Karen Burkardt

Karen Burkardt

Summary

I have a Masters in Business Administration in Information Technology Management and five years experience in Information Technology and Financial Services with a focus on Information Security and Risk Management. I am a member of the Information Systems Security Association (ISSA), the Information Systems Audit and Control Association (ISACA).My experience includes the administration and management of Information Security and Risk Management Programs and the implementation of numerous Information Technology projects. I possess outstanding technical, analytical and problem solving skills and am an excellent communicator.

Work History

Work History
Oct 2005 - May 2008

Technology Risk Officer

http://www.pffbank.com

• Participated in the development of Information Technology components of SOX 404 documentation, internal control review and testing efforts,• Prepared risk assessments, security programs, and established ongoing testing requirements. • Identified opportunities for improved controls to support business needs and data integrity in web-based, client/server environments and interfaced with auditors and federal examiners during IT exams.• Performed third party vendor assessments and reviewed SAS70 and FFIEC exam reports,

• Design, recommend, develop and monitor implementation of policies, standards and procedures designed to ensure compliance with statutory and regulatory Information Security requirements in the use of in-house, service bureau, electronic banking, PC and network based computer systems• Prepare board reports for senior management that conveys the inherent exposure and risk in data processing applications, enabling management to budget resources to minimize the exposure• Participate in the ongoing education of the bank’s personnel on the importance of security over computer data and usage and employee’s role in maintaining their security and protection of bank information assets• Familiar with GLBA, CoBIT, COSO, SB1386, FFIEC and ISO 17799

Apr 2004 - Oct 2005

Associate

PricewaterhouseCoopers LLP

• Perform information security reviews and audits for Windows, Unix/Linux, and Cisco• Assist clients in preparing for Section 404 of the Sarbanes-Oxley Act compliance• Assist in leading other staff members for client engagements• Lead client projects, manage PricewaterhouseCoopers’ team and act as point of contact between client and PricewaterhouseCoopers’ management.• Assist in updating technical controls, procedures, and security standards for Information Security best practices for internal and client use• Conduct client interviews and meetings to attain necessary information for project engagement• Participate as a Network Core Team member, assisting in keeping PricewaterhouseCoopers’ network security practice up to date with current standards, technology and compliance.

Education

Education
Sep 2001 - Mar 2004

Bachelors of Science

Cal Poly Pomona

President’s Honor List for the 2001-02 academic year- Major GPA 3.43