AT A GLANCE
- Role: Senior Consultant / Senior Project Manager
- Client: CIBC / Intria
- Industry: Financial, Banking
- Project Types: Program, Applications, Infrastructure, Technology Risk & Compliance
- Budget: $35M
- Duration: 30 months (2007-2009)
Part of a senior consulting team charged with addressing severe technology gaps and significant risk exposures identified in a Deloitte & Touche technology review following CIBC’s acquisition of INTRIA.
Personally responsible for the startup of the INTRIA Remediation Program and PMO, development of business cases to secure remediation funding, development of plans and proposals, management and tracking of all audit, risk and compliance gaps and action plans and the development of an enterprise web based risk and compliance tracking and reporting application.
- INTRIA Technology Remediation Program: Startup of the INTRIA Remediation Program; Developed work packages based on gaps identified by Deloitte & Touche; Set-up the PMO and assumed oversight for all PMs, projects and program deliverables.
- Security Remediation Projects: Worked directly with CIBC Enterprise Information Security and IBM on security remediation projects: intrusion detection, vulnerability scanning, and tightening access controls.
- Application Remediation Program and Business Case Development: Developed the framework, gathered requirements and funding estimates from LOB Senior Directors for the start-up of the Applications Remediation program. Worked with Finance to develop the remediation business submission and successfully secured $35 M in funding from CIBC Executive Management for all Technology Remediation.
- Audits (Internal, External, Clients): Managed all aspects of both internal (CIBC) and external (Ernst &Young) technology audits; acted as the single point of contact for INTRIA Technology Operations (Infrastructure). Managed all audit engagement activities, fieldwork and coordination between auditors and technology SMEs. Directed management responses for all requests, issues, observations and deficiencies. Worked with Governance and National Operations on 3rd party client audits. Planned, developed and tracked action plans and reported status to INTRIA and CIBC technology executives.
- Risk Management and Compliance: Directed completion of deliverables and gathering of artifacts for Internal Audit Risk Rating Reduction review; Managed the initial phase of CIBC’s Functional ID Risk assessment to identify current state for provisioning and management at INTRIA; Directed a number financial impact assessments for technology improvements to comply with new Technology Standards; Service Continuity – developed a proposal to establish an organization for the development and management of a disaster recovery program. Accountable for Technology Audit reporting to CIBC Enterprise Risk Mgmt and INTRIA Governance.
- Audit Process INTEGRATION: Developed a proposal to integrate Infrastructure and Application Development audit functions for all of INTRIA Technology. This involved in-depth process reviews and analysis resulting in specific recommendations and action plans to minimize effort and impacts of future audits, including a common framework to centralize audit planning and coordination and unification of issue, risk and deficiency management. Developed a tool to inventory all audit artifacts and received approval for a full-time Senior Audit manager to transition the work and be fully accountable for the new processes.
- Enterprise Web Development: Directed the design, development and implementation of an in-house enterprise web-based audit, risk and compliance tracking tool (TRACKER) and administrative interface. Working closely with INTRIA Governance, also directed the design and development of other TRACKER functions, including a “Self-Assessed Audit” monitoring and management tool and Audit Artifact Inventory database. The TRACKER application was further extended to other workgroups for work and issue management, tracking and reporting with roll-up to group & executive views for enterprise tracking and reporting.
- Application Costing and Allocations: Reviewed current state processes to identify gaps, make recommendations for improving processes and steps to centralize this function within new Business Management group. Focus was total cost of ownership, chargebacks and application retirement.