Profiles search
Charlie P.
Experienced IT Security & IT Audit Manager
Denver, CO, United States
Details
Experience:
2019 : Present
SM Energy Company
IT Manager - Information Security
Develop, coordinate, and manage corporate cyber security strategy while being responsive to management’s needs, provide value to the internal stakeholders and focus on company concerns and/or cyber risks. Specifically :
• Set, communicate and ensure the respective accountabilities for information security and risk
• Oversee risk and control decisions
• Formally endorse, authorize, and communicate security policies
• Recommend, approve and allocate the budget of the security and risk management program
• Guide the security and risk program and the architecture strategy
• Oversee the program execution and assess the value of security investments, processes and activities
• Review requests for policy and risk exemptions
• Monitor the accumulated risk represented by the existing policy and control exceptions
• Conciliate or arbitrate among conflicting security requirements
• Provide periodic reports to the Audit Committee on the company’s current state of cybersecurity risks and control activities
• Follow-up on cyber security and incident response action items to ensure that appropriate corrective action has been completed
• Determine whether the organization’s cyber security risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in an appropriate manner
2018 : 2019
SM Energy Company
Information Security Supervisor
Responsible for identifying technology risks; independently evaluating the efficiency and effectiveness of information technology infrastructure; application controls including security and internal controls. Performs complex level professional internal audit work. Work involves leading or conducting performance, financial, compliance, and information technology audit projects; providing assurance services to the organization’s management and staff; providing key input to development of the Annual Risk Assessment; updating the IT Audit Universe on an as needed basis. Additional responsibilities and experience include :
• Performed post SAP and GRC implementation audits and transitioned full compliance testing from external to internal resources
• Performed Supervisory Control and Data Acquisition (SCADA) audits
• SOX ITGC key configuration and report base-lining
• Maintained SOX ITGC Risk Control Matrix (RCM)
• Leverage data analytic tools, enterprise systems, and infrastructure data to develop audit methodologies, data analytic procedures, and IT governance programs such as;
- Duplicate payment audit database,
- Change management audit database, and
- GL transaction analytic database
• Perform and manage SOX ITGC Compliance Efforts, demonstrating effective leadership and project management skills that support company’s compliance requirements under the Sarbanes Oxley Act for all key in-scope IT processes and applications
• Coordinate and manage external network penetration tests
2014 : 2018
SM Energy Company
Internal Audit Advisor-IT
Responsible for establishing compliance standards and best practices for Enterprise Risk Management (ERM) group at Lockton. This includes the related components of coordinating teams in the sales, servicing and retention of clients. Has developed and implemented analytic tools for performing operational and financial related risk assessments.
2010 : 2014
Lockton Companies
AVP, Enterprise Risk Management
Audit Manager/Lead Auditor/Senior Auditor
Managed domestic and international audits including operational, financial, compliance and integrated IT audits (i.e. financial reporting, manufacturing, SCM, revenue recognition and deferred revenue, post and pre-system implementation reviews, contract compliance and joint ventures). Provided business assurance services for the company's system implementation projects including revenue assurance activities.
• Reduced audit team field work activities from three to two weeks by establishing repeatable data mining and analytic techniques used to improve audit effectiveness and efficiency and support remote auditing activities.
• Improved audit practice consistency, quality, efficiency and effectiveness of audit activities being performed by implementing audit process management, collaboration and automation tools to improve standardization of audit project activities and documentation processes.
• Performed internal audit quality assurance self assessment activities and developed departmental quality assurance and improvement programs (QAIP) to assess overall conformance against the standards, identify gaps and action plans for improvements.
• Led interviews and enhanced efficiency and effectiveness of company’s annual enterprise risk assessment (ERA) project by implementing the on-line business intelligence and collaboration tool.
2007 : 2010
Sun Microsystems
Audit Manager
SM Energy Company
IT Manager - Information Security
Develop, coordinate, and manage corporate cyber security strategy while being responsive to management’s needs, provide value to the internal stakeholders and focus on company concerns and/or cyber risks. Specifically :
• Set, communicate and ensure the respective accountabilities for information security and risk
• Oversee risk and control decisions
• Formally endorse, authorize, and communicate security policies
• Recommend, approve and allocate the budget of the security and risk management program
• Guide the security and risk program and the architecture strategy
• Oversee the program execution and assess the value of security investments, processes and activities
• Review requests for policy and risk exemptions
• Monitor the accumulated risk represented by the existing policy and control exceptions
• Conciliate or arbitrate among conflicting security requirements
• Provide periodic reports to the Audit Committee on the company’s current state of cybersecurity risks and control activities
• Follow-up on cyber security and incident response action items to ensure that appropriate corrective action has been completed
• Determine whether the organization’s cyber security risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in an appropriate manner
2018 : 2019
SM Energy Company
Information Security Supervisor
Responsible for identifying technology risks; independently evaluating the efficiency and effectiveness of information technology infrastructure; application controls including security and internal controls. Performs complex level professional internal audit work. Work involves leading or conducting performance, financial, compliance, and information technology audit projects; providing assurance services to the organization’s management and staff; providing key input to development of the Annual Risk Assessment; updating the IT Audit Universe on an as needed basis. Additional responsibilities and experience include :
• Performed post SAP and GRC implementation audits and transitioned full compliance testing from external to internal resources
• Performed Supervisory Control and Data Acquisition (SCADA) audits
• SOX ITGC key configuration and report base-lining
• Maintained SOX ITGC Risk Control Matrix (RCM)
• Leverage data analytic tools, enterprise systems, and infrastructure data to develop audit methodologies, data analytic procedures, and IT governance programs such as;
- Duplicate payment audit database,
- Change management audit database, and
- GL transaction analytic database
• Perform and manage SOX ITGC Compliance Efforts, demonstrating effective leadership and project management skills that support company’s compliance requirements under the Sarbanes Oxley Act for all key in-scope IT processes and applications
• Coordinate and manage external network penetration tests
2014 : 2018
SM Energy Company
Internal Audit Advisor-IT
Responsible for establishing compliance standards and best practices for Enterprise Risk Management (ERM) group at Lockton. This includes the related components of coordinating teams in the sales, servicing and retention of clients. Has developed and implemented analytic tools for performing operational and financial related risk assessments.
2010 : 2014
Lockton Companies
AVP, Enterprise Risk Management
Audit Manager/Lead Auditor/Senior Auditor
Managed domestic and international audits including operational, financial, compliance and integrated IT audits (i.e. financial reporting, manufacturing, SCM, revenue recognition and deferred revenue, post and pre-system implementation reviews, contract compliance and joint ventures). Provided business assurance services for the company's system implementation projects including revenue assurance activities.
• Reduced audit team field work activities from three to two weeks by establishing repeatable data mining and analytic techniques used to improve audit effectiveness and efficiency and support remote auditing activities.
• Improved audit practice consistency, quality, efficiency and effectiveness of audit activities being performed by implementing audit process management, collaboration and automation tools to improve standardization of audit project activities and documentation processes.
• Performed internal audit quality assurance self assessment activities and developed departmental quality assurance and improvement programs (QAIP) to assess overall conformance against the standards, identify gaps and action plans for improvements.
• Led interviews and enhanced efficiency and effectiveness of company’s annual enterprise risk assessment (ERA) project by implementing the on-line business intelligence and collaboration tool.
2007 : 2010
Sun Microsystems
Audit Manager
Company:
SM Energy Company
About
Currently managing Information Security and Information Governance for SM Energy. Formerly IT Audit Adviser for SM Energy. Prior to SM Energy, performed Enterprise Risk Assessments, IT, Financial, Operational audits, supply chain management & operational accounting with:
• Lockton
• StorageTek / Sun Microsystems / Oracle
• CommNet / Blackstone / Vodafone / Verizon Wireless
Certified Information Systems Auditor (CISA)
Certified Data Privacy Solutions Engineer (CDPSE)
Veteran of United States Airforce
Profile Photo
