Download PDF


Governance, Risk, Audit and Compliance professional with hands-on consultative experience in building, redefining and executing visions for effective Compliance functions in both public and private companies. Skilled at assessing deficiencies to execute positive, efficient and attainable remediation while building strong relationships with management. Interested in pursuing CISSP and CIPP.

Highlighted Achievements


  • Developed, implemented and managed compliance of Global IT Policy, Global Acceptable Use Policy and Global Information Security Policy using NIST, PCI-DSS 3.1, HIPAA, SOX and EU Data Protection Directive. Also assisted in developing standards and processes such as: SDLC, Enterprise Architecture, QA, Change Management and Data Classification for a $76B Fortune 500 Company.
  • Consulted on and managed pre/post-implementation review of international SAP implementation for  a $10B Fortune 500 client; identified risks, scope, testing, deliverables and reporting for client Senior Leadership and Internal Audit. During engagement,  several processes were identified  that were over looked by project team. The processes identified noted as having a high risk of material misstatement.
  • Lead collection and analysis of Global Information Security Policy SAQ responses, policy variances and management of remediation for non-compliant applications, in addition to awareness materials/training for $76B Fortune 500 Company.
  • Developed and provided vision, strategy and leadership  to develop and manage a and Integrated (IT, Finance and Operations Leadership) Compliance Steering Committee for a $3B retail company. The Committee was comprised of the CFO, CIO and IT Leadership and was developed to address multi-year ITGC deficiencies, including: creation of accountability and transparency between IT and Internal Audit, promotion and incorporation of risk into current and future control/processes, and to ensure all reporting to Senior Leadership and the Audit Committee from both the IT Organization and Internal Audit was measurable, transparent and comprehensive.
  • Identified the need for basic SOX knowledge (high level end-to-end process and control owner responsibilities) within the IT Organization for  a $3B Retail company. Designed a high-level interactive presentation called “SOX 101 for IT” which was delivered during the IT Organization Q3 Town Hall Meeting. Additional material (“SOX 102 for IT”, “IT SOX Retrospective” and “PCI 101”) was subsequently developed and delivered in Q4.
  • Designed and implemented risk-based Compliance KPI reporting for Senior Leadership and the Audit Committee of a $3B retail company.
    • Vulnerability Management Program: KPI's provided a transparent view of current vulnerabilities, which included patches, aging and remediation of vulnerabilities.
    • SOX Program: Reporting provided clear visibility into current status, with plan to actual comparison by week, potential (or validated) deficiencies and any changes to scope or timing.
    • PCI Program:  Reporting included status of PCI-DSS 3.0 readiness assessment; quarterly vulnerability scans, status of yearly penetration testing; status of scope adjustments from implementation of new point of sale technology, mobile applications, wireless payment devices, certification of end-to-end point encryption, and yearly testing status schedule.
  • Provided vision and leadership for IT Risk Management (Compliance/Information Security) team of  a $3B retailer. This included development and implementation of strategic initiatives for the team, implementation of MSSP partner, re-design of integrated SOX (Finance and ITGC) program, tracking of team utilization, and ensuring the confidentiality, integrity and availability of company data.
  • Review risks and perform assessment of security and compliance for changes and/or development of applications, infrastructure and projects unable to implement current security and compliance standards consistent with PCI, NIST, ISO, SOX and HIPAA for a $76B Fortune 500 Company.
  • Perform security risk assessments and support for technology projects, SOC II, cyber insurance and third party vendors.


  • Develop, lead and implement new scoping process to identify in-scope assets for two entities (PCI Level 1 Merchant & Service Provider – reported through 2 separate ROC’s) to ensure completeness, accuracy and proper documentation of decommissioned logical and physical assets for $76B Fortune 500 Company.
  • Manage PCI-DSS program and extensions for two entities simultaneously (PCI level 1 Merchant and Service Provider), including remediation assistance for vulnerabilities identified during quarterly scans and penetration testing to ensure compliance with PCI-DSS v3.1.
  • Manage all PCI related communication, including AOSC, Prioritized Approach plans and annual ROC/AOC with card brands/processors for two entities of a $76B Fortune 500 Company.
  • Review risks and perform assessment of security and compliance for changes and/or development of applications, infrastructure and projects unable to implement current security and compliance standards consistent with PCI, NIST, ISO, SOX and HIPAA for a $76B Fortune 500 Company.
  • Developed and implemented a global vulnerability management program for a $76B Fortune 500 Company with transparent reporting, consistent monitoring and accountability for remediation. 
  • Created, analyzed and provided time/scope data to be used in RFP’s for a $3M Boutique firm for engagements with Fortune 500 companies. Also responsible for planning, scoping and staffing of newly awarded Fortune 500 client engagements.
  • Built Internal Audit department from scratch for a $3B Entertainment/Media Company. This included building relationships with management and  the following Audit functions/processes from scratch:
    • charter,
    • policies and procedures;
    • SOX 404 program,
    • risk universe,
    • risk assessment process,
    • audit plan, and
    • fraud program.

      Also earned distinction as lauded SME (Subject Matter Expert) and considered as “the face of Internal       Audit and Risk Management” to Senior Leadership.

  • Managed and led Material Weakness project remediation for a $700M Internet/Travel Company. Deficiencies were in the following functions:
    • change management,
    • financial reporting, and
    • data validation/transformation.

       Project required collaboration with Technology and Finance Management to build out project                    plan with attainable deadlines, resource requirements (including technical knowledge), changes to            SOX program, and multi-level reporting for the project team, Leadership and the Audit Committee.

  • Managed ITGC rationalization and restructuring for  a $700M Internet/Travel Company, which included the integration of COBIT 5 and COSO 2013 requirements as well as AS 5. Also responsible for planning and leading the restructuring of the PCI program to ensure timeliness and completeness of program, as well as to gain efficiencies between Internal Audit, Compliance and Information Security. Both initiatives included the following deliverables:
    • re-designed ITGC’s (key and secondary) and application controls,
    • consolidated and centralized planning process for SOX and PCI, and 
    • mapping of all IT SOX risks and controls with PCI, NIST 800-53 and ITIL.
  • Co-managed and built an ERM (Enterprise Risk Management) program for a $3B Entertainment/Media company and led the enterprise-wide implementation process. The design and implementation process included:
    • facilitation of risk discussions with Management,
    • recommendations for treatment plans,
    • consolidation and alignment of risks and treatment plans with Internal Audit’s yearly risk assessment/planning process, and
    • quarterly tracking/reporting of status and mitigation efforts.
  • Identified, researched and implemented reduction in scope for PCI Program for  a $3B Retail company. Project was based on the implementation of a new point of sale system with mobile payment devices, and the implementation of credit card data tokenization throughout 700 company stores. Project was contingent on the certification of P2PE (Point to Point Encryption) by PTS device vendor and certification of tokenization process by payment processor. Actual scope reduction saved over 100 hours of annual FTE work and approximately $8,500 in QSA fees by significantly reducing the number of in-scope devices and technology in the store environments.

Work experience

Sep 2015Present

IT Compliance/Security Manager Consultant (Contract)

Apex Systems

CLIENTS: $76B Fortune 500 Organization; Industry: Healthcare/Retail;

Reason for Leaving: Seeking permanent full-time position.

May 2015Sep 2015

Manager, IT Risk Management Services (Contract)


CLIENT: $10B International Fortune 500 Organization; Industry: Retail/Supply Chain;

Reason for Leaving: Firm went out of business.

Jul 2014May 2015

IT Compliance Manager

Ulta, Inc.; Chicago, IL; Industry: Retail; Revenues: $3B/annually.

Reason for Leaving: Position eliminated under new CIO.

Apr 2013Jul 2014

Manager of Compliance and Control (Finance and IT)

Wheels, Inc.; Chicago, IL; Industry: Financial Services; Revenues: $3B/annually.

Reason for Leaving: Position became 90% sales and use tax; internal controls program eliminated under new CFO.

May 2012Apr 2013

SOX Compliance Manager (IT and Finance), Internal Audit Manager (IT and Finance)

Orbitz Worldwide; Chicago, IL; Industry: Internet/Travel; Revenues: $700M/annually.

Reason for Leaving: Company financial issues (lost buyer); also lost entire team/direct reports during multiple layoffs.

Aug 2009May 2012

Senior Auditor, Acting Senior Audit Manager (8/2011 - 5/2012)

Redbox (Coinstar/Outerwall); Chicago, IL; Industry: Entertainment/Media/Retail; Revenues: $3B/annually.

Reason for Leaving: Growth and development, high turnover on team, part of IA function was moved to co-sourced provider.

Mar 2008Aug 2009

Senior Auditor (detail not provided on resume)

Ace Hardware; Chicago, IL; Industry: Distribution/Wholesale/Retail; Revenues: $3.8B/annually.
  • Managed efforts to standardized SOP's across several distribution centers, eliminating duplicated picking and reporting processes in addition to ensuring timely resolution of gaps and deficiencies.

  • Led efforts to document enterprise control environment via RCM and integrate with control testing.

  • Initiated setup of continuous monitoring program using ACL to facilitate interim controls within 437 legacy systems across Operations, Merchandising, Logistics, Finance, and IT.

  • Created savings and expanded volume capacity for drop-ship program ($2M FY08; $3.5M FY09) by eliminating manual processes and boosting communication between systems.

  • Led controls documentation and consulting for SAP and SAP Business One implementations. 
  • Developed reputation as an inventory controls expert by managing efforts to standardize SOP's across several distribution centers; eliminating duplicated picking and reporting processes; also ensuring timely resolution of gaps and deficiencies.
  • Supervised risk-based audits and controls consulting, as well as review of year-end substantive financial statement testing.
  • Consulted on and assisted in configuration of SAP and SAP Business One implementations

Reason for Leaving: Portions of Audit function outsourced, remaining team re-purposed for control consulting only on SAP Implementation.

Nov 2006Mar 2008

Internal Auditor (detail not provided on resume)

Telephone & Data Systems; Chicago, IL & Madison, Wi.; Industry: Telecommunications/Wireless; Revenues: $1.3B/annually.
  • Supervised small to medium sized audit team to complete annual/quarterly financial statement review in 3-4 days per quarter.
  • Led team of 4 to perform Annual Fraud Risk Assessment, resulting in reduction of fraud by 5-10%. Also earned distinction as SME on fraud risk assessment and store compliance.
  • Managed the extraction and analysis of data pulled from SAP for testing (via ACL) and continuous monitoring.
  • Maintained audit risk universe in Teammate and created annual audit plan. All audits were planned from scratch.

Reason for Leaving: Turn-over on team required weekly commute to Madison, WI to complete audit plan.

Aug 2005Nov 2006

Auditor 1, Accountant Q (detail not provided on resume)

HSBC; Chicago, IL; Industry: Financial Services/Consumer Lending; Revenues: $19B/annually.
  • Supervised 2 staff accountants; reviewing over 250 account reconciliations per month including corresponding journal entries; responsible for ongoing compliance initiatives across the organization.
  • Managed and conducted routine visits to operational facilities to review and assess risk around the following processes and controls: mortgage lending, cash management, reconciliations, payroll, and SOX and regulatory compliance (e.g. Lending and Deposit Consumer Compliance, Regulation W, Foreign Corrupt Practices Act, Gramm-Leach-Bliley Act, AML/BSA, USA PATRIOT Act).
  • Responsible for evaluating deficiencies, updating process and control documentation, performance of SOX walkthroughs and testing, and continuous monitoring for both the Corporate and Consumer Lending Audit teams.

Reason for Leaving: 75% travel.

Accounting Background prior to 2005 (> 10 years) available upon request.


Apr 2009Dec 2010

MBA - with distinction

Keller Graduate School of Management

Matriculated while working full-time.

GPS: 3.83/4.0

Jul 2004Dec 2006

Masters of Accounting and Financial Management

Keller Graduate School of Management

Matriculated while working full-time.

GPA: 3.71/4.0

Sep 1999Jul 2003

Bachelor of Music Business

DePaul University

Matriculated while working full-time.


RISK AND COMPLIANCE: GAAP, FASB, PCAOB; SOX 404 & 302 planning, scoping, documentation, review and reporting; AS 2, AS 5, 10K/10Q Restatement reviews, COSO 2013, COBIT (ITGC), IIA IPPF, ERM development and reporting, ERM treatment plans (including remediation), ERM risk management, compliance (SOX, PCI-DSS, NIST, COSO 2013, Data Privacy) and security risk assessments for projects and initiatives, global policy development and implementation, audit reporting and work paper review; Audit Committee & leadership reporting and presentations, Audit Universe development and reporting; GRC and audit tool implementations, control documentation, remediation and rationalization; Audit Plan development and reporting; creation & management of Internal Audit and Compliance teams, leadership of co-sourced Internal Audit/Compliance functions, development and presentation of training programs for IT and junior staff.


Compliance and Security: PCI DSS 3.1(Level 1 & 4 Merchants); NIST 800-53, ISO 27001, ISO 3100; ITIL, HIPPA, SSAE No. 16, (SAS70), SOC 1, SOC 2; SDLC: Data Privacy; Agile, Scrum, Waterfall; TLS, SSL, PKI, SAP Implementations (Domestic and Global functions), End-to-End Process Mapping; Vulnerability and Threat Management, DLP Programs, IDS/IPS, Developing Global Information Security Policies, Developing Security Programs, Cybersecurity and KPI Reporting, Business Continuity and Disaster Recovery, Business Impact Analysis.



SAP, JD Edwards, ACL, Auto Audit, TeamMate, RSA Archer, SharePoint, Great Plains, Hyperion Enterprise, Oracle Financials, Lotus Notes, BMC Remedy, Microsoft Office 365 (including Visio), Vontu (now Symantec), Alfresco, Service-Now, Confluence, ADP, Crystal Reports, Vertex O Series Indirect Tax, Vertex Sales & Use Tax Returns v 9.5, BigFix (IBM Endpoint Manager Console), Tidal, Tipping Point, BlueCoat, Alert Logic, WhiteHat (Sentinel), RedHat (Unix/Linux), Windows Powershell, Active Directory, SAP GRC, Innotas, Nitro (SIEM), McAffe EPO, CyberArk, PwC Connect, Fishnet Proofpoint, Cherwell, Nessus, Qualys.