Mapping, Business
Analyst Facilitator, Disaster Recovery, best practices/due diligence development, SME Technical Writer for new supporting Business and IT
policies/procedures/process flows and test scripts. Performing root cause analysis on system issues and implementing corrective action plans. User
Identity Access (Roles, Rules, Groups) defining and testing. SME Technical Writer of new supporting policies/procedures, Development of plans
and procedures for the Security Incident Response Reports
• Security: Corporate/Physical/Logical/ITGC/Application/Fraud Risk Assessment of employees
• Identified corporate security breach and vulnerability in hotel IT architecture system
• Broke client logon schema in four minutes, bulked mailed 600 pieces on company system within six minutes and without being
discovered on security event
• J SOX, Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA) Test Matrix Regulation/Compliance/Rules
• SME Technical Writer/Documentation ,Interviewing, writing of new Policies/Procedures, testing of ITGC, and Operational Remediation
• Development and update of recovery and continuity plans and procedures for the Security Incident Response
• Preparation and presentation of documentation and final report to client
TBC Juno Beach, Florida
Private Brand Tires and Retail Tire Sales
Client Facing Senior Engagement Special Project Manager Regulatory Compliance Security Specialist of $200,000 (sold project) Security
(Physical/Logical/Clandestine/Ethics/Social Engineering/Business/Operational/Risk Assessment /ITGC) Clandestine Security Project to determine
corporate security breach, security violations at various locations, and to monitor MS Exchange sever for security violations, fraud by Senior
Management and employees. Infrastructure/Applications Business Process Re-engineering, Business Process Mapping, Organizational Change
Management, SOD (Segregation of Duties), User Access, also provided risk/safety assessment of facilities. Defined: project scope, Security
Requirements/Solutions Advisor for JSOX, COSO/COBIT, HIPAA, ITIL, PCI DSS and ISO17799, SAP, financial, IT Security Audit, Threat
Assessment, testing, remediation of ITGC, Risk Assessment; and Risk Mitigation, presentation of findings to the CEO, and CIO. SME Writer for
new supporting Business/IT, policies/procedures/process flows, test scripts, best practices/due diligence, Organizational Change Management, and
Change Management SME Technical Writer of new Business/IT supporting policies/procedures
• Security: Corporate/Physical/Logical/Application/Fraud Risk Assessment of employees
• Identified security breach and vulnerability in companywide IT architecture system
• Identification of unauthorized employee users that had access and rights to Board Management’s and Senior Management data
• Dismissal of 12 Rouge Management and 5 employees involved in security breach
• J SOX, Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA) Test Matrix Regulation/Compliance/Rules
• Development of plans and procedures for the Security Incident Response Reports
• Developed security awareness for employees
• Developed new analytics and tracking of activities related to security, the SLA(s) and employee that improved the visibility and image of
the division.
• Preparation and presentation of documentation and final report to client
KITZ Houston, Texas
Manufacturer of High Pressure Valves
Client Facing Senior Engagement Project Manager Senior GRC Regulatory Business Compliance Specialist Business Process
Improvement /Audit Implementation IT/Financial of $150,000 (sold project) Full Cycle Business/Financial/IT Audit Management JSOX
(Operational/Risk Assessment/ITGC/internal control evaluation, design, testing, remediation) Audit planning, Business Process Management,
Business Process Mapping, conducted workshops gathering requirements, present the requirements to the client for JSOX compliance regulatory
implementation. Point of Contact for detailed correspondence with External Auditors for remediation and closure of audit items. Defined project
audit scope, Design, Audit, and Test Internal Controls for Financial and IT, Infrastructure/Applications Financial Controls/Business Process Re-
engineering, Business Analyst Facilitator and GRC for JSOX SME Business and IT policy/procedures, PCI DSS, HIPAA, Disaster Recovery,
Security Solutions Advisor, SAS 70 (SSAE 16 Vendor Management), COSO/COBIT, ISO17799, EDI, EDW, PCI compliance for financial and IT,
Operational, Organizational Change Management, Change Management, Business Analyst Facilitator, Risk Assessment, Risk Mitigation, also
provided risk/safety assessment of facility. Performing root cause analysis on system issues and implementing corrective action plans. User
Identity Access (Roles, Rules, Groups) defining and testing. SME Technical Writer of new supporting policies/procedures
• Managed day to day operations when President of company was away
• Reduced operation costs by $100,000 through the identification of redundant services, negotiation of SLAs’, and review of SAS70
service providers
• Reduced operation costs of Controllers department analyzing redundant accounting business processes
• J SOX, Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA) Test Matrix Regulation/Compliance/Rules
• SME Technical Writer/Documentation, Interviewing, writing of new Policies/Procedures, and testing of ITGC, and Operational
Remediation
• Define Organization Change Management, and Change Management requirements and strategy with project team by analyzing business
processes and stakeholder organization and Off Shore resources.

6. • Developed training of stakeholders and organizations in new policies/procedures
• Preparation and presentation of documentation and final report to client
_________________________________________________________________________________________________________________________
Additional Professional Consultant Engagements
MOTOROLA ACS (Consultant), Schaumburg, Illinois 1/2007 – 5/2007
Cell Phone Manufacturer
Project Manager/Senior Internal Auditor IT/Financial/Senior Regulatory Compliance Specialist defined scope of project, process mapping,
Operational/Risk Assessment/ITGC Security, Business Process Mapping, Process Improvement/Business Analyst, Infrastructure/Applications to support
GRC, the compliance regulatory implementation, audit, testing and remediation for HRIS (Human Resource Information System), Helpdesk, and SAP
needed by the IT Department, Security Solutions Advisor, Risk Assessment, Risk Mitigation: per security standards and practices (SOX, COSO, COBIT,
ISO17799/27001/ISO 20K, ITIL, PCI DSS, HIPAA, GLB, SAS70), and tools (ISS Internet & System Scanner, RealSecure, or GFI LANGuard). Business
Anal Business Process Improvement/Business Analyst Facilitator, responsible for business process development and analyzing the business needs of their
clients, stakeholders, and Off Shore Resources to help identify business problems and propose solutions. SME Technical Writer for review and development
of new of policies/procedures, SLAs’, Due Diligence, Best Practice, GRC, Disaster Recovery, Business Continuity, Change Management, Security, System
Operations, and Safety.
• Interpret applicable Federal and State law compliance/regulation; maintain current and future identification of the risks and creating strategies to
mitigate them
• SOX 404, Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA) Test Matrix Regulation/Compliance/Rules
• SME Technical Writer/Documentation ,Interviewing, writing of new Policies/Procedures, and testing of ITGC, and Operational Remediation
• Reduced operation costs 15% through the identification of redundant services, and review of SAS70 service providers
• Development and update of Disaster Recovery, Business Continuity plans and procedures for the Security Incident Response
SOGETI USA LLC (Cap Gemini/Earnst & Young, Permanent Position) Oak Brook, Illinois 6/2005 – 1/2007
Client Facing Director of S0X IT/Financial/Senior GRC Regulatory Business Compliance Security Audit Specialist/Special Projects Manager
assigned to British Petroleum (sold $200,000 of services) for Global SOX (Risk Assessment/Business/Financial/IT/Infrastructure/Applications internal
control evaluation, design, testing, remediation). Audit Planning, defined scope and management of SOX 404, COSO/COBIT, ISO17799, NIST, PCI DSS,
Business Process Mapping, Implementation, testing, remediation of ITGC Financial Audit and testing, Organizational Change Management, Change
Management, Business Process Improvement/Business Analyst, best practices/due diligence, and Remedy Implementation. Review of the internal
Financial/IT controls, and identify design gaps in controls that may not prevent or detect significant risks, while ensuring compliance with Policies and
Procedures, the integrity and reliability of information and financial reporting, safeguarding of assets, and compliance with laws, regulations, governance
requirements, the Compliance Program and Code of Conduct, overall corporate risk analysis, and other legal requirements. Worked with the process owners
to develop and implement practical remediation plans. SME Technical Writer of new supporting policies/procedures
• Director of SOX assisting the U.S. Retail Team of Service Delivery Managers for British Petroleum in their SOX 404 IT projects compliance with
the auditors of Deloitte & Touche, KPMG, Corven UK, and Ernst &Young
• SOX 404, Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA) Test Matrix Regulation/Compliance/Rules
• SOX/Security implementation: Defined and developed IT audit scope, ITGC Control Matrix and SME design revised, approved (Narratives,
Workflows) in coordination with Functional and Senior Managers
• Development of plans and procedures for the Security Incident Response Reports
Sogeti Client Managed Projects Under My Direction:
BP (British Petroleum) Warrenville, Illinois
ARCO AM/PM BP West Coast Operations La Palma, California
Senior Engagement GRC Project Manager Global SOX Audit Senior Regulatory Business Compliance Specialist Remediation Implementation
IT/Financial Security Solutions Advisor (COSO/COBIT, NIST, Risk Assessment/Business/Operations/ITGC/internal control evaluation, design,
testing, remediation), Point of Contact Responsible for detailed correspondence with External Auditors for remediation of audit findings and closure of
audit items. Data Migration coordination to new corporate facility, Infrastructure/Applications Audit Planning, Business Process Improvement/Business
Analyst, Business Process Mapping, conducted workshops gathering requirements, present the requirements to Division Managers, and Off-Shore
personnel. SOX Compliance Regulatory Implementation Specialist, HIPAA, Data Mining, GRC, best practices/due diligence, batch processing.
Software as a Service (SaaS) /Hosted solution and audit testing. Performing root cause analysis on system issues and implementing corrective action
plans. User Identity Access (Roles, Rules, Groups) defining and testing. SME Technical Writer of test scripts, and new supporting policies/procedures
and process flows Master Project Control Plan; Issue Log; Risk Management; Quality Management; Status Report; Project Change Control ; Change
Log; Operational Acceptance
• Interpret applicable Federal and State law compliance/regulation; maintain current and future identification of the risks and creating
strategies to mitigate them
• SOX implementation: Defined and developed IT audit scope, ITGC Control Matrix and design revised, approved (Narratives, Workflows) in
coordination with Functional and Senior Managers
• Development of plans and procedures for the Security Incident Response Reports
• SOX 404, Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA) Test Matrix Regulation/Compliance/Rules
• Project Manager developed and implemented security policy for application IT security and IBM data warehouse architecture enhancements,
data backup, data recovery, and segregation of duties to comply with SOX 404 remediation control gaps
• Interviewing, documentation, writing of new Business/IT, Policies/Procedures, and testing of ITGC
• Reduced annual costs by developing new analytics and tracking of activities related to SLA(s) , Shared Services, SAS 70 Review and Audit,
Off Shore Services, that improved the visibility and image of the division
• Project Manager for implementation of Remedy 7.5 Change Management system application SDLC
• Developed training of stakeholders, organizations and Off Shore resources in new policies/procedures of Business Continuity, Disaster
Recovery, Data Backup, Data Recovery, procedures for the Security Incident Response

7. • Computer System Validation, EDI, EDW, Change Control: Analysis of configuration management processes
• Vendor Management
• Preparation and presentation of documentation and final report to client
BP (British Petroleum) Warrenville, Illinois
Client Facing Director/Project Manager Senior GRC Regulatory Business Compliance Security Specialist Technical Functional Audit
Implementation IT/Financial Compliance Specialist For spin-off Call Center Customer Service entity, (Audit Software Development MS Access,
Risk Assessment/Business/Financial/Vendor/IT/Infrastructure/Applications internal control evaluation, design, testing, remediation), Business Audit
planning, Business Process Improvement/Business Analyst, Business Process Mapping, conducted workshops gathering requirements, present the
requirements to management. Defined scope of project, Security Solutions Advisor Business Risk Assessment & Assurance Project Implementation
Manager of the BP Elite call center (CRM), Vendor Management for the compliance regulatory implementation, testing, remediation compliance to;
SOX, COSO/COBIT, ITGC/ISO17788, ISO 17799, NIST, PCI DSS, HIPAA, GRC, Business Process Improvement/Business Analyst, best
practices/due diligence, and Financial Operations Controls which consists of: Human Resources, Business Operations Support, Dealer Accounting,
Customer Care (Business to Business, and Consumers), Property and Licensing, Accounts Receivable/Accounts Payable, batch processing, Retail
Programs, Services, and Software as a Service (SaaS) / Hosted solution. Performing root cause analysis on system issues and implementing corrective
action plans. User Identity Access (Roles, Rules, Groups) defining and testing. SME Technical Writer of new supporting policies/procedures
• Identification and resolution of area within the business where $10 million insurance loss was occurring annually, and set new controls in
place to prevent loss in the future
• Identification of vendor fraud within the call center, Vendor Management
• Development of plans and procedures for the Security Incident Response Reports
• Interpret applicable Federal and State law compliance/regulation; maintain current and future identification of the risks and creating
strategies to mitigate them
• Reduced operating costs through negotiation, defining new department SLA(s) and Siebel 7.5 analytics and tracking of activities related to
the SLA(s) that improved the visibility and image of the division
• SOX 404, Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA) Test Matrix Regulation/Compliance/Rules
• SME Technical Writer/Documentation ,Interviewing, writing of new Policies/Procedures, and testing of ITGC, and Operational Remediation
Development and update of Disaster Recovery, Business Continuity plans and procedures for the Security Incident Response
• Preparation and presentation of documentation and final report to client
IMPAC MORTGAGE HOLDINGS AND REIT (Consultant), Huntington Beach, California 2/2005 - 6/2005
Mortgage Lender
Senior Auditor Senior Regulatory Business Compliance Specialist SOX Audit Remediation Implementation Risk Assessment ITGC Technical
Coordinator Compliance regulatory implementation audit testing, COSO/COBIT, AML (Anti-Money Laundering), remediation, Business Process
Improvement/Business Analyst, Financial Controls, Business Process Mapping, GRC, Organizational Change Management, Change Management, best
practices/due diligence. Lead SME Technical Writer for new supporting Design, Audit, and Test Internal Controls for Financial and IT policies/procedures.
Auditing of Financial IT internal controls and facilitates testing with Grant Thornton where $10 million in internal fraud had occurred along with Risk
Analysis, process mapping of existing IMPAC documents to KPMG methodology. Performing root cause analysis on system issues and implementing
corrective action plans. User Identity Access (Roles, Rules, Groups) defining and testing. Gather, review of audit evidence, writing of updated
policies/procedures to meet new requirements of compliance.
• SOX 404, Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA) Test Matrix Regulation/Compliance/Rules
• Interpret applicable Federal and State law compliance/regulation; maintain current and future identification of the risks and creating strategies to
mitigate them
• Reduced operating costs through negotiation, defining SLA requirements and analyzing SAS70 service providers
• SME Technical Writer/Documentation, Interviewing, writing of new Policies/Procedures, and testing of ITGC, and Operational Remediation
• Development and update of Disaster Recovery, Business Continuity plans and procedures for the Security Incident Response
DELOITTE & TOUCHE (Consultant), Los Angeles, California 8/2004 – 2/2005
Union Bank of California (Data Center/Call Center)
Full Cycle Senior External Auditor IT Technical Senior Regulatory Compliance SOX Risk Assessment (ITGC/Infrastructure/Applications internal
control evaluation, design, testing, audit remediation), AML (Anti-Money Laundering), GLBA (Gramm–Leach–Bliley Act), COSO/COBIT, Business
Process Improvement/Business Analyst, Business Process Mapping, Design, Audit, and Test Internal Controls for Financial and IT compliance regulatory
implementation audit testing, remediation, GRC, Risk Assessment/Risk Mitigation, Business Analyst Facilitator, IT applications on Mainframe, Wintel,
Unix and AS400, Software as a Service (SaaS) / Hosted solution, batch processing, and best practices/due diligence. Performing root cause analysis on
system issues and implementing corrective action plans. User Identity Access (Roles, Rules, Groups) defining and testing. Gather, review of audit evidence,
writing of updated policies/procedures to meet new requirements of compliance.
• Reduced operating costs 20% through negotiation, defining SLA requirements and analyzing SAS70 service providers
• Security: Physical/Logical/Application/Fraud Risk Assessment of employees
• SOX 404, Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA) Test Matrix Regulation/Compliance/Rules
• Interviewing, documentation, writing of new Policies/Procedures, and testing of ITGC
• Development and update of Disaster Recovery, Business Continuity plans and procedures for the Security Incident Response
CENTER BANK (Consumer/Import/Export Commercial) (Consultant), Los Angeles, California RSM McGladrey 1/2004 – 7/2004
Client Facing Senior Engagement Manager Full Cycle Senior Regulatory Business Compliance Specialist Financial/IT Audit/ Business Process
Improvement: Audit Management SOX Implementation, Managed 20 IT/Financial Auditors, (Risk Assessment/Infrastructure/Applications ITGC/internal
control evaluation, , AML (Anti-Money Laundering), GLBA (Gramm–Leach–Bliley Act), COSO/COBIT, design, testing, remediation) Point of Contact for
detailed correspondence with External Auditors for remediation of audit findings and closure of audit items. Audit Planning, Business Process Mapping,
Financial Controls, conducted workshops gathering requirements, present the requirements to the client for SOX compliance regulatory implementation.

8. Defined scope for SOX Financial Internal Controls, Security Controls, and ITGC compliance regulatory implementation, audit testing, remediation, GL, lock
box, cash management, AP/AR, HR,GRC, Risk Assessment/Risk Mitigation, Organizational Change Management, Change Management, Business Process
Improvement/Business Analyst, best practices/due diligence development, and batch processing. Performing root cause analysis on system issues and
implementing corrective action plans. User Identity Access (Roles, Rules, Groups) defining and testing. SME Technical Writer of new supporting Business
and IT policies/procedures, and process flows
• SOX 404, Risk Assessment, Risk Control Matrix (RCM), Process Risk Analysis (PRA) Test Matrix Regulation/Compliance/Rules
• Reduced operating costs through negotiation, defining SLA requirements and analyzing accounting business processes
• Security: Corporate/Physical/Logical/Application/Fraud Risk Assessment of employees
• Gather, review of audit evidence, writing of updated policies/procedures to meet new requirements of compliance
• Define Organization Change Management, and Change Management requirements and strategy with project team by analyzing business processes
and stakeholder organization.
• Preparation and presentation of documentation and final report to client
B. BRAUN (Consultant), Irvine, California 1/2003 – 12/2003
Documentum System Administrator Assistant/Business Analyst Facilitator/Technical Writer for $5 million Documentum implementation project
(Document Management System (DMS). Define requirements (HIPPA, 21 CFR 11, LIMS) by analyzing business processes and SLAs’ within departments.
Organizational Change Management, Disaster Recovery, Segregation of Duties (SOD), and User Access (Rules, Roles, Groups), User Access Testing
• Technical Support testing installation qualification of all desktop installations of Documentum 4i software, and Training, Coordination, testing,
tracking of 400 users
• SME Technical Writer for new supporting policies/procedures
• Development and update of Disaster Recovery, Business Continuity plans and procedures for the Security Incident Response
EDUCATION:
BP IT&S Academy 2013/2014
Business Operations Relating to ITIL V3
Corrective Action Failure Analysis
Problem Management
Major Incident Management
IT Service Management
Configuration Management
Change Management
Information Security Essentials
Risk Management
Continuous Improvement
Talent Technology V3IT 2010
SAP Security (R3, ECC, BW, BI, HR), GRC AC 5.3 v AC6.0, Netweaver, SAP Solution Manager, User Management Engine
Microsoft Directions Training Center Microsoft Application Development 2009/2010
Visual Studio 2008, ASP.NET, ASP.NET Security, SQL 2005, MS SQL Server 2008, SQL Server Management Studio 2005/2008
Microsoft Mobile Application Development 2009/2010
Windows Mobile 6, Mobile Security, Visual Studio 2008, ADO.NET 3.5, MS Exchange, C#, MS SQL Server 2005
SAP Training Skillsoft 2009/2010
SAP FICO R/3, ABAP, MM, SD, QM, HR
Microsoft Vista Security 2008 Halock Security Labs 2008
Group Policy Security, Power Shell, Scripting PCI DSS Compliance
SOX TRAINING J-SOX TRAINING Toledo University
Deloitte & Touche 2005 Abeam 2007 Business Administration
Risk Assessment Internal Controls Risk Assessment Internal Controls
Internal Controls Evaluation Internal Controls Evaluation
Axentis Enterprise Assessment and Reporting of ICFR