Jennifer Bond

Sarbanes-Oxley IT Auditor / IT Audit Manager

jennifer at jenniferbond dot com

(I’m sorry for the above cryptic email address however it is necessary due to the high amount of spam I get from automated web crawlers)

Please note, the positions listed below were contract/consulting positions and as such, most were short in nature. This in no way reflects the client’s satisfaction with my work as is indicated by the fact that several have retained my services numerous times. Upon request, excellent references are available for these positions.

SUMMARY:

• Extensive knowledge in Information Systems, Systems Architecture, Network Security and Corporate Governance audits. Experience includes Sarbanes-Oxley, (Multilateral Instrument) MI 52-109, Bill-198 (Canada) internal IT audit, audit management, and audit findings remediation.
• Extensive experience in implementation of the COSO and COBIT frameworks, auditing of General Computing Controls (GCC), Change Management (CM), Software Development Life Cycle (SDLC), entity-level controls, physical security (including data center security, physical and environmental) controls, disaster recovery, Segregation of Duties (SOD) etc.
• Experience finding creative and effective (while at the same time maintaining the integrity of the control) solutions for client’s remediation work in both Design Effectiveness (DE) as well as Operating Effectiveness (OE).
• Dual Canadian/American citizen (born in Canada), with extensive multi-national travel and protocol experience. Possess extensive global Sarbanes-Oxley experience having worked on/or-managed engagements in the United Kingdom, European Union, Australia, United States of America (USA), Canada, and France.

EXPERIENCE:

08/2006 – Current
Boeing Airplane Company

Seattle, WA USA
Sarbanes-Oxley and CMMI Macroscope Process Architect (Boeing Employee)

• Very similar to Boeing contract shown below in 2004.
• Successfully brought into compliance, an enterprise-wide Supply Chain Management software system that was brought into scope very late in the year. Worked with business unit managers to determine risk, draft new controls and assist with Design Effectiveness and Operational Effectiveness testing of same controls. My work was instrumental in the success of this application coming into compliance as stated in a reference letter, which I can provide.
• Performed extensive use of Risk Navigator, status reporting, metrics updating, remediation and SOX knowledge transfer to the Boeing Business Units.
• Specialized in remediation and acted in a role as SOX Subject Matter Expert within the Boeing Airplane Company Sarbanes-Oxley Audit business unit.
• Authored “Segregation of Duties” (SOD) whitepaper/guidance used as a standard model to enterprise-wide Boeing IT. Provided training to several Business Units on effective implementation of this SOD deliverable.

07/2006 – 08/2006
Cantor Fitzgerald (BGC, eSpeed)
London, England (Canary Wharf)
Sarbanes-Oxley IT GCC Internal Audit Engagement Manager (short contract engagement)

• Short project to assist Cantor Fitzgerald with Sarbanes-Oxley compliance at their London, England location. Regularly interacted with Cantor Fitzgerald executive management and internal and external auditors to convey findings identified through walkthroughs and testing, assessed the risk and impact of deficiencies, and made recommendations for remediation.
• Acted in the role of “IT General Computing Controls Audit Manager” to plan engagement work (scoping), define needed information, track status and minimize schedule slippage.
• Planned and executed technical and general computer IT audits, systems development/conversion reviews, and business process/applications controls reviews, and supported non-audit consulting engagements. Managed and provided leadership to audit team. Performed in-depth IT control assessments, documented test requirements, and suggested remediation alternatives where required.
• Acted in QA (Quality Assurance) role of work papers, audit findings and remediation recommendations.
• Participated in new system/application selection, development (SDLC), and implementation to ensure project and implementation risks and controls are in place and provided value added recommendations to ensure new systems met Sarbanes-Oxley control requirements.

07/2005 – 11/2005
Intel Corporation
Folsom, California USA
Sarbanes-Oxley IT Internal Auditor / QA Audit Lead / Project Manager (contract engagement)

• Acted in role of Project Manager to plan engagement work, define needed information, track status and minimize schedule slippage. Acted as mentor to a staff of approx. 20 junior Auditors.
• Planned and executed technical and general computer IT audits, systems, development/conversion reviews, and business process/applications controls reviews.
• Acted in QA (Quality Assurance) role of work papers, audit findings and remediation recommendations.
• Conducted Sarbanes-Oxley training to Auditors new to Sarbanes-Oxley and the Intel Corporation.

03/2005 – 04/2005

Honeywell Aerospace Corporation

Tempe, Arizona USA

Sarbanes-Oxley SAP Financials Internal Auditor (contract engagement)

• Performed process mapping & documentation of key processes. Conducted process walk-through and risk identification in each process. Verified application and configuration controls in SAP system. Performed segregation of duties and user authorizations validation.
• Explored and recommended remediation of deficiencies in control design & effectiveness. Assisted with remediation of design gaps and their documentation. Assisted client in assuring controls and assessing risk management systems by incorporating control assurance into the audit process.
• Offered a broad continuum of services that identified, documented flows, mapped legacy flows to SAP Sarbanes-Oxley environment, developed and tested internal controls and policies.

01/2005 – 03/2005
EaglePicher Corporation

Phoenix, Arizona USA
Sarbanes-Oxley IT Internal Auditor (contract engagement)

• Performed project planning and management of Sarbanes-Oxley IT compliance efforts. Identified issues, which impacted the reliability of IT infrastructure.
• Lead collaborative efforts in performing an assessment of current IT compliance state and gap analysis including survey and/or interviewing activity with different IT environments (e.g.: Windows 2000/XP Server team, HP-UX team, SQL Server, 802.11 Wireless) and business users/divisions.
• Assisted in the development of process and procedure documentation (process narratives, policies, procedures and flowcharts) based on COBIT framework for Sarbanes-Oxley compliance.
• Identified and analyzed risks & suggested opportunities to strengthen IT internal controls.

12/2004 – 1/2005

Nation Smith Hermes Diamond
San Diego, California USA
Senior Sarbanes-Oxley IT Auditor (contract engagement)

• Brought onto engagement in "SOX SWAT" type role to assist with late starting project. Worked extensive overtime in order to bring this engagement to a successful completion by January 1 2005.
• Performed complex evaluation of Excel documents to expose material weaknesses to company financials, assisted with remediation of issues found. Recommended and implemented countermeasures to immediately reduce the risk exposure and provided longer-term architecture security recommendations.
• Assisted with Sarbanes-Oxley audit management, performed activities necessary to develop and present a complete analysis of internal control issue(s) to the Special SOX Compliance and Tax Officer, Disclosure Committee and Audit Committee. Assisted with SOX change management, evaluated, documented additions to, and changes in internal controls relating to SOX.

10/2004 – 12/2004

Landers International
Vancouver, BC Canada, Paris, France, and London, England
Senior Sarbanes-Oxley Internal IT Auditor (contract engagement)

• Acting in the role of a Sarbanes-Oxley SME (Subject Matter Expert) / Auditor traveled to Vancouver BC, Paris France, and London England to perform risk assessments, write process narratives, audit test plans, work papers, remediation documents and other related required documents.
• Acted in role of Senior SOX Internal Auditor in risk acceptance testing of systems included SOX critical financial database servers, PeopleSoft ERM servers, and workstations for a multinational corporation.
• Worked with business users to research and document SOX key controls, classify their risk to the company and effectively write required documentation and test plans.
• Educated internal business users, owners, focals and management staff on any deficiencies and remediation required.
• Performed extensive Sarbanes-Oxley IT Design Effectiveness and Operational Effectiveness testing, documentation and remediation.

09/2004 – 10/2004

Boeing Airplane Company

Renton, Washington and Huntington Beach, California USA

Sarbanes-Oxley 404 Internal Auditor (IT/Finance) (contract engagement)

• Performed testing of controls with external auditor (Deloitte & Touche LLP) and internal auditor (Jefferson Wells) to certify compliance with SOX section 404.
• Due to Boeing Commercial Airplane Group’s satisfaction with my work, I was asked to travel to Huntington Beach to assist with critical work for the Boeing Defense and Space group. I performed work at that location and brought to the attention of management several issues that were of critical importance, saving the company from extensive added expense and improper findings that were being raised.
• Created audit plans to assess compliance of functional financial operations.
• Worked with external consultants assisting in documentation and testing, reviewed and assessed documentation, and implemented Risk Navigator software.

06/2004 – 09/2004

AT&T Wireless

Bothell, Washington USA

Sarbanes-Oxley 404 Internal Auditor (IT/Network Security) (contract engagement)

• Documented and tested policies and procedures required for Sarbanes-Oxley compliance.
• Worked with Management to determine requirements for Sarbanes-Oxley compliance in a Network Security Architecture.
• Identified appropriate audit and control standards for AT&T Wireless Network Services.
• Identified the key AT&T Wireless Network Services assets that are critical to the company’s financial operations. Authored and updated network security policy documents.
• Evaluated procurement of Intrusion Detection System, network and host based sensors, and Snort, Protocol Analysis. Performed security log correlation and analysis, (Syslog, Firewall, Application, Tripwire etc).
• Assisted with the development of security standards, policies and procedures, security tools and controls (Arcsight IDS, etc), and the evaluation of new security software and systems.

02/2004 – 05/2004

Microsoft Corporation

Redmond, Washington USA

MSN Global Network Operations Center (NOC) Systems Engineer (contract assignment)

• Successfully resolved hardware, software, connectivity, statistical, and other technical issues surrounding the MSN DSL and narrowband services offered by Microsoft. Created tools and documentation in order to reduce costs and overhead in providing both DSL and narrowband service to partner companies (Qwest, Level3, Sprint, MCI etc).
• Performed Quality Assurance testing of various stages of the MSN experience; including sign up as well as ongoing user experience and improvements. Reported issues to development team, performed regression testing of various builds of the application software. Creation of how to documentation for training staff on internal and external tools. MSN executive escalations, working issues escalated from the VP level and above.
• Provide leadership role to fellow team members on improving customer satisfaction and loyalty

01/2002 – 01/2004

Bond Consulting Services, NW-K9 Vests

Kirkland, Washington USA and Sydney, NSW Australia

Various projects and work in an unrelated field (Law Enforcement) (contract positions)

• Moved to Sydney Australia for period of time to assist in new business venture.
• Worked for local (Washington State) Law Enforcement agency in an unrelated role.
• Established non-profit foundation providing ballistic vests to Washington State Law Enforcement K-9 units.

01/2001 – 12/2001

Boeing Airplane Company

Renton, Washington USA

Computing Infrastructure Management, Software Systems Architect (contract position)

• Performed comprehensive architecture design activities from definitions of conceptual, functional, and performance requirements through final system verification and development. Influenced technology direction, advanced the state of the art, and developed system and architecture design methods and tools that enable the integration of complex hardware and software systems.
• Represented Boeing teams enterprise-wide for the architecture, design, and deployment of desktop and server systems. Investigated hardware and software products for potential implementation and initial product testing with various Boeing technology groups.
• Delivered on time and under budget, complex software systems engineering and architecture design methods, processes, tools, and techniques to analyze computing systems, technology, and process integration requirements across multiple applications.
• Managed and provided leadership over File-Share/Resource, Client-Server Application, Web Application, Database Server and Multi-Tier requests and requirements for BCAG customer’s enterprise

02/2000 – 01/2001

Compaq Computer Corporation

Bellevue, Washington USA

Software Systems Engineer IIS/SQL Server Subject Matter Expert

• Performed Intranet Webmaster/Intranet, Internet Development work, testing (Usability of the GUI and Stress) on internal and external Web sites.
• Oversaw Intranet architecture for large site providing information worldwide. Sole Architect for new global Intranet site, coded, tested and managed user permissions, performed server administration, performed web analysis. Established standards for development. Instructed new developers on proper coding syntax. Created graphics used on site, wrote documentation, acted as focal for technical and programming questions.
• Oversaw web server upgrade projects, provided expertise, planning and supported various web application projects. Coordinated the integration, performed trouble-shooting, and administered systems used as part of the software development policy for release to Microsoft for build into the latest version of the Windows operating system.

10/1999 – 02/2000

Esterline Technologies

Seattle, Washington USA

PeopleSoft/SQL Server DBA, NT System Administrator (contract position)

• SQL Server 6.5, 7.0 DBA for PeopleSoft HRMS system that served 14 corporations worldwide. Responsible for performing, loading, and testing PeopleSoft upgrades including patches/fixes, installation, configuration and monitoring of Application Servers on Windows NT with multiple domains, Tuxedo, PS Web Servers, Batch servers and architecture security.
• Represented the IT department on the company’s outsourcing team. Evaluated each target company’s IT infrastructure compatibility, operations, security, applications and planned the integration of these into the company’s daily operations. Attended and lead meetings and provided feedback on quotes given by vendors for outsourcing system to an ASP. Negotiated outsourcing fees for seamless transition to vendor.

07/1999 – 10/1999

Boeing Airplane Company

Renton, Washington USA

Senior Software Systems Analyst, PDM Software Development Life Cycle (contract position)

• Facilitated work groups to produce Interface Control Documents and P+ Deliverables that specified the design of the interfaces and system operation. Performed analysis on User Requirements/Business Rules and coordinated implementation of requirements to development team.
• Managed the analysis and integration of business requirements into the Interface Control Documents and P+ Deliverables in a manner that is compliant with architectural guidelines and technical constraints. Managed the changes to the interface designs and documentation so that changes to the information systems are implemented in a coordinated fashion and in accordance with the program schedule and cost constraints.
• Developed and documented methodologies to improve manufacturing and business processes, integrated manufacturing systems with “Product Data Manager” (PDM) and web applications.

04/1999 – 07/1999

Microsoft Corporation

Issaquah, Washington USA

Software Design Engineer/Y2K Test Lead (contract position)

• Delegated creation and implementation of Y2K tests and test tools for the internal “Microsoft Sales” application.
• Supervised a team of 5 testers responsible for testing Y2K compliance on “Windows NT”, “SQL Server”, and “Internet Information Server”. Responsible for maintaining and executing test cases including scripting languages (VBScript and JavaScript), ASP objects, and SQL stored procedures against very large size SQL databases. Oversaw the development and operation of an automated

02/1999 – 04/1999

Hewlett Packard/Jabil Circuit

Boise, Idaho USA

Software/Hardware Systems Analyst (contract position)

• Assisted in user hardware and software problems. Installed software and instructed end users on its use. Assembled, upgraded and repaired client workstations. Provided expertise on Web development, Access database and other support related issues.
• Performed Unit, Integration, Load, Stress, Link, Security, HTML Validation, Reliability, Regression, Server Log and Java Applet tests for Web and Intranet.
• Manual and Automated GUI and Client Server Testing. Wrote Test Plans, Test Scripts and Test Cases Development. Tested Y2K projects (Baseline, Roll Over, Current Date and Y2K Compliance). Performed Unit, Integration, System and Regression testing for various GUI applications. Functional and Structural testing (Black Box and White Box). Prepared Test Result analysis and Problem Report.

06/1998 – 10/1998

Nobeltec Software

Issaquah, Washington USA

Internet/Intranet Developer, NT, IIS, Exchange Systems Administrator (contract position)

• Developed content for and managed Intranet and Internet servers, developed content, enhanced functionality, maintained security, and performance of the NT and web servers. Performed day-to-day administration of NT network consisting of 5 NT servers hosting “Microsoft Exchange” e-mail, “Internet Information Server”, “SQL Server” as well as various file shares and applications. (Created user accounts, e-mail accounts, shares etc.).
• Functionality and reliability testing of database server communications channel software over mixed PC LANs. Set-up of Ethernet based test network. Modification of shell scripts to run automated tests in a PC environment.
• Worked with software engineer to identify and fix anomalies; wrote anomaly and status reports; reviewed user documentation; created documentation for PC-based tests.

05/1997 – 01/1998

Boeing Airplane Company

Renton, Washington USA

Business Systems Software Analyst, Intranet/Extranet Technologies (contract position)

• Used DMR Consulting P+ (now called Macroscope) to document “Software Development Life Cycle”
• Designed, developed and deployed a secure company wide Intranet based Client-Server messaging system. Blueprinted the overall look and feel of the site for which there were no examples or guidelines. Investigated competing browser technologies and how they may impact the effective use of the application from a security and usability standpoint.
• Managed, architected and developed the first-generation revenue-generating systems for Boeing. This included the design of an Internet commerce system, capable of providing a secure environment in which senior management could discuss company sensitive information regarding customers and competitors. Additional projects included a community membership system that tracked user preferences and captured user demographic information. Systems were built using HTML/ASP/IIS/SQL.

03/1996 – 04/1997

Microsoft Corporation

Redmond, Washington USA

Software Design Engineer/ Software Test Engineer, Intranet Developer, Webmaster (contract position)

• As member of the Internet Platforms and Tools Division, evangelized “Internet Explorer” testing and development projects using pseudo ISP test environment.
• Researched and developed a new Intranet presence showcasing the various teams in the "Applications and Internet Client Group" (AICG, formerly “Internet Platforms and Tools Division”) of Microsoft.

REFERENCE LETTER’S:

The below letters of reference, from managers at both Boeing Airplane Company and Intel Corporation (2 different managers) are a sampling of several that are available for review. Contact information, which has been removed here for confidentiality reasons, can be provided as well.

Dear Ms. ****:

Jennifer Bond worked with my group for several months helping us prepare for a SOx audit. She was a contractor with the Jefferson Wells firm that Boeing hired.

The product my group develops was brought into SOx scope very late in the year which required us to do a years worth of preparation for audits in only a few months. Jennifer was assigned to us as an adviser, a facilitator, and a contributor to our processes. Without her knowledge, skill, and dedication we would never have met our goal.

She consistently produced large volumes of high quality work. The advice and recommendations she offered were well considered, clearly based on extensive experience, and in our audits proved to be right on target.

Jennifer would be an asset to any endeavor. I highly recommend her. I was saddened to see her engagement with us end, and I hope to work with her again someday.

If you have any questions or need additional information, please feel free to call me on my cell at 206 ***-****.

Thanks!
*****

To Whom It May Concern,

Jennifer Bond was part of our contingent workforce hired as part of the IT Internal Audit Department at Intel Corporation, of which I was the manager, to assist with the Sarbanes Oxley testing of controls for 2005. Jennifer participated in the capacity of an IT Auditor; satisfactorily performing technical controls testing, QA and project mgmt activities for the IT Audit group. Her contract engagement with Intel Corporation was initiated in 7/2005 and terminated in 10/2005 when the project was downsizing as it was nearing its completion.

Thank you.
****

**** * *****
IT Audit Manager
Internal Audit
Intel Corporation
916-***-****
****.****@intel.com

To Whom It May Concern:

Jennifer Bond worked as a Senior IT SOX Auditor under my direction (as the Senior IT Audit Manager for Intel Corporation) during the 2005 IT SOX project. She was a full-time contractor acting in this capacity from July 2005 through October 2005. Her work was instrumental to the project’s success (especially within the IT Infrastructure and security areas) and her work terminated during the 4th quarter 2005 after the most significant portions of the project were completed.

Best wishes for continued success.
*****

***** *. *******
IT Audit Manager
Internal Audit
Intel Corporation
(916) ***-****
*****.*******@intel.com