ÒCertified Information Systems AuditorÓ
E-mail: Jennifer at jenniferbond dot com
Linkedin Profile: https://www.linkedin.com/in/jenniferbond/
Experienced in Information Systems, Systems Architecture, Network Security and Corporate Governance audits. This includes Sarbanes-Oxley, (Multilateral Instrument) MI 52-109, Bill-198 (Canada) Internal IT Audit, IT audit management, and audit findings remediation. Extensive experience in over all GRC and Corporate Governance in the Finance/IT/Enterprise space. Passionate about working with team members to foster a mindset of compliance in day to day duties, successfully pass audits by presenting clear and concise evidence, evidentiary testimony and collaborative training on what to say and not to say whilst in an audit.
Several years of experience dealing with remediation of external audit findings and implementation of complex solutions to mitigate control deficiencies. Specialized in, and experienced in, global solutions to complex IT audit risk issues. Bringing solutions to audit, not just findings. Proudly providing remediation solutions, not just talk. Together with the client, working as a team, solving the issues and enforcing those solutions when under pressure from external audit. Proven track record pushing back and getting wins, in your corner.
Implementation of the COSO and COBIT frameworks, auditing of General Computing Controls (GCC), Change Management (CM), Software Development Life Cycle (SDLC), System Security (including both physical and logical access), entity-level controls, physical security (including data center physical security and environmental) controls, Disaster Recovery (DR), Segregation of Duties (SOD), etc.
Proven history of savings to the clients/employers in the 6-figure ranged due to my ability to determine solutions to complex deficiency findings and push back when appropriate to have those findings overturned by the implementation of technical solutions which while maintaining the integrity of the controls, reduce both the financial and employee workload of those tasked to perform those controls.
Broad range of experience in various industries and technologies ranging from Wireless (AT&T) up to Aerospace (Boeing), Finance (Cantor-Fitzgerald) and experience and comfortable working alongside all big 4 agencies.
á IT Audit
á Corporate Governance
á Risk Mitigation
á Bill 198
á Control Deficiency Remediation
á Fujitsu Macroscope
á P+ (Productivity Plus)
á Process Improvement
á Business Continuity
á Software Documentation
á Risk Management
á Program Management
á Risk Assessment
á Information Technology
á Change Management
Manager, IT Risk & Compliance (Employee) 11/2016 – 05/2017
Las Vegas, NV USA
IT Risk & Compliance Duties
á Determined the strategic first line of defense IT Governance, Risk, and Compliance direction that is aligned with corporate business objectives and regulatory requirements.
á Provided services, consultation, leadership and subject matter expertise to Allegiant businesses and functions on Information Technology related matters.
á Reviewed, designed and developed IT operational processes, risks, standards, controls and procedures, utilizing current and new technologies to improve technology controls and business performance.
Sarbanes-Oxley IT Audit Manager Duties
á Streamlined SOX documentation, eliminating 75% of process detail. Crucial Allegiant/KPMG deadlines had to be met. Updated test data. Analyzed and reduced unnecessary audit controls. Eliminated nonessential process detail and delivered audit with no errors. Streamlined multi-million dollar domestic airline business revenue streams.
á Managed KPMG relationship with internal control owners and C-suite executives in regards to the IT Audit workload.
á Reduced Allegiant external audit fees substantially. Reduced Control Performer workload by hundreds of hours. Implemented Audit training program. Worked with many different departments and processes to bring everyone current, improve SOX compliance guidelines and reporting. Upgraded internal functions and testing. External auditors spent less time reviewing, saving $10Õs of thousands annually.
á Managed successful SOX migration to new airline booking/invoicing system. Trained numerous process owners on the new system. Resolved all technical software issues. Completed migration with no data errors, corruption, or deletions, meeting deadline.
Information Technology Risk Management & RCSA
á Managed and matured information technology risk management processes, programs and strategies. Aligned information technology activities with COBIT, NIST, PCI, and SOX, and FAA regulatory requirements and internal governing enterprise risk management policies.
á Identified technology gaps and deficiencies by conducting risk assessments; recommended corrective action of identified control weaknesses. Lead the planning, testing, tracking, remediation, and risk acceptance for identified technology risks.
á Ensured adequate compliance resources and training, fostering a risk and compliance focused culture and optimizing relations with corporate compliance members and regulators. Escalated pertinent findings in a timely manner.
á Directed the activities of staff in accomplishing corporate business objectives. Set priorities, provided guidance, secured resources, interfaces with peers and senior leadership and communicated effectively at all levels.
á Recruited, hired, and maintained high-performance teams within the risk organization to successfully address risk identification, assessment, measurement, mitigation, aggregation and reporting. Proactively fostered the development of all team members.
á Promoted implementation of new technology, solutions and methods to improve business processes, quality, efficiency, effectiveness and value delivered to customers.
á Managed operational and technology design documentation including procedures, task lists, and systems documentation. Drove improvement via stand-up boards to drive accountability and timely completion.
á Managed issue management activities and monitored remediation plans. Ensured the clear and professional documentation of root cause and risk analysis of all findings.
á Authored, reviewed and managed action plans for issue resolution.
Subject Matter Expertise
á Provided oversight as information technology GRC subject matter expert to business areas, project teams and vendors to apply and execute appropriate application of controls in compliance with policies and standards.
á Collaborated with cross-functional stakeholders (e.g., leaders within IT, Legal, Audit, HR, and Risk Management) to help develop a consistent process for identifying, developing, and implementing controls to address information technology risks. Leveraged Subject Matter Expert experience for regulatory requirement guidance and training.
á Continually work to enhance breadth and depth of knowledge and experience. Benchmarks technology governance, risk and compliance practices. Monitored and anticipated trends and investigated organizational objectives and needs.
á Reported to applicable Management Committee(s)/C-Suite executives regarding the technology and operations risks (i.e. internal and external), results and remediation to mitigate applicable risks. Facilitated the completion of effective regulatory examinations and audit reviews of information risks, when required. Escalated emerging risks, non-compliance with policies/standards/controls, policy exceptions and risk tolerance breaches in a timely manner.
Law Enforcement Related Position (Employee) 08/2013 – 09/2016
Royal Canadian Mounted Police (RCMP)
á Obtained Security Clearance from a Federal Law Enforcement Agency.
á Took and passed (recommend for hire) exhaustive pre-employment background check and polygraph.
á Not permitted to discuss specific details of engagement.
Sarbanes-Oxley IT Auditor, Process Architect (Supply Chain) 08/2006 - 12/2006 & 11/2007 - 08/2013
Boeing Airplane Company
Seattle, WA USA
á Boeing Enterprise Supplier Tool (BEST) (Consultant and Boeing employee)
á (Contract engagement then on 2/2008 I, accepted/rolled over into a permanent Boeing position)
á Directed activities to define, deploy, evaluate and support common computing standards, CMMI, IT processes, tools and process/performance metrics.
á Acted as advocate for business unit in all external audit experiences, acting as pseudo legal counsel to back up any unfounded findings by External Audit, have had numerous control deficiencies overturned by my ability to document the justification for the existing system or the existing control architecture. This work by myself saved Boeing Airplane Corporation several hundred thousand dollars in mitigating the need for a 3rd party SDLD system that Deloitte insisted we put into place until my documentation and business case led to the overturning of their own findings by Deloitte management.
á Proven/documented record having been able to have deficiencies found by one of Deloitte & Touche External Auditors overturned by their high-level Management after review of the extensive business case justification that I wrote for their Auditor finding the control deficient. My ability to talk through this unjust finding and have it overturned saved Boeing tens of thousands of dollars in unnecessary code change and rework.
á Performed documentation and design of controls for the Boeing Enterprise Supplier Tool (BEST) Supply Chain application. Participated in audits and performed continuous control monitoring via Self Assessments (Scheduling, participating, and updating Risk Navigator/GRC).
á Analyzed test rating results (from both Corporate Audit and Deloitte & Touche) and initiate escalation as appropriate. Reviewed proposed control changes to determine whether requests require Change Board approval or not. Identified qualitative and quantitative improvement measures. Advised on the selection of key parameters and standards to monitor progress for SCMS Boeing Enterprise Supplier Tool.
á Coordinated Corporate Audit and Deloitte & Touche testing with control performers. Acted as a Sarbanes-Oxley (SOX) Subject Matter Expert by partnering with the Q&C SOX technical experts in the transfer of knowledge to Identify opportunities for improvement. Audited internal controls using the COSO/COBIT framework while providing assurance of the control design and operating effectiveness. Developed detailed test plans using a risk-based approach that link business risks to key controls.
á Authored ÒSegregation of DutiesÓ (SOD) white paper/guidance used as a standard model to enterprise-wide Boeing IT. Provided training to several Business Units on effective implementation of this SOD deliverable.
Sarbanes-Oxley IT GCC Internal Audit Engagement Manager (Consultant) 07/2006 – 08/2006
Cantor Fitzgerald (BGC, eSpeed)
London, England (Canary Wharf)
á Short project to assist Cantor Fitzgerald with Sarbanes-Oxley compliance at their London, England location. Performed in-depth IT control assessments, documented test requirements, and suggested remediation alternatives where required.
á Managed and provided leadership to audit team. Conducted Sarbanes-Oxley training for auditors new to Sarbanes-Oxley and the Cantor Fitzgerald group of companies. Tracked all scoping, documentation and testing at the control-per-system level and minimized any slippage in testing, documenting or remediation.
Sarbanes-Oxley SAP Financials Internal Auditor (Consultant) 03/2005 – 04/2005
Tempe, Arizona USA
Honeywell Aerospace Corporation
á Performed process mapping & documentation of key processes. Conducted process walk-through and risk identification in each process. Verified application and configuration controls in SAP system. Performed segregation of duties and user authorizations validation.
á Explored and recommended remediation of deficiencies in control design & effectiveness. Assisted with remediation of design gaps and their documentation. Assisted client in assuring controls and assessing risk management systems by incorporating control assurance into the audit process.
Sarbanes-Oxley IT Internal Audit Lead (Consultant) 07/2005 – 11/2005
Folsom, California USA
á Acted in role of Project Manager to plan engagement work, define needed information, track status and minimize schedule slippage. Acted as mentor to a staff of approx. 20 junior Auditors. Planned and executed technical and general computer IT audits, systems, development/conversion reviews, and business process/applications controls reviews.
á Acted in QA (Quality Assurance) role of work papers, audit findings and remediation recommendations. Conducted Sarbanes-Oxley training to Auditors new to Sarbanes-Oxley and the Intel Corporation.
Sarbanes-Oxley IT Internal Auditor (Consultant) 01/2005 – 03/2005
Phoenix, Arizona USA
á Performed project planning and management of Sarbanes-Oxley IT compliance efforts. Identified issues, which impacted the reliability of IT infrastructure.
á Lead collaborative efforts in performing an assessment of current IT compliance state and gap analysis including survey and/or interviewing activity with different IT environments (e.g.:
á Windows 2000/XP Server team, HP-UX team, SQL Server, 802.11 Wireless) and business users/divisions.
á Assisted in the development of process and procedure documentation (process narratives, policies, procedures and flowcharts) based on COBIT framework for Sarbanes-Oxley compliance. Identified and analyzed risks & suggested opportunities to strengthen IT internal controls.
Senior Sarbanes-Oxley IT Auditor (Consultant) 12/2004 – 1/2005
San Diego, California USA
á Performed complex evaluation of Excel documents to expose material weaknesses to company financials, assisted with remediation of issues found. Recommended and implemented countermeasures to immediately reduce the risk exposure and provided longer-term architecture security recommendations.
á Assisted with Sarbanes-Oxley audit management, performed activities necessary to develop and present a complete analysis of internal control issue(s) to the Special SOX Compliance and Tax Officer, Disclosure Committee and Audit Committee. Assisted with SOX change management, evaluated, documented additions to, and changes in internal controls relating to SOX.
Senior Sarbanes-Oxley Internal IT Auditor (Consultant) 10/2004 – 12/2004
Vancouver, BC Canada, Paris, France, and Maidenhead, England
á Acting in the role of a Sarbanes-Oxley IT Audit Manager, performed risk assessments, wrote process narratives, audit test plans, wrote work papers, remediation documents and other required documents.
á Acted in role of Senior SOX Internal Auditor in risk acceptance testing of systems included SOX critical financial database servers, PeopleSoft ERM servers, and workstations for a multinational corporation. Worked with business users to research and document SOX key controls, classify their risk to the company and effectively write required documentation and test plans.
á Educated internal business users, owners, focals and management staff on any deficiencies and remediation required. Performed extensive Sarbanes-Oxley IT Design Effectiveness and Operational Effectiveness testing, documentation and remediation. Assessed and audited WW IT Applications process compliance against Sarbanes-Oxley guidelines.
Sarbanes-Oxley 404 Internal Auditor (IT/Finance) (Consultant) 09/2004 – 10/2004
Boeing Airplane Company
Renton, Washington and Huntington Beach, California USA
á Performed testing of controls with external auditor (Deloitte & TouchŽ LLP) and internal auditor (Jefferson Wells) to certify compliance with Sarbanes-Oxley section 404. Created audit plans to assess compliance of functional financial operations. Worked with external consultants assisting in documentation and testing, reviewed and assessed documentation, and implemented Risk Navigator software. Reviewing and/or establishing policies, plans and procedures.
á Primarily responsible for coordinating Sarbanes-Oxley Rule 404 documentation and testing throughout Boeing Commercial Airplane Corporation (Finance). Liaised with and worked with external consultants assisting in documentation and testing, review and assess documentation, and implement Risk Navigator software. Coordinated testing and evaluation schedules, provided training, and evaluated issues
á Assisted with projects related to internal controls and provide guidance to department managers in assessing their internal controls. Other responsibilities included, but were not limited to, researching and documenting technical accounting issues, leading development and implementation of improved accounting systems, assisting with the month-end close, preparing and analyzing SEC reports, preparing monthly variance analysis, and other Sarbanes-Oxley 404 financial reporting duties.
á Identifying errors, omissions, inconsistencies and potential abuses and reporting these findings to senior management. Developing audit planning documents, test plans and programs; preparing and reviewing audit work papers to ensure compliance with auditing standards, and preparing reports to management & the audit committee.
Sarbanes-Oxley 404 Internal Auditor (Consultant) 06/2004 – 09/2004
Bothell, Washington USA
á Documented and tested policies and procedures required for Sarbanes-Oxley compliance. Worked with Management to determine requirements for Sarbanes-Oxley compliance in a Network Security Architecture. Identified the key AT&T Wireless Network Services assets that are critical to the companyÕs financial operations. Authored and updated network security policy documents.
á Evaluated procurement of Intrusion Detection System, network and host based sensors, and Snort, Protocol Analysis. Performed security log correlation and analysis, (Syslog, Firewall, Application, Tripwire etc). Identified issues and proposed solutions, supporting implementation of solutions working with all business functions. Identified appropriate audit and control standards for AT&T Wireless Network Services.
á Identify the key AT&T Wireless Network Services assets that are critical to the companyÕs financial operations.
á Implemented detective/manual controls for: Access Management, Vulnerability Management, and Perimeter Defense. Performed analysis of Risk for SOX 404 issues. Performed scenario based testing of actions causing control point breaches. Provided input to documentation team for modification and regression testing of process flow-charts. Ensured effective design and implementation of external and internal audits. Developed effective network security solutions across all components of designated platforms, IDS – Real Secure,
Law Enforcement Emergency Equipment Telecommunications Technician (Consultant) 05/2004 – 08/2004
Emergency Vehicle Accessories and Communications, Inc. (EVAC)
Lakewood, Washington USA
Previous Experience Available Upon Request.