Uploaded File
13933 Felix Will Road
Riverview, FL 33579
Sr IT Auditor / Managing Director
32 years experience W2
Average rating
Profile views

  • Financial Data Analysis for Risk Assessment & Decision Making
  • Business, Technical, and Legal Writing
  • Business and Industry Analysis
  • Database Retrieval and Analysis for Speciality Analysis
  • Process Automation Systems
  • Energy Project Management
  • Petrochemical Plant Maintenance and Operations
  • Contract Advising
  • Internal & IT Auditing
  • Project Management
  • Control-Risk Self-Assessment Facilitation
  • Time Value of Money & Present Value Analysis
  • Banking Systems & IT Service Bureaus
  • Manufacturing Requirements Planning
  • IT Governance, Strategic Planning and Data Integrity Controls
  • Policy & Procedure Development
  • Custom Training Development and Delivery

Recent Speaking Events

  • “Secure IT Project Deliverables” 2018 NIST Cybersecurity Risk Management Conference, November 2018
  • “Fraud in the Cloud” Association of Certified Fraud Examiners Tampa Bay Chapter Meeting, February 2019
  • “Feeling Secure in the Cloud” ISACA West Florida Chapter Assurance & Security Trends and Topics Conference
  • “IT Guru? Consider Expertise Entrepreneurship” Techstars Tamp Bay Startupweek, February 2019
  • “Cloud Solutions for Critical Infrastructure” InfraGard National Webinar, April 2019
  • “Medical IoT Cybersecurity Risk Management” (ISC)2 Tampa Chapter Meeting, April 2019
  • “IT as Critical National Infrastructure” Penn State World Campus Tech Club Webinar, April 2019
  • “Counterintelligence for Critical Infrastructure” & “Securing Industrial IoT for Smart Cities and Factories” Critical Infrastructure Protection and Resilience North America, May 2019
  • “Secure Cloud Solutions” ISACA North American CACS Conference, May 2019
  • “Human Trafficking as a National Security Threat” International Conference on Human Trafficking Research, May 2019
  • “Cyber Resilience, Counterintelligence and Information Sharing” & “The High Costs of Legacy IT” Florida Audit Forum, August 2019
  • “Silver Lining: Migrating from Legacy Systems to Cloud Solutions” AICPA podcast, September 2019.
  • “Human Trafficking Around Us: How to Spot it, and What You Can Do to Help” Panel Member, Freeland Film Festival, September 2019.
  • "Election Cybersecurity Infrastructure Protection: 2024", Tampa IIA / ISACA Fraud & Security Seminar, December 2019

Continuing Education

Averaged 150 hours of continuing education in the last four years, including emerging technology, auditing, attending major conferences, and 50 hours related to Security and Organization Control (SOC) audits.

Global Standards Committee Involvement

  • Member of Cloud Security Alliance Cloud Control Matrix Working Group (CSA CCM WG) Editorial and Review Committee (2019-Present).
  • ISA-99, “Industrial Automation and Control Systems Security” Standards Committee (2009-2011)
  • Institute of Internal Auditor’s Global Advanced Technology Committee (2005-2006) – contributed to and edited several of the Global Technology Audit Guides (GTAGs).

Managing Director
Professional/Consulting Services
Oct 2015 - present
Tampa, FL
  • Development of e-learning on disruptive IT.
  • The EDP Audit, Control, and Security (EDPACS) Newsletter - Taylor & Francis Publishing – Editorial Review Board and contributing author.
  • Association of International CPAs – Technical Content Subject Matter Expert (SME) for webinars on various applications of Robotic Processing Automation, Artificial Intelligence, Blockchain, Disruptive Technologies, and IT Governance. Also, served as Instructor.
  • (ISC)2 – Online continuing education course development.
Project Management Auditing Artificial Intelligence
Remove Skill
Contracting Program / Project Manager / System Auditor
Jul 2005 - Sep 2015

Contracting Program / Project Manager (Feb 2011 - Sep 2015)

The Southern Area Oil Projects Division (SAOPD) was responsible for over $2 billion in projects and their related contracts [up to $200 million each] and change orders; SAOPD had over 125 PM professionals of various divisions. The division handled new facility, facility maintenance, and upgrade projects to:

  • Refineries and gas plants including the Abqaiq Plant, the world’s largest oil processing and crude stabilization facility
  • Industrial Automation and Process Control Systems [operational technology - OT]
  • Plants’ electrical systems and – in one case – power transmission networks as a joint venture with Saudi Consolidated Electric Company (SCECO)

Performed as program manager for all of the Southern Area Oil Projects Division’s (SAOPD) major and minor contracts, as well as a project manager for each individual contract. Supervised a staff of three.

Provided vacation relief for my manager when he was on vacation 6 weeks of the year; as Acting Business Administrator (while still performing Contract Specialist responsibilities) was in charge of approximately 25 personnel, including the functions of Contracting, Cost, Scheduling, Safety, Estimating, Materials and Computer Security Liaison. Also made personnel and budgetary decisions, as well those related to divisional business interfaces with corporate and external stakeholders, including department management and VP of engineering.

Cross-functional relations with multiple disciplines within a full managerial hierarchy, divisional [especially project engineers], corporate, project owners, and contractors as stakeholders. Full-cycle contracting life cycle (CLC) from contract development through bid slate selection, request for proposal (RFP) evaluation, award contract, change order management, vendor dispute to project closeout.

Transferred from Internal Auditing to process re-engineered function out of poor internal controls and fraudulent history. Documented divisional contracting procedures and developed weekly Contracting Status Reports. In subsequent internal audits, no control exceptions were found within my Contracting Unit.

Project manager for:

  • Contracts project scheduling – enhanced accuracy and visibility of contracting duration along the critical path by developing a series of MS Project templates for each contract type, working with divisional project scheduler. Templates were provided the input of the RFP data and it calculated the contracting project plan backward to the start of contract development and forward to contract signing. These templates were imported into Oracle Primavera to integrate with the overall project plan.
  • Vendor evaluation and capacity planning – imported related datafiles into MS Excel and used Excel macros to prepare the data fields and then Excel’s charting capabilities to visualize data characteristics, MS Access to perform crosstab queries, joining tables by key fields and identifying duplicate and unmatched records. Resulting report identified data integrity problems, inherent weaknesses in the current processes, and report and made recommendations for remediation. The report resulted in an Operational Excellence initiative.

Wrote memos for Project Management SVPs, VPs, Departmental and Divisional Managers; to other functions and contractors, including memos having substantial engineering content.

Senior Info Systems Auditor (Jul 2005 - Jan 2011)

Internal Auditing function had 100 internal auditors and audit managers; the Information Systems Audit Division (ISAD) had 10-15 IT auditors.

As an in-charge auditor, supervised staff of one to five. In-charge or assisted audits in:

Comprehensive audits of systems autonomous from Corporate IT :

  • Process Control Systems (PCS) for refineries, gas plants, pipelines, ship ports and docks – from firewall separating corporate and plant PCS operational technology (OT): network architecture and security configuration, vendor applications, control room, electrical systems and UPS, server room, physical security, process interface buildings, compliance with engineering standards.
  • Engineering Business Line (EBL) – scientific and technical applications: end-user computing applications to EBL data center and supercomputer center, application development.
  • Security Department (SD): facility card reader access system, automated fingerprint information system (AFIS), SD data center, applications development, in-house developed applications.

Corporate IT:

  • Corporate Data Center,
  • Firewalls,
  • Active Directory and Windows Servers,
  • Oracle Database,
  • Software licensing agreements (SLAs),
  • Law Department Applications,
  • Vendor and in-house service level agreements (SLAs).
  • International Ship and Port Facility Security (ISPS).

Performed as project manager for implementation of:

  • Risk-based auditing, Audit Data Analytics (ADA) and
  • Risk-Based Auditing (RBA) initiative, which used Control Objectives for IT and Related Technologies (COBIT) for IT security and controls. Participated in a major fraud investigation on a mega-project.

Acted as an internal consultant to a pre-audit review of mission-critical geographic information systems (GIS), which also hosted the company’s most confidential data on oil reserves. Identified extreme weaknesses security and controls in the ArcGIS software, the only one in the world with powerful functionality that Saudi Aramco needed. Made recommendations to request ArcGIS to make major new security capabilities in their next release; this resulted in enhanced security features for all global ArcGIS customers.

For Policies and Procedures related to IT, Security Department and Engineering Business Lines and for PCS Engineering Standards: reviewed proposed new and revisions and made regular recommendations for their enhancement.

Contributed to the development of each year’s Annual and Five-Year Strategic Plans for the Information Systems Audit Division.

Participated in a fraud investigation at a megaproject (over $1 billion).

Application Development Auditing Data Center Microsoft Excel MS Active Directory MS Project MS Visio Primavera Program Management Project Management Project Planning RFP Stakeholder Engagement Windows Server Oracle MS Access Compliance Analytics Budget Management Change Orders Estimating MS Excel Program Management Vendor Management Audit
Remove Skill
Managing Director
Professional/Consulting Services
Jun 1993 - Jul 2005
Cleveland, OH

Performed many major complex projects related to internal auditing and cybersecurity consulting in 20 countries, with clients that included Fortune 500 companies, 2nd largest Pizza Hut franchise, Lifeline Screening, regional banks, TSTT [Trinidad & Tobago], CMPK [Indonesia], Charterhouse Consulting [Nigeria], The Barents Group of KPMG, Anderson Consulting, major CPA firms, central banks and the US Agency for International Development (US AID), the World Bank and International Monetary Fund (IMF).

Developed and instructed custom workshops in:

  • ACL Audit Data Analytics (ADA) – simulated an actual audit using the client’s own data, following my templates for ADA Documentation Standards, File Naming Conventions, and a proprietary File Tree graphic representation of source data tables, through resulting generated and joined files.
  • Bank Internal Auditing – presented to seven countries from the former Soviet Union,
  • Financial Analysis for Risk Assessment – Bank of Tanzania examiners entered their own bank’s regulatory reports into MS Excel and generated ratio, common-sized, compositional, and trend analysis to have the class identify likely areas of examinations focus.

Dedicated three years to Sarbanes Oxley process documentation, key control identification, controls analysis, recommendations and testing for audited public companies; as a contractor for major public accountants, reviewed public company’s documentation and testing, performed selected re-testing and contributed to the audit report on Management’s Letter on Internal Controls.

Performed IT audit controls review, testing and recommendations as a contractor to major CPA firms as part of reliance on internal controls for financial reporting (ICFR)

As a contract auditor, performed Service Organization Controls (SOC) audits for major CPA firms.

Wrote a total revision of Ernst & Young Technical Reference Series book on a mainframe security program that I had never audited.

On behalf of the World Bank and International Monetary Fund assisted in the development of the IT Strategic Plan for the country of Pakistan.

Project manager for global IT platform risk analysis assignments for two Fortune 500 companies.

Prepared a process for the second-largest Pizza Hut franchise to transform electronic versions of various reports into a business intelligence (BI) reporting application using Datawatch Monarch, Visual Basic for Applications, MS Excel, and MS Access – later ported from Access to SQL.

Designed, developed, tested, and documented - working closely with the CEO and CFO - created a very complex business plan prototype model that was used for the client’s coming fiscal year’s business plan. The model used a large series of MS Excel workbooks that cross-referenced the results of the previous step(s), allowing key parameter assumption changes to flow throughout the entire model. Provided advisory role on model architecture, worksheet design and construction, and documentation which allowed for model troubleshooting and maintenance to add new functionalities.

Business Intelligence Microsoft Excel MS Visio Project Management Auditing Analysis Risk Assessment Cyber Security CEO C-Level Management Construction MS Excel Program Management
Remove Skill
IT Audit Manager
Jun 1991 - May 1993
Cleveland, OH

Served as chair of Self-Directed Audit Team (SDAT) – presenting at every meeting with Audit Committee of the Board of Directors; also reported to the Chief Financial Officer.

Also, supervised and provided on-the-job training to the financial audit trainee.

Met on a regular basis with the Chief Information Officer to discuss matters of governance, risk management, and internal controls; this was a catalyst to the formation of the IT Steering Committee and IT Strategic Plan.

Solely responsible for every aspect of the company’s IT function audits, including:

  • Change management prioritization and monitoring process – led to an adopted recommendation for a Corporate IT Steering Committee
  • Problem ticket / incident response process.
  • Adequacy of IT insurance coverage and policy contracts.
  • Electronic data interchange (EDI).
  • Windows workstation and server security.
  • Systems Development Life Cycle and Programming Standards.
  • Separation of Development, Test, and Production environments, including Librarian, IAM, and version control.

Project manager for the development of an ISO-9000 internal quality self-assessment program after completing the BSI Lead Auditor training. Developed policy and procedures manuals and presented training to the future internal quality self-assessment auditors.

SDAT provided a key role in the joint implementation of the Deming Method of Continuous Improvement and the COSO Internal Control-Integrated Framework by teaching other corporate and operational functions process flowcharting for process analysis and re-engineering.

Auditing Change Management Project Management Risk Management Analysis IAM Version Control Program Management Talyst Audit
Remove Skill
Edit Skills
Non-cloudteam Skill
Attended in Information Security & Assurance
Carnegie Mellon University, 2008 - 2009

IT Graduate-level distance learning course work towards the Master of Science Information Technology. Concentration in Information Security & Assurance.

Classes Completed:

- Telecommunications Management
- IT Project Management
- Database Management
- Intro to InfoSec Management
- Global IT Management


Master's in Finance
MiamUniversity, Oxford, Ohio 1982


Bachelor's in Economics and Marketing
Miami University, Oxford, Ohio 1981

Cum Laude

CPA - Certified Public Accountant # 26482
Accountancy Board of Ohio, 1991
CISA - Certified Information Systems Auditor, #9110419
ISACA, 1991
CIA - Certified Internal Auditor, #21066
Institute of Internal Auditors, 1994
CFE - Certified Fraud Examiner, #11337
Association of Certified Fraud Examiners, 2005
CSCP - Certified Supply Chain Professional
APICS, 2010
CAMS - Certified Anti-Money Laundering Specialist, # ER-000086359
Association of CAMS, 2018
AWS-CCP - AWS Certified Cloud Practitioner
AWS, 2018
CCSK - Certified in Cloud Security Knowledge
Computer Security Alliance, 2018
CHTI - Certified Human Trafficking Investigator
ACAMS - Virtual Currency & Blockchain
AICPA - Robotic Process Automation Fundamentals
AICPA - Blockchain Fundamentals for Accounting and Finance Professionals
AICPA - SOC for Cybersecurity
AICPA - Cybersecurity Advisory Services
Project Management
Program Management
Microsoft Excel
MS Excel
MS Visio
Business Intelligence
C-Level Management
Cyber Security
Risk Assessment
Application Development
Budget Management
Change Orders
Data Center
MS Access
MS Active Directory
MS Project
Program Management
Project Planning
Stakeholder Engagement
Vendor Management
Windows Server
Artificial Intelligence
Change Management
Risk Management
Version Control
Cloud Security
Strategic Planning