MARY LYNN PETERSON

Information Systems Security & Compliance Risk Specialist

Oceanside, CA 92057
Phone: 513-253-3781
mpc41244@westpost.net
Relevant Business Experience:
Accomplished Senior Level SOX 404 & IT InfoSec Compliance Pro with 20 years of
functional COSO / COBIT / NIST / ISO / PCI based Internal & Operations Audit Exp
erience analyzing InfoSec, SOX & e-Commerce controls for various Corporations th
at utilize a wide variety of Custom / Legacy SaaS, ERP / CRM & Financial Systems
.
Expertise includes database cleansing and standardization; identification of an
d amarkinga of sensitive data; implementing methodologies to encrypt data in mot
ion and at rest; and the Certification of Interfaces, Spreadsheets and Reports f
or Sarbanes Compliance.
Experienced in all aspects of Corporate Information Systems Security Compliance
including but not limited to:
Vendor Risk Management - Stateside and Offshore - including drafting, communica
ting and tracking remediations required to maintain the same Standard Service Le
vels required by Client Contracts & Regulations such as Gramm-Leach-Bliley; Red
Flags; Sarbanes Oxley; HIPPA; Patriot Act, etc.
Formal Client Requests Fulfillment a" Security Risk Assessments, RFPs / RFIs, &
coordinating onsite audits.
Mapping and routine updating of Systems Schematics a" hardware, platforms, soft
ware licenses and peripherals tied to Fixed Asset Records, User Profiles and mai
ntenance contracts.
Proper Segregation of Duties and Access Control for internal employees and cons
ultants as well as external clients, vendors and auditors.
Continuous protection of privacy of information and intellectual property throu
gh the ongoing testing, logging, reviewing, monitoring and prevention of intrusi
on, through vulnerability assessments, and systems / applications stress testing
to ensure the quick and efficient processing of, and access to data.
Providing training and presentation of continuously updated process narratives,
policies & procedures, user guides and technical reference manuals that reflect
the ever-changing industry needs, client demands & best practices while operati
ng within legal and regulatory constraints and boundaries.
Standardization of databases and efficient uploading of updates from a wide var
iety of financial and government sources, validating Website display and functio
nality of data access.
Proactively scouring for exceptions using data forensics a" running ahead of th
e auditors proactively remediating problems found thereby proving that managemen
t is effectively managing risk and mitigating fraud potential.
Securing and documenting Applications development through effective and efficie
nt Change Management.
Maintaining SAS-70 Compliance and providing the required annual updates as need
ed by clients in the manner approved by Legal.
Facilitating and supporting legal compliance through intelligent Documentation
Retention and need-to-know access to approved contract and audit document reposi
tories, corporate governance files and apermanenta business files.
Periodically updating and testing Business Continuity and Disaster Recovery Pla
ns starting with Daily Backups.
Contracting for specialized IT / IS services from specification development, RF
Pas written and answered, contract award and management.
Experienced in all aspects of SOX Compliance from AS-5 Entity-Wide Risk Assessm
ent through the identification and testing of Key Controls, IT data mining and f
orensics using ACL, audit interviewing, writing and updating business process na
rratives / policy & procedure documents, updating COSO / COBIT control matrixes,
and writing test scripts.
Re-designed existing IT and Financial controls to mitigate and remediate risks/
deficiencies. Streamlined testing by cross-referencing controls required to be
tested by various Regulatory entities.
Proficient at IT Project and Change Management a" drafted plans and coordinated
critical IT remediation projects required to obtain / maintain Sarbanes Complia
nce a" mapping data to facilitate System Conversions and uploading electronic da
ta filings via EDGAR, FERC (Federal Energy Regulatory Commission), EPA (NPDES) &
IRS 1099as.
Greatly reduced corporate audit costs through integrating External Financial Au
dit Coordination together with Internal Operations Audits and SOX 404 related au
dit activities. Facilitate filing of IPOas and SEC S-1as.
Relevant Career Experience:
1997-Current Companies: Insight Global; Xperianz / Resources Global; Robert Hal
f Itnal; K-Force & 1099 Direct. POSITIONS: Information Systems Security & Comp
liance Risk Officer; Sr. SOX 404 Audit Consultant; Sr. SOX IT Audit Consultant a
nd Sr. Business Analyst for Database(s) Standardization, Systems Integration, Re
mediations Design and Project Coordination.
a Feb 2010-Current CoreLogic, Inc. (formerly First American) a" $2B leading
technology provider of business information, analytics and outsourcing services.
Segment: Valuation Services IT Shared a" offering SaaS Real Estate Appraisals
and Broker Price Opinions to the Financial Services industry and Federal Governm
ent. POSITION: IT Information Security & Compliance Specialist
a 2007-2009 NewEgg.com - $2B Import/Export Ecommerce Electronics Retailer.
a POSITION: Sr. SOX Audit Consultant, including ITGC & Applications Audit. Sys
tems: SAP, AMS Legacy, BizTalk, SQL, Excel & ACL
a 2007 PriceSmart - $900M International CostCo. POSITION: Sr. SOX Audit Testin
g Consultant. Systems: Policy IQ
a 2007 E&S International - $500M Import / Export Electronics Manufacturer & Whol
esale Distributor., POSITION: External Auditor Management Coordinator. POSITI
ON: Systems: SAP
a 2006-2007 Fuel System Solutions / Impco Technologies, Inc.- $175M Manufacturer
of industrial automotive fuel conversion systems. POSITION: SOX IT Testing Co
nsultant a" US, Netherlands & Australia. Systems: SAP & JD Edwards
a 2005-2006 Dayton Power & Light a" $1.2B MidWest Gas & Electric Company. POSIT
ION: SOX Remediations Coordination, EDGAR / Federal Energy Regulatory Commissio
n (FERC) & IRS 1099 Electronic Filing Specialist. Systems: JD Edwards, EDGAR,
YES
a 2005 Reynolds & Reynolds, Inc.- $1B ERP / CRM Software Developer for 2/3 of th
e US & Canadaas Auto Manufacturers and Dealerships. POSITION: SOX IT Specialis
t for Spreadsheet Certifications. Systems: SAP and Legacy
a 2005 General Cable Corporation - $2B Manufacturer of Fiber-Optics, Wire & Cabl
e Products. POSITION: SOX Audit Test Consultant & Operations Remediation Speci
alist. Systems: H Friedman, Legacy & Hyperion
a 2004-2005 NS Group & Subsidiaries Newport & Koppel Steel - $500M Manufacturer
of Seamless Steel Pipeline. POSITION: SOX Audit Test Consultant including IT A
pplications
a 2004 UNOVA / Intermec Corporation - $710M Manufacturer of Industrial Automatio
n Components & Robotics. POSITION: Sr. SOX Audit Test Consultant. Systems: M
apics & Legacy
a 2000 Convergys - $ Telecom Billing Provider for: AT&T, Cincinnati Bell, Ver
izon & Sprint Billing. POSITION: Y2K Legacy Systems IT Consultant. Systems:
PeopleSoft, Hyperion, SAP, Legacy.
2003-2009 Genlor, Inc. / Gannett Inc. a" Merchant Acquisition & Customer Loyalty
Programs for Gannett and other Large Metro Newspapers. POSITION: Principal a"
Financial & Tax, Sales and Marketing Support, Website & E-Commerce Management
1997-2003 Kruse & Crawford CPAas a" Partnership Accounting, Succession Planning
and & Corporate Tax Services CPA Firm. POSITION: Sr. Corporate Tax Accountant
Contractor
1994-1997 Rippe & Kingston CPAas, PSC / R&K Systems, Inc. / HLB International -
Accounting Systems Implementation and Integration Specialists for Law Firms and
Municipal Enterprises. POSITION: Director, Government Services Division
1990-1994 City of Cincinnati. Departments: Recreation Commission; Public Works
a" Stormwater Management Utility; Finance; City Council. POSITIONs: Financial
IT Manager / Internal Auditor / City-Wide SW Conversion Specialist

Education & Certifications:

University of Cincinnati - BS, Accounting & Information Systems Technology
CPA a" OH inactive - Pursuing CA Registration and CISSP Certification
Resume Addendum: Industry, Functional IT Security & Applications Experience Sum
mary
INDUSTRY EXPERIENCE
a Consulting, Financial Services;
a Import/Export Electronics Distribution: Wholesale, Retail & E-Commerce
a Industrial: Robotics Manufacturing for Automotive, Pharmaceutical, Bio-Tech
a Media a" Large Metro Newspapers
a Utilities: Oil, Gas, Electric & Telecom
a ERP / CRM Software Development: Auto Manufacturers & Dealerships
a Fiber-Optic Wire & Cable Products
a Steel Foundries & Pipelines
a Government Contracting: Legal, Engineering, & Accounting Firms, EPA
a Municipal Enterprises
a Regional Computing Centers
a Airports and Airport Security
FUNCTIONAL IT SECURITY EXPERTISE
a Data & Analytics; Data Bases Cleansing, Standardization & Normalization
a Sensitive Data marking and Encryption Protection a" in motion & at rest, trans
mitting & receiving
a Gramm-Leach-Bliley, Red Flags, Patriot Act, HIPPA & PCI Compliance
a Vendor & Client Security Risk Management
a Information Security, Compliance & Enterprise Risk Management
a SOX 404 Risk Assessments, Key Controls ID, Test Scripts, Testing, Remediations
& Mitigating Reports
a Business Process Re-Engineering, Change & Project Management
a P&P/Process Narrative Development
a Internal Operations & External Audit Management Coordination
a CoA, JEas, SoD, Access Analysis, Data Mining, & Forensic Auditing
a Corporate Governance, MIS, Accounting Systems / Interface Evals
a Global ERP Systems Implementation
a Financial / Regulatory Reporting, Planning & Analysis
a M&A Systems Integration Plans
a Strategic Master Planning a" Operations, Maintenance & Capital
a Preparation of IRS, FERC & SEC Uploads & Supporting Schedules
a Employee & Customer Surveys
APPLICATIONS SYSTEMS EXPERIENCE
ERP Systems Integration / Audit:
a SAP, JD Edwards, PeopleSoft, Oracle
a Great Plains
a AMS / Legacy eCommerce, Appraisal & BPO Systems
a Hyperion Enterprise,
a ADP, HRIS, BizTalk, Pro FX
AUDIT / REPORTING TOOLS EXPERIENCE:
a ACL , Policy IQ
a EDGAR (SEC & FERC)
a YES (IRS 1099)