Muema Lombe
Investor
United States
Overview
Work Experience
Head of Risk Analytics, Systems Monitoring, Automation & AI
2023 - Current
● Provide executive leadership to implement data analytics and systems monitoring for the Global Risk Team and foster a culture of innovation and continuous improvements. ● Provide leadership to the advanced data analytic program. ● Promote the use of advanced analytics and automation methods and techniques across the Global Risk department through delivery of proof-of-concept engagements. ● Lead the implementation of new data analytics to identify risk insights. ● Manage and oversee the advanced analytic work to ensure it is delivered accurately, timely and complete, adhering to Global Risk documentation standards. ● Provide oversight to the team responsible for analyzing complex data, identifying anomalies, and providing useable insight to cross functional stakeholders. ● Facilitate the communication of delivered data analytics results to broader audit department, individual teams, and audit stakeholders, as necessary.
Head of Technology Audit
2021
● Set governance, strategy, and project management expectations across the Tech vertical project portfolio ● Built strong relationships with key IT, engineering, and business partners, including Infrastructure and Information Security, to thoroughly understand their business and identify appropriate risk mitigations and opportunities to add value ● Drove risk assessment and dynamic audit planning and participated in enterprise risk assessment and audit planning processes ● Managed and develop a team of audit professionals to execute audits and projects, providing direction and ongoing coaching and development ● Reported to the Head of Internal Audit, Executive Leadership, and the Audit Committee on risks, portfolio of audits, and outcomes ● Brought thought leadership, leading practice frameworks, audit process improvements, and contribute to the continuous improvement of the department ● Collaborated with other Internal Audit leaders to execute IA’s strategy and coordinate cross-vertical audit projects and initiatives ● Effectively managed relationship with the internal audit co-sourcing partner(s) to ensure that we execute as one team ● Coordinated with other risk management functions (e.g., Privacy, Compliance, Information Security) to minimize duplication of effort and maximize execution ● Viewed and respected as communication leader for Internal Audit and broader Finance organization
Audit & Compliance
2021
● Developed and implemented the annual audit plan and schedules using a risk-based approach. ● Managed the audit schedule and staffing. Be responsible for all aspects of SOX 404 requirements ● Drove the overall execution of audit engagements and actively manage the quality and timeliness of completed work. ● Reviewed team members’ work papers to ensure appropriate documentation and support aligned with internal quality control standards / the Institute of Internal Auditors International Professional Practices Framework ● Led testing of the SOX internal controls framework by performing walkthroughs, identifying risks, defining and reviewing testing procedures, and identifying control gaps ● Updated and maintained SOX process documentation, including flowcharts, narratives, and risk and controls matrices ● Oversaw IT general controls ● Provided support and guidance to control owners as part of deficiency remediation efforts and as new systems are implemented or processes change ● Developed and communicated clear, concise, actionable and practical observations and recommendations for addressing control gaps and enhancing the control environment and activities ● Partnered with internal and external stakeholders (process owners and external auditors) to build strong relationships and support the coordination of SOX activities ● Supported the preparation of reporting materials to deliver to senior leadership of the Company and the Audit Committee ● Acted as a trusted advisor to management, providing insights and recommendations to enhance business processes. ● Remained abreast of industry developments and changes in regulatory requirements to ensure the internal audit function remains effective and relevant.
Technology Risk Management
2021
● Responsible for leading the Airbnb technology risk assessment program. ● Provided technical and best practice guidance on Information Technology Risk taking into account specific business platform complexities, and issues. ● Provided input into the setting of risk appetite based on platform-specific differences and specific business considerations. ● Developed and reported the quarterly enterprise cyber and technology risk profile. ● Reviewed security and control processes along with associated documentation, and reporting. ● Reviewed key technology risks (e.g. cloud controls, etc.) to develop and communicate risk themes, and solutions to the business. ● Established effective monitoring practices to ensure adherence to the technology risk management framework and policy, and assist businesses in the identification of issues. ● Advised and collaborated with technology and the business on appropriate ways to strengthen controls in non-compliant areas. ● Advise and assist first line of defense in technology risk mitigation planning activities. ● Provided ongoing technology risk management governance and direction. ● Managed, developed, and played a leadership role for the staff. ● Developed a high-performing team. ● Managed the personnel processes for employees, including selection, training, performance management, development, and retention. ● Fostered an environment where colleagues are empowered and have the opportunity to develop and grow. ● Engaged with domain leads for Technology, BizTech, Information Security, Disaster Recovery & Business Continuity, Infrastructure, Data Quality, Performance & Scalability, and Change Management & Development Practices to obtain technical domain advice as appropriate. ● Worked effectively with Airbnb’s senior executives. ● Developed and maintained key business relationships in order to provide advice and oversight on new initiatives. ● Provided regular reporting of Information Technology risk.
Interim Head of Enterprise Risk Management
2023 - 2024
● Framework Development and Implementation - Created detailed documentation for the Airbnb risk management framework to ensure consistent application across the organization. ● Key Risk Indicators (KRI’s) - Collaborated with business units to identify KRI’s and integrate them into the ERM framework. ● Risk & Control Self Assessments (RCSA’s) - Ensured that the RCSA’s are conducted consistently and comprehensively, identifying key risks and controls. ● Risk Appetite & Tolerance - Monitored adherence to established risk appetite and tolerance levels, reporting any breaches or concerns. ● Reporting & Communication - Developed high-quality, visually appealing presentations to communicate complex risk management concepts. ● Stakeholder Engagement & Collaboration - Collaborated with technical teams to incorporate data analytics into ERM frameworks, enhancing their effectiveness. ● Compliance and Regulatory Alignment - Remained abreast of changes in the regulatory landscape and adjusted frameworks as necessary to maintain compliance.
IT Sarbanes–Oxley (SOX) Leader
2021 - 2024
● Led IT SOX Function ● Managed a team of FTE’s & co-sourced resources ● Reviewed the SOX 404 financial statement mapping, risk assessment and scoping process ● Oversaw the effort to design, develop and test the Company’s internal controls over financial reporting including documentation and assessment (i.e. narratives, flowcharts, risk and control matrices) and annual testing plan ● Oversaw internal compliance audits including scoping, testing and documentation of results ● Coordinated external audit controls testing efforts, including walkthroughs, testing, audit requests and evaluation of deficiencies ● Prepared and routinely presented findings of IT SOX program, testing and results to management and the Audit Committee and track any identified control deficiencies, remediation and closure of findings ● Acted as the "go-to" person for internal controls within the organization and provide reliable and insightful resource for implementing IT SOX controls in an efficient and effective manner ● Developed and maintained close working relationships with the management teams of all major functional areas as well as external auditor, ensuring a holistic understanding of key risks and processes of the organization ● Partnered with Global Risk and Finance Leadership to design, build and execute against a people development strategy to develop, promote and empower team members – this strategy is cross-functional between technology, business and strategy teams. ● Built relationships and collaborated with Technology, Finance, Accounting Control, Operations and Internal/External Auditors to design, build and execute against a SOX program that is risk based and is delivered by leveraging tools and automation. ● Provide training and subject matter expertise to team members and business and technology practitioners on technology controls ● Led the management of SOX tool ● Kept abreast of SOX regulatory requirements to support the company remain compliant.
Lake Swan Properties is a holiday home rental company.
Senior Program Manager, Technology Risk
2019 - 2021
FinTech Partnered with the VP of Risk and CCO in the build out and expansion as the Risk department scaled from 3 to 100+ employees; as Robinhood scaled from 300 to 2,000 employees; as customers scaled from 5m to 18m; and revenue scaled from $200m to $1 billion. ● Developed, managed and led Risk and Compliance teams, programs, policies, procedures, and processes ● Provided day-to-day Compliance and Risk advice/best-practices to Business and Support Unit constituents relating to various activities, including high-risk activities, cryptocurrency risk, cybersecurity risk, third party risk management, etc. ● Developed and refined internal and external compliance and risk management tools to support expected growth. ● Collaborated with team members to evaluate and risk assess new and novel products and services. ● Developed and presented periodic risk and compliance reviews for senior leadership, noting key areas of focus and progress against established goals, emerging risks, and regulatory changes impacting Robinhood’s products, services, and markets. ● Ensured regulatory requirements were understood and complied with, within emerging growth initiatives and new products. ● Collaborated with cross-functional team professionals and strove to deliver exceptional and responsive service by providing risk and compliance management expertise in a clear, solution-oriented, and customer-focused manner. ● Identified, managed and monitored key risks, including risks associated with cryptocurrency, cybersecurity, regulatory compliance, etc. ● Cultivated relationships and maintained regular interactions with internal teams (Legal, Information Security, Physical Security, Engineering, HR, etc). ● Maintained current awareness of regulatory developments. ● Hired, managed, and trained compliance staff. ● Escalated timely and actionable information to key stakeholders.
IPO Readiness Assessment
2020 - 2021
● Assessed the current state of Robinhood IPO operational and technology readiness against policies, processes, people, reporting, methodologies, and systems and data benchmarks ● Identified the readiness of core public company requirements with respect to risk, compliance, internal controls, cybersecurity, and business continuity ● Assessed the urgency of solutions needed to close identified gaps based on an analysis of costs and benefits along with the required timeline ● Developed work plans, timeline and resource requirements to implement the appropriate solutions
FINRA Cybersecurity Gap Assessment
2020 - 2021
Led cybersecurity evaluation vs FINRA requirements. Evaluated the following dimensions: ● Section 1 - Identify and Assess Risks: Inventory ● Section 2 - Identify and Assess Risks: Minimize Use ● Section 3 - Identify and Assess Risks: Third Party Access ● Section 4 - Protect: Information Assets ● Section 5 - Protect: Systems Assets ● Section 6 - Protect: Encryption ● Section 7 - Protect: Employee Devices ● Section 8 - Protect: Controls and Staff Training ● Section 9 - Detect: Penetration Testing ● Section 10 - Detect: Intrusion ● Section 11 - Response Plan ● Section 12 - Recovery Evaluated and made recommendations to enhance cybersecurity policies, standards and procedures. * FINRA evaluates firms’ approaches to cybersecurity risk management through reviews of their controls in areas including: technology governance, risk assessment, technical controls, access management, incident response, vendor management, data loss prevention, system change management, branch controls and staff training. Through these reviews, FINRA also assesses a firm’s ability to protect the confidentiality, integrity, and availability of sensitive customer information.
Privacy Program Review
2020 - 2021
Led and managed an assessment of Robinhood’s Privacy Program. ● Drove and supported privacy programs that met global legal requirements ● Led, coordinated and managed internal assessment of Robinhood’s privacy program and processes ● Collaborated with business owners to prioritize projects and solutions to reduce privacy risk and improve compliance ● Reviewed new product features and designs and provided guidance on requirements impacting Robinhood’s privacy compliance framework. ● Validated operating effectiveness of privacy policies and controls ● Performed risk assessments relating to the privacy program, working with the team to implement mitigation strategies ● Worked with important privacy partners (e.g. Legal) on key privacy strategies for Robinhood
Regulatory Compliance PMO
2020 - 2021
● Built a Regulatory Compliance PMO function (Project Execution Team), understanding the needs of the business to provide support on key strategic investments ● Collaborated with Hoodies across the company to understand company initiatives and build a plan to support it ● Drove the project prioritization based on business needs and resource availability Identified areas of risk to the project scope or timeline, and escalating to leadership in a timely manner ● Dove deep where needed to resolve blocking issues during project execution, testing, launch and cutover ● Communicated the overall program roadmap and periodic status updates to executive stakeholder body, including Stripe businesses, Finance, and related technical teams ● Defined and implement metrics to measure and communicate success ● Hired and managed a team of 3 FTE's ● Maintained Compliance Action Tracker
Books & Records Gap Assessment
2020 - 2020
● Assessed the current state of Robinhood Books and Records against FINRA policies, processes, people, reporting, methodologies, and systems and data benchmarks ● Identified the readiness of core FINRA books and records requirements ● Assessed the urgency of solutions needed to close identified gaps based on an analysis of costs and benefits along with the required timeline ● Developed work plans, timeline and resource requirements to implement the appropriate solutions * Exchange Act Rules 17a-3 and 17a-4, as well as FINRA Rule 3110(b)(4) (Review of Correspondence and Internal Communications) and FINRA Rule Series 4510 (Books and Records Requirements) (collectively, Books and Records Rules) require a firm to, among other things, create and preserve, in an easily accessible place, originals of all communications received and sent relating to its “business as such.” Such records must be immediately produced or reproduced and may be maintained and preserved for the required time on electronic storage media (ESM) subject to the conditions set forth in Exchange Act Rule 17a-4(f)(2) (ESM Standards), including “non-rewriteable and non-erasable format.” Firms must also provide notification to FINRA as required by Exchange Act Rule 17a-4(f)(2)(i), including a representation that the selected storage media meets the conditions of Exchange Act Rule 17a-4(f)(2) and a third-party attestation as set forth in Exchange Act Rule 17a-4(f)(3)(vii) (collectively, ESM Notification Requirements).
FINRA Written Supervisory Procedures - Program Management
2020 - 2020
Led program management of broker/dealer Written Supervisory Procedures aligned with FINRA guidelines. ● Evaluated current state - existing systems, policies, processes and procedures ● Conducted gap analysis - existing rules and guidance vs current processes and procedures ● Developed revised WSP’s and gained stakeholder buy-in ● Promulgated, trained and conducted ongoing evaluation and fine-tuning Three FINRA rules form a regulatory scheme addressing the supervision of firms and their associated persons. These include: ● FINRA Rule 3110 requires a firm to establish and maintain a system to supervise the activities of its associated persons that is reasonably designed to achieve compliance with the applicable securities laws and regulations and FINRA rules. ● FINRA Rule 3120 requires a firm to have a system of supervisory control policies and procedures (SCPs) that tests and verifies a firm's supervisory procedures. ● FINRA Rule 3130 requires a firm to designate and identify to FINRA on Schedule A of Form BD one or more principals to serve as a chief compliance officer (CCO). The rule also requires the firm's chief executive officer(s) (CEO(s)) to certify annually that the firm has in place processes to establish, maintain, review, test and modify policies and procedures reasonably designed to achieve compliance with applicable securities laws and regulations and FINRA rules.
BEX Employee Resource Group - Founding Member
2020 - 2020
Founding member of Robinhood’s BEX Employee Resource Group (ERG). ● Led and implemented the BEX ERG guest speaker series. This included the development of project plans, deliverables, and timelines for execution. This spanned from idea generation to day-to-day hands-on execution of this project ● Supported and provided critical insights to drive the DEI communications strategy in collaboration with HR and the Communications teams and consistently report and highlight DEI initiatives (intranet sites, corporate website, emails, etc.) ● Served as an employee resource group subject matter specialist; supported group initiatives, assisted with planning and group guidelines; developed & monitored metrics ● Represented the company in meetings with internal and external partners, where appropriate ● Continually reviewed current and future diversity, equity, and inclusion trends, progress and goals, identifying strengths, gaps, key drivers, ideas and opportunities for continuous improvement ● Partnered with the People Team stakeholder groups (including talent acquisition, learning and development, communications, and business partners) to develop programs that attract and retain and support actions and for a fair and equitable professional work environment for all Hoodies ● Coordinated and drove global Diversity, Equity and Inclusion (DEI) initiatives directly and through HR team members & business leaders from assessing need, conceptualization, vendor or resource sourcing/ management, implementation, marketing & evaluation
SOC 1: Clearing, Settlement & Custody
2019 - 2020
Led and implemented Robinhood’s first SOC 1 assessment over the Clearing, Settlement & Custody functions. Managed a team of 5 resources. ● Facilitated Clearing, Settlement & Custody internal control examinations in accordance with Service Organization Control (SOC) 1 reports and conducted in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16. ● Led status meetings and liaise with cross functional teams and business unit management to achieve project milestones. ● Reviewed reports and approved changes. ● Managed Robinhood’s SOC 1 audits’ preparatory processes and oversaw the activities, which included managing a body of testing pertaining to the company’s internal controls over internal controls and IT controls. ● Provided leadership and coaching to all of Robinhood’s departments, in addition to ensuring the quality and timely execution of testing that will be relied upon by management. ● Oversaw all audit activities relating to SOC 1 audits ensuring work and deliverables in accordance with agreed upon timeframes and departmental procedures, standards, and protocols. ● Partnered cross-functionally and inter-departmentally to understand the process from an end-to-end perspective and appropriately and effectively communicates with these partners to understand the status for the corporation as a whole. ● Provided technical expertise to direct reports, department, and internal partners, and includes assessing training needs and providing training for the department ● Ensured frequent communication of test and/or audit results and analysis on a timely basis to the appropriate stakeholders and senior management within the audit department. ● Conducted the performance management process for direct reports. ● Determined staffing needs and ensured resources were available to accomplish priorities.
Enterprise Risk Foundation & Development
2019 - 2019
Partnered with the VP of Risk on Enterprise Risk Team foundation and the initial the bottom-up risk assessment ● Supported the development, maintenance, and implementation of Robinhood’s Enterprise Risk function including Policy, Risk Appetite Framework, Enterprise Risk Management Framework and bespoke Risk Management Frameworks ● Performed assessments of Robinhood’s Enterprise Risk Management capability through self-assessments that are kept up to date with industry best practices and regulatory expectations ● Worked directly with various business/functional teams to identify, assess, treat and report risks that may materially impact Robinhood and worked cross-functionally to develop and enhance risk mitigation plans ● Documented company-wide and entity-specific risk appetite statements and tolerances ● Created a risk response program for key risks; evaluate and consult on key risk mitigation strategies ● Applied the risk management methodology to new products, change initiatives, and business developments ● Collaborated to address regulatory inquiries regarding company risks and ERM ● Partnered with the People Team (HR) for recruiting, interviewing and staffing the Enterprise Risk Function
Internal Audit Foundation & Development
2019 - 2019
First hire on the risk team reporting to the VP of Risk ● Developed internal audit mission, vision, charter, documentation templates and hiring plan ● Partnered with the People Team (HR) for recruiting, interviewing and staffing the Internal Audit Function ● Managed co-sourcing partner Protiviti in the execution of the IT General Controls gap assessment and Business Process narrative and flowchart creation ● Monitored & assisted the company with risk management ● Led documentation and development of the company’s internal control framework ● Monitored & tested the company’s operational processes for compliance ● Communicated the role of internal audit to the organization ● Assessed the organization’s risk maturity
Robinhood is a stock brokerage that allows customers to buy and sell stocks, options, ETFs, and cryptocurrencies with zero commission.
Raised $6,234,466,886.00 from Emergent Fidelity Technologies.
Director - Security & Compliance
2015 - 2019
Silver Spring Networks, a subsidiary of Itron, is a provider of smart grid products, headquartered in San Jose, California, with offices in Australia, Singapore, Brazil, and the United Kingdom. Planned and led engagements with independent assessors to earn certifications and attestations important to SSN and Itron customers. Managed global team across multiple time zones: USA, Canada, India, Germany, France. ● Led the creation, implementation, monitoring, and maintenance of information security policies and standards. ● Oversaw and managed the tech risk assessment and security exception processes. ● Evaluated moderate to complex business and technical requirements, and communicated inherent security risks and provide recommendations for mitigating controls to technical and non-technical stakeholders. ● Delivered recommendations and risk interpretations in a clear, concise and audience-specific format. ● Coordinated and executed changes to existing procedures to enhance the risk management life cycle. ● Oversaw deep-dive assessments as assigned and deliver findings, recommendations and remediation steps for all activities. ● Generated awareness for security best practices for both internal stakeholders and external partners. ● Developed and maintained strong working relationships with technical and non-technical teams involved with information security and privacy (Legal, Internal Audit, IT, business teams etc.)
Compliance Technical Program Management
2017 - 2017
● Managed compliance programs, defined milestones and success criteria, resource allocation and successful on-time delivery. ● Identified, assessed, and advised on compliance risks and controls. ● Created and drove programs to tighten the data security and governance over our internal data. ● Coordinated, managed, and facilitated compliance processes to provide timely deliverables. ● Exercised technical judgment in working with large, cross-functional teams, and communicated schedules, priorities, and status to all levels in the company.
Risk Assessment, Relationship Management & 3rd Party Audits
2017 - 2017
Management Risk Assessment ● Executed quarterly management assessment for all technology risks ● Completed quarterly assessment process for all technology risks ● Reviewed risk assessment outputs with the CISO on a quarterly basis Technology Policy Implementation ● Drove implementation of technology policies across the organization Technology Controls ● Developed a clear understanding of all technology controls and became an advisor to control owners on improvement opportunities ● Maintained central view of control owners and responsibility for updating them when attrition / role changes occur ● Educated of control owners as to their role, responsibility and the implications to the company of control failures ● Drove identification and action of management identified control weaknesses ● Reviewed control operation and evidence on a monthly / quarterly basis to ensure that all controls are operating as designed and that scope remains appropriate ● Engaged with Program Managers to advise on control considerations and changes that need to be assessed for all key projects Reporting and Dashboards ● Created a monthly dashboard showcasing the key metrics that allowed Technology Leadership to assess risks, policy compliance, control operations and issues on an ongoing basis. Relationship Management ● Internal: Served as primary relationship manager representing technology with internal stakeholders including Internal Audit, Info Sec, Operational Risk and Compliance teams. ● External: Served as primary relationship manager representing technology with external stakeholders including External Audit and Regulators ● Owned action plans to address open audit and regulatory issues and ensured timely resolution in line with committed remediation plans Coordination of all audits / regulatory reviews ● Created and managed calendar of audit reviews and items that must be completed to satisfy audit requirements ● Managed the collection of audit evidence
Security Compliance
2017 - 2017
● Developed vision and strategy for security compliance which included measurable goals, objectives and metrics. ● Led the security compliance program in line with best practices and leading industry standards. ● Liaised with external auditors and other internal teams to support certification audits. ● Communicated findings with control owners, supported remediation/mitigation discussions to ensure solutions address the finding, and validated remediation/mitigation when completed. ● Found practical solutions to standardize and scale compliance functions, including developing a common controls framework to achieve and maintain compliance with frameworks such as AICPA SOC2, ISO/IEC standards, SOX, NIST and others. ● Identified future standards and regulations that would impact customers. Created roadmaps to achieve and maintain compliance. ● Reviewed and determined effectiveness of internal controls to meet regulations, company policies, and procedures. ● Provided assurance of the operational effectiveness of our compliance controls. ● Collaborated with internal teams and external auditors throughout compliance assessments. ● Subject matter expert of relevant Security Compliance frameworks and provided guidance to teams accordingly ● Hired, coached and managed team members globally.
Cyber Security
2017 - 2017
● Ensured current and anticipated initiatives include appropriate information security measures to protect sensitive information by directing the implementation of the enterprise information assurance/cybersecurity program. ● Authoritatively advised the CTO and CISO to enhance and integrate information system security programs and initiatives across the company through policies, procedures, cybersecurity training, and monitoring tools in accordance with or for the purpose of establishing information security strategy, vision, and goals. ● Regularly apprised the CTO and CISO of risks and new security and compliance requirements. ● Organized, directed and managed customer audits, customer risk assessments and customer questionnaires. ● Worked closely with control owners and stakeholders to gather required documents, and addressed any questions. ● Regularly communicated project status, compliance results and issues to control owners, stakeholders and senior management. ● Interacted with multiple cross functional teams to educate, train and address questions related to process, controls and risk mitigation. ● Built, maintained and updated policies and procedures for compliance certifications and reports such as SOC 1, SOC 2, ISO 27001 and ISO 27002. ● Set a vision, strategy and measurable goals for the company in the information security compliance space. ● Provided leadership and subject matter expertise in identifying solutions for security gaps and challenges. ● Provided oversight and monitoring of security controls implementation. ● Interpreted applicable compliance/regulatory obligations and translate them into action. ● Partnered closely with engineering in controls implementation and with other risk disciplines in shaping them. ● Led a global team responsible for testing control objectives to identify areas of risk. ● Drafted assessments for senior management and other stakeholders.
Program Management
2016 - 2016
● Supported the development of strategy and execution of the roadmap for the Compliance Program. ● Managed multiple interdependent projects of high complexity and broad scope. ● Partnered with cross-functional stakeholders to develop effective processes, policies, controls, and metrics that ensure effective compliance. ● Established the Compliance Program’s governance structures and processes, including maintaining relevant policies and procedures, developing documentation solutions, and liaising with auditors. ● Provided compliance subject matter support and guidance to the business and other stakeholders. ● Influenced and assisted business/process owners to close gaps in their controls and adopt processes that will help grow the business in a compliant manner. ● Led the continuous evolution of the end-to-end Compliance Program, including the framework, all policies and procedures, risk assessments, issue management, and training. ● Based on data and insights, developed and drove tactics to improve the Compliance Program. ● Managed internal/external penetration testing. ● Validated the certifications and security of 3rd party providers.
Technology Compliance
2015 - 2016
● Led and managed global technology compliance. ● Partnered with the rest of the Security team to lead initiatives to drive awareness, adoption, adherence and automated monitoring of those. ● Provided global security compliance Subject Matter Expertise to all business units across the company. ● Ensured successful collaboration and alignment with key business leaders (IT, Security, Engineering, Internal Audit and Legal) for all Technology compliance efforts. ● Executed a continuous compliance monitoring and auditing program with an emphasis on automation. ● Oversaw the management of an organization-wide Information Security policy framework and developed a set of enterprise policies and minimum standards in line with business objectives, laws and regulations. ● Oversaw the exception management process for Information Security policies. ● Ensured that controls are adequate based on laws and regulatory expectations and industry standards (e.g. AICPA, ISO 27001, SOC 1, SOC 2, SOX, NIST etc.) ● Worked with cross-company business operations’ teams to establish and drive across several time horizons (i.e. weekly, quarterly, annually & and multi-year/strategic-planning). ● Oversaw the development of realistic and robust plans to support complex audits and initiatives. ● Designed and implemented reliable and scalable governance gaps assessments to applicable regulations, and industry practices. ● Business performance: drive cadence for prep and reviews for quarterly progress towards achievements, including quarterly communication updates, to multiple levels within the organization. ● Built out and executed upon a technology and security risk management strategy with clear roadmap deliverables. ● Led ongoing remediation activities in relation to audit, compliance, and assessment findings. ● Built effective, trusting business relationships across the organization. ● Partnered with other leaders and functional partners to drive key initiatives.
Vice President
2014 - 2015
Startups, Mobile, E-commerce & Payments (Apple Pay, etc.) I was the first San Francisco Controls Officer reporting to the CIO and led post acquisition integration of startups (Bloomspot.com), and led technology reviews (ITIL, ITGC, etc.) of mobile, e-commerce and payment platforms (Apple Pay, Chase Pay, Chase Net). JPMorgan Chase & Co. is an American multinational banking and financial services holding company headquartered in New York City. It is the largest bank in the United States, and the world's fifth largest bank by total assets, with total assets of US$2.6 trillion. It is a major provider of financial services, and according to Forbes magazine is the world's third largest public company based on a composite ranking. The hedge fund unit of JPMorgan Chase is the second largest hedge fund in the United States.The company was formed in 2000, when Chase Manhattan Corporation merged with J.P. Morgan & Co. The J.P. Morgan brand, historically known as Morgan, is used by the investment banking, asset management, private banking, private wealth management, and treasury & securities services divisions. Fiduciary activity within private banking and private wealth management is done under the aegis of JPMorgan Chase Bank, N.A.—the actual trustee. The Chase brand is used for credit card services in the United States and Canada, the bank's retail banking activities in the United States, and commercial banking. The corporate headquarters is located at 270 Park Avenue in Midtown Manhattan, New York City. The retail and commercial bank is headquartered in Chase Tower, Chicago Loop, Chicago, Illinois, U.S. JPMorgan Chase & Co. is considered to be a universal bank. JPMorgan Chase is one of the Big Four banks of the United States, along with Bank of America, Citigroup, and Wells Fargo. According to Bloomberg, as of October 2011, JPMorgan Chase had surpassed Bank of America as the largest U.S. bank by assets.
Morgan Health is the healthcare investment arm of JPMorgan Chase.
Vice President, IT Audit Director
2007 - 2014
Established and led the Global IT Audit function as the audit department scaled from 3 to 10 employees, as the company scaled from 300 to 1,000 employees, and as revenue scaled from $1 billion to $2.6 billion. ● Developed a risk-based technology infrastructure, security, and general IT audit plan ● Planned and executed audits, consulting engagements, and other influencing activities of infrastructure technologies, security, supporting operations, and processes ● Served as IA’s SME on technology and security related internal controls across IA audit projects and within the organization ● Managed co-sourced service providers while building our internal Technology team ● Seamlessly liaised with external auditors and regulators in connection with walk-throughs and technology audit work ● Presented findings and recommendations to stakeholders and leadership teams ● Secured management action plans for remediation and monitored remediation progress and timeliness ● Performed outreach and maintained collaborative working relationships with partners across engineering, security, corporate IT, finance systems and internal systems ● Participated in enterprise risk assessment activities ● Researched and remained current on new technical literature applicable (e.g., FFIEC, PCAOB guidance, etc.), emerging trends and best practices Endurance Specialty Holdings Ltd. (Endurance Holdings) is a holding company. Japan’s SOMPO Holdings Inc. has agreed to acquire all of the outstanding ordinary shares of Bermuda’s Endurance Specialty Holdings Ltd. for $93 per share in cash. The aggregate consideration is approximately $6.3 billion, which represents approximately a 40.3 percent premium to Endurance’s closing share price on October 3, 2016 and approximately a 41.6 percent premium to the average share price over the last three months. http://www.insurancejournal.com/news/international/2016/10/05/428424.htm
Leadership
2012 - 2014
● Directed the activities of the Internal Audit technology teams to ensure adequate audit coverage is provided to the organization. ● Directed and managed the development, integration and utilization of data analytics within the Internal Audit function ● Proactively assessed the risk of all proposed, new and existing activities related to technology operations. Provided management with recommendations and insights on ways to structurally enhance regulatory and operations controls while balancing business unit objectives ● Met quarterly, or as needed, with business unit Presidents, CFO’s, and technology officers ● Worked closely with the SOX team and divisional CIO’s ● Submitted an annual audit plan using a risk-based audit approach. Incorporated requests of management, Audit Committee/Board, and external auditors. Informed appropriate parties on a timely basis of changes to audit plan. Evaluated the internal control environment to ensure appropriate controls and processes are in place and functioning as intended ● In conjunction with managers, ensured adequate staff with appropriate resources exist to perform audits in accordance with professional standards. Ensured proper training and development of audit staff. ● Oversaw the management of the team’s use of external auditors, contractors or other experts as partners when appropriate ● Evaluated and reviewed the significance of audit findings, recommendations and corrective action with appropriate levels of management and executives. Participated in due diligence activities at the request of management ● Ensured key metrics were reported on an as needed basis, presenting financial information and working on special projects as requested ● Consistently demonstrated the ability to lead and influence a team through a positive and supportive approach, while driving compliance to financial policies and holding team members accountable for performance expectations.
Coaching, Workpaper Review, Performance Evaluations, Reporting
2011 - 2011
● Maintained business relationships with appropriate levels of IT management to ensure that Audit is aware of changes in business activities and objectives, and a necessary Audit response was developed as needed. ● Interacted with the senior technology client leaders and the Audit Leadership Team to offer consultation and ensure quality control of Audit Department practices. ● Coordinated and led the execution of selected complex projects. ● Provided ongoing coaching to Audit professionals of various levels and experience. ● Prepared performance evaluations for auditors. ● Prepared/approved the audit scope, work program, and testing plan for each IT audit assignment. ● During each audit, provided day-to-day and on-site support to ensure quality of IT Audit services provided. ● Provided direction to IT auditors to ensure that audits are performed in accordance with department and professional standards. ● Reviewed audit work papers. ● Reviewed draft audit findings, and ensure issues are appropriately vetted and constructed given the circumstances. ● Provided reports to managers on the effectiveness of their business unit's internal control structure along with recommendations that improve the effectiveness and/or efficiency of a control or process. ● Evaluated the adequacy and timeliness of management's response and the corrective action taken on all significant weaknesses noted in the reports. ● Coordinated with other risk management functions and Independent Public Accountants to minimize duplication of effort and to ensure that issues raised as a result of their reviews are appropriately addressed.
Communication, Business Consulting & Advisory
2010 - 2010
Communication & Key Relationships ● Communicated overall planning, recommendations, findings and strategic direction to the Audit Committee of the Board of Directors. ● Conferred with management to review audit plans, audit results, and recommendations to resolve audit findings. ● Coordinated the department’s work with the external auditors, identifying opportunities to leverage internal audit activities and streamline the external audit process. ● Partnered with Legal and Human Resources leadership in internal investigations and remediation. Business Consulting & Advisory ● Proactively engaged with key stakeholders in defining control and IT risks related to major corporate initiatives. ● Advised departments on implementation of new systems, procedures, and internal controls. ● Maintained industry specific knowledge appropriate to the evaluation of technology controls and operational risk in the business.
Leadership, Cross Functional Collaboration, Control Rationalization
2009 - 2009
● Led the development and implementation of the IT audit strategy and IT audit annual plan. ● Planned and conducted audits to assess IT controls, operational and technical efficiencies and compliance with selected policies, procedures and regulations. ● Drove IT SOX implementation, project planning, process documentation, development of test plans, testing of internal controls, identification of gaps, remediation of weaknesses and implementation of process improvements. ● Reviewed reporting processes and regulatory controls (new accounting standards, public company standards) ● Kept abreast of legislative issues, new audit regulations / trends and appropriate audit direction / methodology. ● Partnered with the legal and finance teams to ensure a proper framework to track global compliance requirements and to assure compliance with those requirements. ● Identified instances of excess or inadequate control and provide management with a clear articulation of residual risks where existing controls are inadequate. ● Provide an objective and evidence-based annual opinion on the adequacy and effectiveness of all aspects of technology governance, risk management and IT controls. ● Prepared and presented internal audit reports for the Audit Committee and the Board. ● Provided advice on proposed developments such as major new systems and proposed initiatives, to help ensure risks are properly identified and evaluated, and appropriate controls built in. ● Evaluated processes, controls and design risk mitigation strategies for enterprise acquisitions.
Strategy, Relationship Management, IT Audit Planning
2008 - 2008
● Provided strategic direction and contributed to the continuous improvement of the IT audit function, including the implementation of leading practices and tooling. ● Built strong relationships with key business partners across the entire company. ● Developed the annual IT audit plan to address technology risks and compliance requirements. ● Executed on the IT audit plan through planning, conducting, and reporting on audits. ● Identified and communicated high impact improvement opportunities/recommendations and managed issues through remediation tracking process. ● Reported on the status and results of the IT audit plan to management and the Audit Committee. ● Managed and developed a team of audit professionals to execute audits and projects, providing direction and ongoing coaching and development ● Worked closely and negotiated with external auditors to set reasonable expectations and facilitated audits.
Board Reporting, IT Risk Assessment, IT SOX
2007 - 2007
● Communicated regularly and directly with the Board (Audit Committee), CFO, General Counsel, and other Executives. ● Led the annual IT SOX 404 mapping, risk assessment and scoping process by identifying significant locations and critical processes and ensure an adequate scope and testing of financial statement based risks. ● Participated in establishing an Enterprise Risk Assessment process and developed and executed a dynamic IT audit plan to address high risk areas. ● Managed co-sourced consultants and optimize their engagement according to budget. Acted as the lead in the scoping, budgeting, tracking of budget versus actuals and status reporting as needed. ● Critically evaluated current set of in scope controls and recommended ways to rationalize and optimize controls through automation. ● Acted as the “go-to” person for technology controls within the organization. ● Liaised with the external auditors and proactively coordinated the IT SOX and other audit related matters to ensure, amongst other things, reliance by External Auditors on Management’s testing, coordination of the PBC request process to minimize impact to the business and alignment of testing results. ● Performed other tasks and projects as assigned in support of internal audit team and corporate objectives such as business process improvements, planning and execution of operational audit projects.