• Applying for Director, Internal Audit position at Netflix
• Experienced leader in audit, SOX, enterprise risk management, and business and IT operations for technology and financial services companies with big 4 and industry background (12+ years)
• Proven results in managing risks and controls for business transformations and system implementations
• Strong communicator, able to secure top management awareness and buy-in
• Leader of global and diverse teams within the Americas, Asia, and Europe
Audit ▪ SOX, IIA, Service Organization Control (SOC)
Governance, Risk and Compliance ▪ Enterprise risk management, GRC Technology enablement
Technology ▪ ERP (SAP, Oracle, Peoplesoft), Windows, Linux
Accounting standards ▪ US Gaap, IFRS Software
Certification ▪ CISA
Languages ▪ English, French
Controls frameworks ▪ COSO, COBIT, NIST, ISO, PCI
Data Management ▪ Data Warehousing, SQL Server, ETL, Tableau, Hadoop
Development ▪ Agile, Scrum, Waterfall, DevOps
• SOX 404 – Supported multiple SOX programs from SOX initiation to SOX optimization
SOX Remediation - Led a program to remediate material weakness over ICOFR for revenue at a Telecom Fortune 200 company for their controllership and IA/SOX teams. Led a team of 12+ over a year to perform scoping, risk assessment and gap analysis for order to cash cycle; redesigning and testing 200+ controls
SOX optimization - Acted as trusted advisor to the governance, risk and compliance Senior Director and head of SOX of a technology client. Supported key initiatives including streamlining of financial and regulatory controls and processes, optimizing SOX program, integrating with internal audit, transforming access management processes, and supporting mergers and acquisition SOX reviews. Responsibilities included reporting directly to CAO and CFO on key risk areas, driving remediation efforts with business, communicating with external auditors, and enabling organizational change management.
SOX Initiation – Supported a financial services company with a transition to stand-alone public company. Performed capability assessments for SOX function. Collaborated with senior leadership to design governance model to enable external reporting, and developed a roadmap for SOX and IA functions.
• IT Data Management and Big data – Led big data, data warehousing, data privacy and data migration activities for CIO office of a mobility company and financial services company.
Data Warehousing and Data Migration - Responsibilities included leading a project team of 50+ professionals and a budget of ~USD10 million, focusing on data management activities during a financial services company's core business transformation to replace their contract management systems (CMS) for lending, leasing, and wholesale. Responsibilities included building a new data warehouse (leading implementation end to end) and leading data migration activities for CMS.
Advanced Analytics - Established a new advanced analytics team and developed big data roadmap. Initiated a data lake project to support digitalization of customer journey. Led first big data use cases for the company around customer retention, credit operations, and mobility.
Data privacy - Supported data governance activities in a rapidly changing and heavily regulated environment, in close collaboration with InfoSec and compliance teams. Topics included China security laws, use of cloud, regional data lake, global customer data management, or external reporting governance.
• Governance, risk and compliance transformation – Led multiple transformations of GRC functions
IT audit transformation - Supported a Fortune 10 automotive OEM in transforming their IT audit department from a compliance focused organization to also include pillars such as product security, cyber security, plant technology, project advisory, and advanced analytics. Also led project advisory team by driving consultative reviews over transformative projects (e.g. ERP implementations). Key contributions included evolving project advisory team role from an assessment function to a consultative partner, leading a team of 8+ resources, issuing 20+ audit reports/year.
Enterprise risk management and audit transformation – Enabled transformation of enterprise risk management (ERM), global trade (GT) and audit processes at a Fortune 100 diversified manufacturer via process transformation and implementation of GRC technology. Decreased compliance costs by streamlining and automating compliance processes. Process improvements included increasing frequency of executive interviews and automating generation of risk heatmaps for ERM, aligning key risk indicators to key performance indicators, enabling continuous control monitoring for audit, and streamlining export/import compliance training and reporting for GT.
• SAP implementation – Program governance, risks & controls, and application security - Led program governance, risk and controls, and application security workstreams for global SAP implementations (from R/2 to S/4HANA) for several Fortune 100 clients, including technology, automotive, and oil and gas clients.
Risks & Controls – Led process design, risk identification, control design, control testing, integration testing including interface and conversions testing. Ensured regulatory, financial, and operational controls were redesigned and adhered to. Increased process automation, therefore reducing manual activities and cost.
Application Security – Led role design, development, and testing, documentation of future state provisioning processes, incorporating of Segregation of Duties requirements. Also led security remediation projects.
• SAP Governance Risk and Compliance (GRC) implementation –
End to end implementation - Led multiple end to end SAP GRC implementations to transform identity and access management (with GRC Access Controls), internal audit (with GRC Process Controls), and enterprise risk management processes (with GRC Risk Management). Assumed full program responsibility including vendor evaluation, designing, building, testing, and training for new systems; and coordination with all stakeholders including business, IT, security, architecture, project management, SAP and other vendors.
Other projects - Led other projects across GRC spectrum from initial GRC diagnostic, vendor selection, implementation, to managed services of GRC solutions. Experienced with other solutions including Archer, BWise, and Metricstream.
• External Audit – Led IT external audit for three years at an automotive financial services company. In-scope areas included financial reporting, securitization, insurance, billing, remarketing, and customer and commercial leasing and lending. Performed IT audits over 30+ in-house and corporate applications. Testing included IT General Controls (ITGC) over logical access, program change, data conversion, and computer operations as well as automated business controls (ABC) over system access, system, configuration, system interfaces and system reports. Leveraged computer assisted audit techniques (CAAT) and data analytics to automate audit processes. Led service organization control and supplier assessments.
Certified Information System Auditor (CISA)
Conference Speaker ▪ SAP Insider 2016. Solene Alos. “Bringing SAP Process Control and SAP Risk Management together to improve visibility, reduce costs, and streamline end-to-end compliance processes”
Professional Associations ▪ Member of ISACA (Information Systems Audit and Control Association), IIA (Institute of Internal Auditors), and ALPFA (Association of Latino Professionals for America)
Companies Worked For:
Job Titles Held: