Profiles search

Stephen Thompson

Building and improving business intelligence solutions for governance and management of enterprise risk, operational risk, IT risk, and information security.
Dallas, TX, United States

Details

Education: Bachelor of Arts (B.A.)

Psychology with minor emphasis in Biology

University of Missouri-Kansas City





Project Management

Questrom School of Business, Boston University

2007 : 2008



Information Security Management

SANS Technology Institute

2007 : 2008
Experience: 2022 : Present

CoreLogic

Principal Information Security Manager

Providing executive-level consulting, architecture, project management, team building, and product ownership / product management for enterprise risk management (ERM) and operational risk management (ORM) programs for medium and large financial institutions.

Advocating for the business while delivering comprehensive BI solutions using software products such as Archer & ServiceNow by identifying, refining, and validating delivery of business product requirements.

Providing information security oversight (DevSecOps) and data quality assurance for business intelligence (BI) systems. Planning and performing system migration and data transformation. Managing and validating data quality. Identifying information gaps and providing both strategic and tactical direction for prioritization and resolution.

Establishing agile project management operating models, planning, and reporting using software products such as Jira and Rally. Providing transparent views of project status and risks.

Recent Accomplishments

• Helped Silicon Valley Bank (SVB) achieve goal of becoming a large financial institution by managing Galvanize HighBond and ServiceNow GRC software solutions, focusing on information system architecture, collection of foundational data inventories, defining / improving / validating data quality, migration of data from system to system, establishing customer support solutions, and establishing agile project management operating models and reporting systems.

• Delivered enterprise compliance management solution improvements critical to Wells Fargo success, overseeing business user acceptance testing, business requirements gathering, dependency management, and internal testing / validation.

• Assured successful initial business launch for Welkins Farms focusing on business operation planning, internal standards, licensing, and product quality control.

2020 :

Acumen GRC Consulting, LLC

Senior Consultant

Provided Allstate Insurance Company with control effectiveness testing for seven business-critical applications and their supporting databases, platforms, and security processes in support of new and emerging state laws impacting information technology and non-public personal data. Developed test plans, reviewed evidence, and produced assessment documentation.

• Provided the support needed to complete end-of-year goals for state cybersecurity compliance review.

• Provided support owners and business partners with coaching and insight on strengths and weaknesses, and prepared recommendations for continued process improvements and success.

2019 : 2019

Apex Systems

Information Security Assurance Analyst (Contract)

Managed four projects at Toyota Financial Services to develop and deliver Archer eGRC software applications for internal business partners. Spear-headed the teams’ first adoption of Agile practices to develop software as a factory. Established and implemented team standards for documenting business requirements and application design. Documented to-be business processes. Provided operational troubleshooting and integration testing.

• Established Atlassian Jira as a collaboration tool which improved resource estimation, project planning, and progress tracking.

• Delivered applications which reduced the cost of Sarbanes-Oxley internal controls testing, improved processes for issue management and regulatory change management, and provided new capabilities for hosting an authoritative sources library.

2018 : 2019

Calance

Business Systems Analyst eGRC (Contract)

Led a project for initial adoption of PCI DSS and consulted on compliance management practices. Established an inventory of IT components. Defined the scope of PCI compliance for IT systems and processes Defined organization-specific controls for satisfying PCI DSS requirements. Performed an assessment of IT systems to identify deficient or missing controls. Participated in development and review of information security policy and standards.

• Responded to six client audits of IT controls and improved the company’s ability to accurately respond to clients’ compliance assessments.

• Assessed and evaluated two new info sec solutions prior to acquisition resulting in improved network intrusion detection and source code analysis capabilities.

• Saved the company $4.1M+ that was invested in more profitable projects.

2017 : 2018

National Bankruptcy Services, LLC

Information Security Manager
Company: CoreLogic
Years of Experience: 21
Spoken Language: English, French, Spanish

Skills

Agile Project Management, Business Analysis, Business Architecture, Business Continuity, Business Process, Business Systems Analysis, Coach, Communication, Computer Forensics, Computer Security, Continuous Improvement, Data Analysis, Firewalls, Information Security, Information Security Management, IT Audit, IT Auditors, IT Compliance Management, IT Governance, IT Risk Management, Management, Microsoft Office, Microsoft SQL Server, Network Engineering, Network Security, Pattern Recognition, Payment Card Industry Data Security Standard (PCI DSS), PCI DSS, Penetration Testing, People Skills, Problem Solving, Process Engineering, Project Management, Research, Risk Assessment, Risk Management, RSA Archer eGRC, Security, SharePoint Designer, Software Documentation, Staff Development, Statistical Data Analysis, Teacher, Technical Writing, Threat & Vulnerability Management, Threat Analysis, Threat Modeling, Visio, Vulnerability Assessment

About

Senior program manager focused on assessing, developing, growing, and improving business intelligence (BI) systems for enterprise risk management (ERM), operational risk management (ORM), and compliance management capabilities and maturity. Qualified subject matter expert (SME) for audit of Information Technology (IT) control, Information Security (IS) control architecture and management, data migration, and data quality assurance. United States Navy Veteran with 11+ years of experience in assessing and fulfilling federal, state, and Payment Card Industry (PCI) IT compliance requirements for financial institutions, law firms, and government entities. 13+ years of experience in project management. 8+ years developing, managing, and testing solutions and applications of RSA Archer eGRC. Currently gaining experience in ServiceNow Governance, Risk, and Compliance (GRC) and Diligent HighBond.