A professional with experience in information technology, audit, information security, compliance, risk management, and business process analysis. An empathic leader with excellent analytical, organizational, and time management skills. Excel at working with individuals that possess varying technical backgrounds to communicate technical issues in a clear and accessible manner. Holds a Bachelor of Science in Management Science and Information Technology and a Master of Business Administration from Virginia Tech, and is a Certified Internal Auditor through the Institute of Internal Auditors (IIA) and is CompTIA Security+ certified.
Bachelor of Science in Management Science and Information Technology and a Master of Business Administration from Virginia Tech
A professional with 17 years of experience in audit, information assurance, and information technology
Certified Internal Auditor through the Institute of Internal Auditors and CompTIA Security+ certified
Expertise with control design, risk mitigation, and policy compliance
Virginia Tech – Director of Information Technology & Data Administration
(2018 – Present)
- Responsible for the oversight of 32 positions, budget, and strategic leadership of the Operations IT organization.
- Responsible for leading an organization that supports the technology needs of approximately 900 employees. Services include support for end-user devices, server infrastructure for over 50 systems, IT and data security, project management, and enterprise application development and support.
- Responsible for overseeing the maintenance and enhancements to the Facilities’ work order and project management ERP system. This system processes approximately 50,000 work orders annually, manages maintenance and repairs on approximately 15,000 assets, and is actively managing close to $500 million in capital construction projects.
- Work closely with vendors and internal stakeholders to ensure projects are planned, resourced appropriately, and are completed within budget and in a timely fashion.
- Responsible for the development and maintenance of policies and procedures that ensure the security and integrity of the organization’s data and information technology.
- Work closely with senior leaders to provide guidance on the use of technology to achieve strategic objectives in support of university goals.
Virginia Tech – Audit Manager
(2014 – 2018)
- As part of the leadership team in the Office of Audit, Risk, and Compliance, I provided direction and day-to-day oversight of the university audit team to ensure the completion of the annual audit plan.
- Provided project management and leadership on an average of 25 audit projects annually during the planning, fieldwork, and reporting phases of operational and IT audits, and compliance reviews.
- Provided expertise to audit staff on performing risk assessments and reviews based on various frameworks and standards including the International Standards of Internal Auditing from the IIA, COSO, ISO 27001/27002, PCI-DSS, SOC 2, FERPA, and HIPAA.
- Provided guidance and recommendations to university management on control design, assessing risk, risk mitigation, and compliance with university policies, and federal and state regulations.
- Executed the follow-up testing program to ensure action plans were implemented and fully resolved.
- Provided expertise and guidance on the development of datasets that supported audit activities performed by the audit staff. This included the extraction of data from multiple sources to perform data analysis.
- Participated in the preparation and presentation of materials for the quarterly meetings of the Compliance, Audit, and Risk Committee of the Virginia Tech Board of Visitors.
Radford University – Information Security Officer
(2011 – 2014)
- Managed the day-to-day operations of the IT security office including strategic planning, project management, and oversight of the department’s budget.
- Supervised the IT security team to assure timely completion of day-to-day task assignments, as well as the completion of administrative tasks such as performance evaluations, monitoring time and attendance, and the development of employee training programs.
- Developed and maintained the security policies, standards, Business Impact Analysis, Information Security Plans, Risk Assessments, and Disaster Recovery Plans for the university’s critical IT systems.
- Performed control reviews to evaluate the university’s security program and made necessary adjustments to ensure sensitive data and critical systems were protected, and compliance with policies, laws, and regulations was maintained.
- Performed regular security assessments of university systems and infrastructure, and worked with system owners and other key stakeholders to resolve identified issues.
- Served as the liaison to internal and external auditors, the Commonwealth of Virginia’s Information Security Officer, and university senior management for issues related to information security.
- Provided security training to university stakeholders such as system owners, data owners, and system administrators and created security awareness campaigns for the university community.
Deloitte & Touche – Senior Consultant
(2010 – 2011)
- Supported the Information Assurance Division at Acquisition, Logistics, and Technology Enterprise Systems and Services (ALTESS) that hosts information systems supporting hundreds of thousands of users across the U.S. Army and Department of Defense (DOD).
- Was responsible for directly supporting fifteen Army and DOD customers during the development, certification and accreditation, and sustainment of their hosted systems.
- Monitored and reviewed IT security controls to validate compliance with DOD, Federal, and Army regulations including NIST 800-53.
- Developed standard operating procedures based on applicable regulations and best business practices for supported customers.
- Created a number of Microsoft Access databases which assisted with data collection, report creation, and tracking of customer information.
Radford University – Information Technology Auditor
(2017 – 2010)
- Instrumental in the development of the initial IT audit function for the university.
- Identified the university’s IT universe, and based on that analysis, developed a multi-year IT audit plan.
- Created comprehensive audit programs to assess compliance with laws and standards such as Virginia Information Technology Agency SEC 501-01 and ISO 27001/27002.
- Conducted multiple audits of the university’s sensitive systems and critical IT Infrastructure. Each audit was completed following the IIA standards.
- Completed follow up analysis to determine if previous audit issues have been resolved.
- Completed special projects to investigate university compliance with laws such as PCI-DSS, Red Flag Rules, HIPAA, I-9 compliance, inventory controls, and the Gramm-Leach-Bliley Act.
- Advised the Division of IT on security and compliance issues facing the university such as regulatory compliance, data security, data classification, disaster recovery planning, and incident response.
BearingPoint – Senior Consultant
(2005 – 2007)
- Led the Department of Justice’s (DOJ) IT Audit Oversight Program, where I directly managed four team members, kept the program on task and on schedule, and completed administrative tasks such as budgeting, invoicing, and daily interactions with the client’s management team.
- Conducted audit oversight for the IT portion of the DOJ’s annual financial statement audit.
- Developed and monitored corrective action plans for each of the ten major agencies of the DOJ.
- Assisted with the remediation of IT related weaknesses from the financial statement audit and internal control reviews.
- Provided guidance to the DOJ on maintaining compliance with regulations and standards such as FISMA, NIST 800-53, FISCAM, among others.
KPMG LLP – Associate
(2001 – 2003)
- Evaluated and tested general and application security controls in various IT environments throughout several departments within the Federal Government, and created the required work papers and reports for each audit completed.
- Reviewed processes related to access control, change management, system software, security planning, separation of duties, and business continuity management.
- Assigned as the site lead for four locations during the IT audit of the Department of Energy, which included keeping the team members on task, on schedule, reviewing and providing comments of their work papers and reports, and acting as the point of contact for the client, and the manager of the project.
- Assisted in the development of several engagement proposals with the objective to earn revenue numbering in the millions of dollars, as well as creating relationships with existing and new clientele.
- Virginia Tech – M.B.A. with a Concentration in Organizational Leadership, 2005
- Virginia Tech – B.S. Management Science and Information Technology, 2001
- Software: Ellucian Banner, MicroStrategy data analytics tool, Microsoft Office suite including Microsoft Access; Microsoft Project, Visio, and SharePoint
- Languages: Visual Basic, VBScript, SQL
- Operating Systems: Microsoft Windows, macOS, iOS, Android
Activities & Honors
- Graduate of the Virginia Tech Management Academy Program, November 2017
- Recipient of two Deloitte Appreciation Awards and a client Certificate of Appreciation for extraordinary service provided to the client, 2010-2011
- Awarded the MBA Outstanding Full-Time Student Award for Academic and Professional Leadership, 2004
- Elected President of the Virginia Tech MBA Association, 2004-2005
Certifications & Clearances
- Institute of Internal Auditors – Certified Internal Auditor (CIA)
- CompTIA Security+ Certified
- Top Secret Security Clearance (Inactive)