SlideShare una empresa de Scribd logo

LinkedInProfile_Deck09072016

Descargar como PPSX, PDF
B
buckkulkarni
1 de 10
The Growth Partners Key Projects and Track Record
Built the end-to-end governance process to manage the migration of a large payment processing platform from data- center to AWS Cloud. Key components were Vendor Evaluation, Roadmap and Milestones, Testing, PCI DSS & HIPAA certification, DR Testing, Load Testing, and go-live go-no-go decision tree. Developed and managed a complex communications program to notify 200+ clients, auditors, and partners over the entire journey to ensure acceptance by a large group of influential stakeholders. CLOUD MIGRATION & GOVERNANCE RISK MANAGEMENT FRAMEWORK Championed to C level executives the adoption of a harmonized RMF to meet the expectations of influential stakeholder groups, adopted the NIST SP 800 framework (of 18 control families and over 160 individual controls) and customized to meet FISMA, FedRAMP, HIPAA, Data Privacy and Process integrity expectations. Implemented a formal process for risk filtering (ATMA) and classification. The framework is in use for the past four years, meeting and exceeding client, external auditor and engineering groups to deliver ahead-of-the-curve governance and regulatory compliance. The largest client chose the organization as a Model Vendor to coach other vendors to come up the curve. Developed a single view across the organization of policies needed to manage all business and technology operations, procedures to comply with policies in different organizational units and a comprehensive log and evident management program to provide proof to auditors, clients, partners and executives that procedures were being followed in every operation of the organization. A semi-automated system ensures ‘permanent audit readiness’ for the organization. POLICY, PROCEDURES AND PROOF LIFECYCLE
RISK MANAGEMENT LIFECYCLE IN A GLOBAL ORGANIZATION A very large corporation, serving 3,000+ corporate clients globally, faced many challenges in technology risk identification, prioritization and resource allocation. We were tasked by the Chief Risk Officer to help his team define the entire risk management lifecycle and deep-dive into some aspects where weaknesses existed. We reviewed the existing practices, the substantial audit reports and findings in different geographies and against different regulations and SLAs to define the ‘Expectation Baseline’, presented to a global executive audience (technology, legal, compliance, risk, business, finance and operations) and after substantial brain-storming, achieved an agreement on ‘what is expected’. This was a stormy process and the wisdom of our effort was questioned many times but we were convinced of what we were doing and persevered. The end result provided a better-than-expected foundation for the subsequent efforts as by the time we started defining the workflows and tools and controls, the entire team felt ownership towards what we were proposing. In phase 1 of the architecture, we adopted the FARMER (Framework, Authority & Responsibility, Management, Education and Revise) approach. This provided a common vision to over 40 Risk Managers globally and while people had to freedom to think tailored to their situations, they were very clear about the overall framework, constraints and rules. Another major finding from our study regarding how risk was viewed and managed. The (unstated) principle seemed to be that risk has to be accepted and then you do your best to manage. This was certainly very counter-productive and we introduced the ATMA (Avoid, Transfer, Mitigate, Accept) and coached risk managers to filter every risk thru this model. With this, we triggered many new ideas and initiatives in vendor management, outsourcing, transformation, re- engineering, insurance coverage, tools and techniques and were able to build a much more cohesive risk management in a complex, global setting over a period of 14 months.
GOVERNANCE, RISK AND COMPLIANCE TRAINING POLICY, PROCEDURES AND PROOF LIFECYCLE BUSINESS AND TECHNOLOGY COMPLIANCE Developed an integrated program that meets the business compliance needs (NACHA, AML/KYC, Credit and Credentials verification) and technology compliance (PCI DSS, SOC, HIPAA/HiTech) from a common governance platform that provides consistent assurance with significant reduction in cost, time and resource expenditure on achieving the same. Internal (C level, Audit, Legal, Compliance) and external (Auditors, clients, partners) edstakeholders need to see that every incident is known and recorded, a formal process is followed to track each incident to closure and Root-cause Analyses are performed to ensure learning from each event and completion of appropriate remedial actions. Used Atlassian and ServiceNow tools to automate the function globally. Developed and conducted training programs to ensure all employees and contractors get appropriate (generic and role- based) training, are tested for assimilation via written examinations and provide evidence of the same to auditors, clients and partners. With automation and self-service training programs, allowed the client to achieve significant efficiency, time- saving and reusability as well as get exceptions from many modules of client-provided training. Financial Services, Government & Retail prospects perform increasingly stringent assessments as part of selection process and the client needed to prepare for 50 to 60 assessments by prospects and undergo granular audits by over 20 clients annually. This was sucking key technical and operations resources away from their main functions. Developed a framework-based, automated system to manage these assessments and audits with minimal demand on SME time. CLIENT AUDITS AND DUE DILIGENE
Financial Systems Consolidation & Outsourcing EXECUTIVE COACHING AND PARTNERSHIP GRC FUNCTION & TEAM BUILDING A large client had acquired disparate tools over time and assigned people as needed and the GRC function was a source of frustration for the team members as well as the organization. Created a strategic vision for the GRC function, won C level approval, built a strong team and morale and started a program to ‘accept or reject’ tools program. Created an A-team of GRC professionals, helped them achieve relevant certifications and delivered a quantum leap in results to the organization. Worked closely with the C suite and demonstrated the business value of GRC in terms of new client acquisition, renewals and client satisfaction. As the C suite saw the benefits coming in, won their support to expand and institutionalize GRC as an integral part of doing business. GRC is not seen as a legal requirement or ‘burn’ but as a competitive advantage by the C suite, leading to continuous improvement in the company. This client is a $20 billion + organization with a global footprint of nearly 200,000 employees. With over a dozen major (more than 10 countries) financial systems (SAP, Oracle, JD Edwards, Dynamics and Maconomy), the outsourcing of the same to an external vendor involved transition and transformation on a large scale. Supported the architecture and creation of the FinTech CoE (Center of Excellence), involving re-badging and training of over 200 business and technical staff, developed support workflows and executive presentations to present the scenarios to CFOs of major corporate units and win their approval to the transformation and hand-off program. Developed the categorization for application complexity, risk, support expectations of over 400 applications to build a prioritized roadmap of transition and transformation to the vendor.
With the transition of all major financial applications to a new vendor-owned process, the infrastructure, network architecture and devices, segregation of duties matrix, support mix and accountability patterns changed significantly and the established SOX compliance measures were rendered obsolete. Both the internal and external auditors had reported major findings to group CFO. I helped identify the SOX control points in the Target Operating Model (TOM), define the SOP for new environment with distribution of accountability between vendor and the organization. Identified legacy systems to be sunset to trim the portfolio from 400+ to less than 40. Invited the internal audit team within six months for a mock audit to reduce open items by over 65%. TRANSFORMATION MODEL DEVELOPMENT TRANSITION MANAGEMENT SOX COMPLIANCE IN AN OUTSOURCED ENVIRONMENT The company followed a non-organic growth model with 400+ subsidiaries in 100 countries with little operational integration. This led to hundreds of different applications, hosting environments and transitioning the current model to target model needed both strategic planning and operational guidance to help the outsourcing vendor as well as thousands of employees. We identified and prioritized the key processes and developed workflows to harmonize key processes to align to the Target Operating Model The transition enabled the vendor to take over the operations in an ‘as-is’ manner but the business changed significantly (due to inorganic expansion) and the transitioned state was seen as incompatible with the new reality. I worked with the C suite to capture the vision and developed a desired end-state and the transformation roadmap to reach the same. Developed the complete suite of workflows to help the C level executives visually see the roadmap and commit to it.
WORKFLOW AUTOMATION METRICS & MEASUREMENT FOR VENDOR GOVERNANCE RE-ALIGNMENT OF OUTSOURCING TO AGILE PROCESS Developed the strawmen to present possible scenarios for handling key operational and support processes, presented a wide swath of stakeholders globally with pros and cons, helped decision-makers arrive at a consensus operating model. Using the approved models, developed tools and flows in SharePoint (Operations) and ServiceNow (Support) to document the granular stakeholder matrices and action sequences. These were used by vendor to develop the actual implementation steps With over 300,000 employees in 100 countries and 400 subsidiaries, both the vendor and the company faced a challenge on measuring and tracking progress across such a complex canvas. I led a small team to identify key metrics across each of the major transition and transformation areas (called Towers), conducted intense negotiations with vendor and client leadership to help arrive at a consensus set of metrics. Worked with Business Owners, Architects, Engineering and Support teams to identify the sources of raw performance data to derive the measurements from. Built a SharePoint dashboard to continually demonstrate the current state across all towers and tracked against governance plan objectives to help both vendor and company executives track and monitor progress The contracts were drawn up when company (mostly) used waterfall process but many groups rapidly adopted agile process and were not ready to go back to waterfall to fit into the contract structure. The business need for agile was very strong & the COO wanted the contract re-drawn to use agile as the SOP. I focused on identifying key contract clauses in SDLC, Release, Change and Support areas and introduced agile processes of product roadmaps, stand-ups, change in documentation patterns, DevOps and continuous integration into the contract. The same were presented to the CIO, Commercial, Legal and CFO teams as well as the vendor for approval and were incorporated into the contract.
AGILE ADOPTION IN A GLOBAL ORGANIZATION METRICS-DRIVEN COMMERCIAL PROCESS OUTSOURCING CONTRACT RE-NEGOTIATION The contract between the vendor and the company was signed over an extended period that witnessed significant changes to both the CIO and CFO/COO teams. Thus, the contract had become too large, with gaps and duplications and the execution had become a major challenge for both parties. Worked closely with executives from vendor and company sides to identify key pain-points and helped resolve many conflicts. Introduced key concepts of harmonization, documentation down-sizing, SOX compliance driven adoption and agile process to bring into focus key goals that transcended the contract fine-print. About a year into the outsourcing contract, not a single invoice of the vendor was paid by the company and the situation was getting harder by the day for both sides. SDLC, Application Operations, Service Introduction, Gating, Quality Certification, system failures were the key pillars of invoicing and there were no metrics to objectively assess the performance in real terms. Developed a set of metrics to cover these areas and presented the same to both parties for discussion and helped arrive at a consensus. With a large team working on generating & agreeing on the metrics, helped the CFO office pay six invoices in a space of 45 days and helped stabilize the relationship. As the outsourcing plan was unrolling, the company was undergoing major strategic changes – acquiring companies as well as being acquired – that changed the strategic goals on a monthly basis. The waterfall-based contract was simply incapable of changing direction and the SDLC as well as Release process was bottle-necked. I recommended and kicked-off a major agile adoption drive to design a custom agile process that met the company needs, that the vendor could integrate into its delivery processes and both sides could track in terms of concrete measures and metrics. I personally trained over 400 key managers in global company locations in agile adoption.
PCI DSS COMPLIANCE OF 1,100 GLOBAL LOCATIONS There were multiple systems involved in the card processing chain. New acquisitions presented a different state of PCI compliance on one side and the vendor processes that captured and stored the card data on the other. This complicated the card security chain and the company suffered a major card security breach at a major location. I worked with the front-end applications groups (over 400 people globally) and created a consolidated PCI Status Sheet to help identify risk, assign priority and resources to remediation. Led a major remediation design effort to address top risks against each of the twelve PCI requirements and set up the process for harmonizing card processing and storage systems to bring better compliance in future years. The company was growing rapidly and the sales team was getting bogged down with implementation, operations, compliance, billing and support tasks to manage client satisfaction rather than prospecting and sales pipeline building. This was creating a serious disruption as the company was in preparing to sell itself to a group of investors. I started an enterprise- wide effort to build the total picture, segregate sales and account management activities and presented the scenarios to the CEO and the COO. After review and approval, developed detailed workflows for each work-stream and conducted training programs for Directors and Operational Managers. During this period, I realized that issue tracking was the biggest gap across the organization and developed an issue-tracking system using Atlassian Confluence and JIRA platform. Within six months, the average sales person reported spending 70% of time on prospecting and sales pipeline, up from less than 30%. ENTERPRISE WORKFLOW INTEGRATION
The company was built using an acquisition model, consisted of about 12 major application platforms acquired from as many acquisitions. The IT group had worked in a reactive manner and they were functioning as twelve different systems in the company, leading to huge duplication, gaps and client dissatisfaction. Developed an architectural approach to consolidate all systems into two categories – Microsoft-based for internal operations and Salesforce-based for prospecting and selling cycle management. I adopted a loosely-coupled approach for the medium-term as the technology maturity did not permit a tight integration and would have led to a collapse. Re-structured the IT team along the two technology tracks, sponsored many mid-level employees for skill-building training and mentored the IT team to align with business and become more client-focused. TECHNOLOGY STRATEGY & INTEGRATION Some clients need to develop & manage software products where they have significant Intellectual Property (IP) protection requirements as well as the ability to change directions quickly as they test the client reaction to features and performance. NDAs and agreements can do only so much when it comes to protecting IP. We developed and managed the product roadmap, user stories and the agile process and distributed the development over 2 or 3 different vendors. We managed the entire lifecycle in such a way that no one but the client saw the full product. We saw all the road-map but did not see any code, client was responsible for integration, acceptance and release, and individual development vendors saw only the code they wrote. This was a complex process but ensured that client’s IP was fully protected. SOFTWARE PRODUCT & IP MANAGEMENT

Recomendados

Twin-solution-0615-1
Twin-solution-0615-1Twin-solution-0615-1
Twin-solution-0615-1
CHANDAN KAR
 
Arrelic company brochure
Arrelic company brochureArrelic company brochure
Arrelic company brochure
Arrelic
 
Arrelic-Careers-EN
Arrelic-Careers-ENArrelic-Careers-EN
Arrelic-Careers-EN
DEEPAK SAHOO
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
PECB
 
Asset Performance Management_Deepak Sahoo_v0.2
Asset Performance Management_Deepak Sahoo_v0.2Asset Performance Management_Deepak Sahoo_v0.2
Asset Performance Management_Deepak Sahoo_v0.2
DEEPAK SAHOO
 
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301
PECB
 
Session 3B Quality Assurance and Building Effective Oversight System - Paul H...
Session 3B Quality Assurance and Building Effective Oversight System - Paul H...Session 3B Quality Assurance and Building Effective Oversight System - Paul H...
Session 3B Quality Assurance and Building Effective Oversight System - Paul H...
International Federation of Accountants
 
Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001
Nimonik
 

Recomendados

Twin-solution-0615-1
Twin-solution-0615-1Twin-solution-0615-1
Twin-solution-0615-1
CHANDAN KAR
 
Arrelic company brochure
Arrelic company brochureArrelic company brochure
Arrelic company brochure
Arrelic
 
Arrelic-Careers-EN
Arrelic-Careers-ENArrelic-Careers-EN
Arrelic-Careers-EN
DEEPAK SAHOO
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
PECB
 
Asset Performance Management_Deepak Sahoo_v0.2
Asset Performance Management_Deepak Sahoo_v0.2Asset Performance Management_Deepak Sahoo_v0.2
Asset Performance Management_Deepak Sahoo_v0.2
DEEPAK SAHOO
 
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301
PECB
 
Session 3B Quality Assurance and Building Effective Oversight System - Paul H...
Session 3B Quality Assurance and Building Effective Oversight System - Paul H...Session 3B Quality Assurance and Building Effective Oversight System - Paul H...
Session 3B Quality Assurance and Building Effective Oversight System - Paul H...
International Federation of Accountants
 
Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001
Nimonik
 
Social Media & Women's Health, Merrillville, IN May 12, 2011
Social Media & Women's Health, Merrillville, IN May 12, 2011Social Media & Women's Health, Merrillville, IN May 12, 2011
Social Media & Women's Health, Merrillville, IN May 12, 2011
My Social Media Coach
 
El París de América
El París de AméricaEl París de América
El París de América
Alba Molina
 
Are You Socially Correct?
Are You Socially Correct?Are You Socially Correct?
Are You Socially Correct?
My Social Media Coach
 
Time after jazz
Time after jazzTime after jazz
Time after jazz
Alba Molina
 
AAUW Kathy Sipple Presentation 11-8-10
AAUW Kathy Sipple Presentation 11-8-10AAUW Kathy Sipple Presentation 11-8-10
AAUW Kathy Sipple Presentation 11-8-10
My Social Media Coach
 
Aauw presentation 11 8-10
Aauw presentation 11 8-10Aauw presentation 11 8-10
Aauw presentation 11 8-10
My Social Media Coach
 
Intro to Social Media
Intro to Social MediaIntro to Social Media
Intro to Social Media
My Social Media Coach
 
Delilah’S Bazaar Woven Bgs
Delilah’S Bazaar Woven BgsDelilah’S Bazaar Woven Bgs
Delilah’S Bazaar Woven Bgs
marty frank
 
Payment giant-automates-internal-audit
Payment giant-automates-internal-auditPayment giant-automates-internal-audit
Payment giant-automates-internal-audit
MetricStream Inc
 
Client case studies: Where will your company find top talent? Look to the cloud
Client case studies: Where will your company find top talent? Look to the cloudClient case studies: Where will your company find top talent? Look to the cloud
Client case studies: Where will your company find top talent? Look to the cloud
PwC
 
John Novak Resume 2016
John Novak Resume 2016John Novak Resume 2016
John Novak Resume 2016
JOHN NOVAK
 
Transforming to Managed Services with ALT ASM for Large pharmaceutical
Transforming to Managed Services with ALT ASM for Large pharmaceuticalTransforming to Managed Services with ALT ASM for Large pharmaceutical
Transforming to Managed Services with ALT ASM for Large pharmaceutical
Christian T
 
How Morgan Stanley is Using Apps to Transform the Workplace
How Morgan Stanley is Using Apps to Transform the WorkplaceHow Morgan Stanley is Using Apps to Transform the Workplace
How Morgan Stanley is Using Apps to Transform the Workplace
Dreamforce
 
Axis Consulting Case Studies
Axis Consulting Case StudiesAxis Consulting Case Studies
Axis Consulting Case Studies
Axis Technology, LLC
 
Premier Alliance Case Study 2
Premier Alliance Case Study 2Premier Alliance Case Study 2
Premier Alliance Case Study 2
ProActive Capital Resources Group
 
Leonard Smith Resume.docxGE only
Leonard Smith Resume.docxGE onlyLeonard Smith Resume.docxGE only
Leonard Smith Resume.docxGE only
Leonard Smith
 
Why Healthcare CFOs Do Not Need to Struggle with the New Lease Accounting Sta...
Why Healthcare CFOs Do Not Need to Struggle with the New Lease Accounting Sta...Why Healthcare CFOs Do Not Need to Struggle with the New Lease Accounting Sta...
Why Healthcare CFOs Do Not Need to Struggle with the New Lease Accounting Sta...
Healthcare Network marcus evans
 
Manage in the Cloud: Prepare to be Future Ready
Manage in the Cloud: Prepare to be Future ReadyManage in the Cloud: Prepare to be Future Ready
Manage in the Cloud: Prepare to be Future Ready
Wolters Kluwer Tax & Accounting US
 
RobynFrank resume
RobynFrank resumeRobynFrank resume
RobynFrank resume
Robyn Frank
 
DianeOakleyResume20170130
DianeOakleyResume20170130DianeOakleyResume20170130
DianeOakleyResume20170130
Diane Oakley
 
A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance
MetricStream Inc
 
Global Quality Workflow, The Transition from Manual to Automated Compliance P...
Global Quality Workflow, The Transition from Manual to Automated Compliance P...Global Quality Workflow, The Transition from Manual to Automated Compliance P...
Global Quality Workflow, The Transition from Manual to Automated Compliance P...
Maetrics
 

Más contenido relacionado

Destacado

Destacado (8)

Social Media & Women's Health, Merrillville, IN May 12, 2011
Social Media & Women's Health, Merrillville, IN May 12, 2011Social Media & Women's Health, Merrillville, IN May 12, 2011
Social Media & Women's Health, Merrillville, IN May 12, 2011
 
El París de América
El París de AméricaEl París de América
El París de América
 
Are You Socially Correct?
Are You Socially Correct?Are You Socially Correct?
Are You Socially Correct?
 
Time after jazz
Time after jazzTime after jazz
Time after jazz
 
AAUW Kathy Sipple Presentation 11-8-10
AAUW Kathy Sipple Presentation 11-8-10AAUW Kathy Sipple Presentation 11-8-10
AAUW Kathy Sipple Presentation 11-8-10
 
Aauw presentation 11 8-10
Aauw presentation 11 8-10Aauw presentation 11 8-10
Aauw presentation 11 8-10
 
Intro to Social Media
Intro to Social MediaIntro to Social Media
Intro to Social Media
 
Delilah’S Bazaar Woven Bgs
Delilah’S Bazaar Woven BgsDelilah’S Bazaar Woven Bgs
Delilah’S Bazaar Woven Bgs
 

Similar a LinkedInProfile_Deck09072016

Payment giant-automates-internal-audit
Payment giant-automates-internal-auditPayment giant-automates-internal-audit
Payment giant-automates-internal-audit
MetricStream Inc
 
Client case studies: Where will your company find top talent? Look to the cloud
Client case studies: Where will your company find top talent? Look to the cloudClient case studies: Where will your company find top talent? Look to the cloud
Client case studies: Where will your company find top talent? Look to the cloud
PwC
 
John Novak Resume 2016
John Novak Resume 2016John Novak Resume 2016
John Novak Resume 2016
JOHN NOVAK
 
Transforming to Managed Services with ALT ASM for Large pharmaceutical
Transforming to Managed Services with ALT ASM for Large pharmaceuticalTransforming to Managed Services with ALT ASM for Large pharmaceutical
Transforming to Managed Services with ALT ASM for Large pharmaceutical
Christian T
 
Leonard Smith Resume.docxGE only
Leonard Smith Resume.docxGE onlyLeonard Smith Resume.docxGE only
Leonard Smith Resume.docxGE only
Leonard Smith
 
RobynFrank resume
RobynFrank resumeRobynFrank resume
RobynFrank resume
Robyn Frank
 
DianeOakleyResume20170130
DianeOakleyResume20170130DianeOakleyResume20170130
DianeOakleyResume20170130
Diane Oakley
 
Sharpening revenue assurance_july 2015
Sharpening revenue assurance_july 2015Sharpening revenue assurance_july 2015
Sharpening revenue assurance_july 2015
Silas Musakali
 
Sumegh Parab - Resume V1
Sumegh Parab - Resume V1Sumegh Parab - Resume V1
Sumegh Parab - Resume V1
Sumegh Parab
 

Similar a LinkedInProfile_Deck09072016 (20)

Payment giant-automates-internal-audit
Payment giant-automates-internal-auditPayment giant-automates-internal-audit
Payment giant-automates-internal-audit
 
Client case studies: Where will your company find top talent? Look to the cloud
Client case studies: Where will your company find top talent? Look to the cloudClient case studies: Where will your company find top talent? Look to the cloud
Client case studies: Where will your company find top talent? Look to the cloud
 
John Novak Resume 2016
John Novak Resume 2016John Novak Resume 2016
John Novak Resume 2016
 
Transforming to Managed Services with ALT ASM for Large pharmaceutical
Transforming to Managed Services with ALT ASM for Large pharmaceuticalTransforming to Managed Services with ALT ASM for Large pharmaceutical
Transforming to Managed Services with ALT ASM for Large pharmaceutical
 
How Morgan Stanley is Using Apps to Transform the Workplace
How Morgan Stanley is Using Apps to Transform the WorkplaceHow Morgan Stanley is Using Apps to Transform the Workplace
How Morgan Stanley is Using Apps to Transform the Workplace
 
Axis Consulting Case Studies
Axis Consulting Case StudiesAxis Consulting Case Studies
Axis Consulting Case Studies
 
Premier Alliance Case Study 2
Premier Alliance Case Study 2Premier Alliance Case Study 2
Premier Alliance Case Study 2
 
Leonard Smith Resume.docxGE only
Leonard Smith Resume.docxGE onlyLeonard Smith Resume.docxGE only
Leonard Smith Resume.docxGE only
 
Why Healthcare CFOs Do Not Need to Struggle with the New Lease Accounting Sta...
Why Healthcare CFOs Do Not Need to Struggle with the New Lease Accounting Sta...Why Healthcare CFOs Do Not Need to Struggle with the New Lease Accounting Sta...
Why Healthcare CFOs Do Not Need to Struggle with the New Lease Accounting Sta...
 
Manage in the Cloud: Prepare to be Future Ready
Manage in the Cloud: Prepare to be Future ReadyManage in the Cloud: Prepare to be Future Ready
Manage in the Cloud: Prepare to be Future Ready
 
RobynFrank resume
RobynFrank resumeRobynFrank resume
RobynFrank resume
 
DianeOakleyResume20170130
DianeOakleyResume20170130DianeOakleyResume20170130
DianeOakleyResume20170130
 
A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance
 
Global Quality Workflow, The Transition from Manual to Automated Compliance P...
Global Quality Workflow, The Transition from Manual to Automated Compliance P...Global Quality Workflow, The Transition from Manual to Automated Compliance P...
Global Quality Workflow, The Transition from Manual to Automated Compliance P...
 
Case Studies
Case StudiesCase Studies
Case Studies
 
A New Era of Compliance: Innovations in ServiceNow GRC 
A New Era of Compliance: Innovations in ServiceNow GRC A New Era of Compliance: Innovations in ServiceNow GRC 
A New Era of Compliance: Innovations in ServiceNow GRC 
 
Sharpening revenue assurance_july 2015
Sharpening revenue assurance_july 2015Sharpening revenue assurance_july 2015
Sharpening revenue assurance_july 2015
 
Gregory P Cofoid Resume - CV
Gregory P Cofoid Resume - CVGregory P Cofoid Resume - CV
Gregory P Cofoid Resume - CV
 
Gregory p cofoid cfo resume non ats r6
Gregory p cofoid cfo resume non ats r6Gregory p cofoid cfo resume non ats r6
Gregory p cofoid cfo resume non ats r6
 
Sumegh Parab - Resume V1
Sumegh Parab - Resume V1Sumegh Parab - Resume V1
Sumegh Parab - Resume V1
 

LinkedInProfile_Deck09072016

  • 1. The Growth Partners Key Projects and Track Record
  • 2. Built the end-to-end governance process to manage the migration of a large payment processing platform from data- center to AWS Cloud. Key components were Vendor Evaluation, Roadmap and Milestones, Testing, PCI DSS & HIPAA certification, DR Testing, Load Testing, and go-live go-no-go decision tree. Developed and managed a complex communications program to notify 200+ clients, auditors, and partners over the entire journey to ensure acceptance by a large group of influential stakeholders. CLOUD MIGRATION & GOVERNANCE RISK MANAGEMENT FRAMEWORK Championed to C level executives the adoption of a harmonized RMF to meet the expectations of influential stakeholder groups, adopted the NIST SP 800 framework (of 18 control families and over 160 individual controls) and customized to meet FISMA, FedRAMP, HIPAA, Data Privacy and Process integrity expectations. Implemented a formal process for risk filtering (ATMA) and classification. The framework is in use for the past four years, meeting and exceeding client, external auditor and engineering groups to deliver ahead-of-the-curve governance and regulatory compliance. The largest client chose the organization as a Model Vendor to coach other vendors to come up the curve. Developed a single view across the organization of policies needed to manage all business and technology operations, procedures to comply with policies in different organizational units and a comprehensive log and evident management program to provide proof to auditors, clients, partners and executives that procedures were being followed in every operation of the organization. A semi-automated system ensures ‘permanent audit readiness’ for the organization. POLICY, PROCEDURES AND PROOF LIFECYCLE
  • 3. RISK MANAGEMENT LIFECYCLE IN A GLOBAL ORGANIZATION A very large corporation, serving 3,000+ corporate clients globally, faced many challenges in technology risk identification, prioritization and resource allocation. We were tasked by the Chief Risk Officer to help his team define the entire risk management lifecycle and deep-dive into some aspects where weaknesses existed. We reviewed the existing practices, the substantial audit reports and findings in different geographies and against different regulations and SLAs to define the ‘Expectation Baseline’, presented to a global executive audience (technology, legal, compliance, risk, business, finance and operations) and after substantial brain-storming, achieved an agreement on ‘what is expected’. This was a stormy process and the wisdom of our effort was questioned many times but we were convinced of what we were doing and persevered. The end result provided a better-than-expected foundation for the subsequent efforts as by the time we started defining the workflows and tools and controls, the entire team felt ownership towards what we were proposing. In phase 1 of the architecture, we adopted the FARMER (Framework, Authority & Responsibility, Management, Education and Revise) approach. This provided a common vision to over 40 Risk Managers globally and while people had to freedom to think tailored to their situations, they were very clear about the overall framework, constraints and rules. Another major finding from our study regarding how risk was viewed and managed. The (unstated) principle seemed to be that risk has to be accepted and then you do your best to manage. This was certainly very counter-productive and we introduced the ATMA (Avoid, Transfer, Mitigate, Accept) and coached risk managers to filter every risk thru this model. With this, we triggered many new ideas and initiatives in vendor management, outsourcing, transformation, re- engineering, insurance coverage, tools and techniques and were able to build a much more cohesive risk management in a complex, global setting over a period of 14 months.
  • 4. GOVERNANCE, RISK AND COMPLIANCE TRAINING POLICY, PROCEDURES AND PROOF LIFECYCLE BUSINESS AND TECHNOLOGY COMPLIANCE Developed an integrated program that meets the business compliance needs (NACHA, AML/KYC, Credit and Credentials verification) and technology compliance (PCI DSS, SOC, HIPAA/HiTech) from a common governance platform that provides consistent assurance with significant reduction in cost, time and resource expenditure on achieving the same. Internal (C level, Audit, Legal, Compliance) and external (Auditors, clients, partners) edstakeholders need to see that every incident is known and recorded, a formal process is followed to track each incident to closure and Root-cause Analyses are performed to ensure learning from each event and completion of appropriate remedial actions. Used Atlassian and ServiceNow tools to automate the function globally. Developed and conducted training programs to ensure all employees and contractors get appropriate (generic and role- based) training, are tested for assimilation via written examinations and provide evidence of the same to auditors, clients and partners. With automation and self-service training programs, allowed the client to achieve significant efficiency, time- saving and reusability as well as get exceptions from many modules of client-provided training. Financial Services, Government & Retail prospects perform increasingly stringent assessments as part of selection process and the client needed to prepare for 50 to 60 assessments by prospects and undergo granular audits by over 20 clients annually. This was sucking key technical and operations resources away from their main functions. Developed a framework-based, automated system to manage these assessments and audits with minimal demand on SME time. CLIENT AUDITS AND DUE DILIGENE
  • 5. Financial Systems Consolidation & Outsourcing EXECUTIVE COACHING AND PARTNERSHIP GRC FUNCTION & TEAM BUILDING A large client had acquired disparate tools over time and assigned people as needed and the GRC function was a source of frustration for the team members as well as the organization. Created a strategic vision for the GRC function, won C level approval, built a strong team and morale and started a program to ‘accept or reject’ tools program. Created an A-team of GRC professionals, helped them achieve relevant certifications and delivered a quantum leap in results to the organization. Worked closely with the C suite and demonstrated the business value of GRC in terms of new client acquisition, renewals and client satisfaction. As the C suite saw the benefits coming in, won their support to expand and institutionalize GRC as an integral part of doing business. GRC is not seen as a legal requirement or ‘burn’ but as a competitive advantage by the C suite, leading to continuous improvement in the company. This client is a $20 billion + organization with a global footprint of nearly 200,000 employees. With over a dozen major (more than 10 countries) financial systems (SAP, Oracle, JD Edwards, Dynamics and Maconomy), the outsourcing of the same to an external vendor involved transition and transformation on a large scale. Supported the architecture and creation of the FinTech CoE (Center of Excellence), involving re-badging and training of over 200 business and technical staff, developed support workflows and executive presentations to present the scenarios to CFOs of major corporate units and win their approval to the transformation and hand-off program. Developed the categorization for application complexity, risk, support expectations of over 400 applications to build a prioritized roadmap of transition and transformation to the vendor.
  • 6. With the transition of all major financial applications to a new vendor-owned process, the infrastructure, network architecture and devices, segregation of duties matrix, support mix and accountability patterns changed significantly and the established SOX compliance measures were rendered obsolete. Both the internal and external auditors had reported major findings to group CFO. I helped identify the SOX control points in the Target Operating Model (TOM), define the SOP for new environment with distribution of accountability between vendor and the organization. Identified legacy systems to be sunset to trim the portfolio from 400+ to less than 40. Invited the internal audit team within six months for a mock audit to reduce open items by over 65%. TRANSFORMATION MODEL DEVELOPMENT TRANSITION MANAGEMENT SOX COMPLIANCE IN AN OUTSOURCED ENVIRONMENT The company followed a non-organic growth model with 400+ subsidiaries in 100 countries with little operational integration. This led to hundreds of different applications, hosting environments and transitioning the current model to target model needed both strategic planning and operational guidance to help the outsourcing vendor as well as thousands of employees. We identified and prioritized the key processes and developed workflows to harmonize key processes to align to the Target Operating Model The transition enabled the vendor to take over the operations in an ‘as-is’ manner but the business changed significantly (due to inorganic expansion) and the transitioned state was seen as incompatible with the new reality. I worked with the C suite to capture the vision and developed a desired end-state and the transformation roadmap to reach the same. Developed the complete suite of workflows to help the C level executives visually see the roadmap and commit to it.
  • 7. WORKFLOW AUTOMATION METRICS & MEASUREMENT FOR VENDOR GOVERNANCE RE-ALIGNMENT OF OUTSOURCING TO AGILE PROCESS Developed the strawmen to present possible scenarios for handling key operational and support processes, presented a wide swath of stakeholders globally with pros and cons, helped decision-makers arrive at a consensus operating model. Using the approved models, developed tools and flows in SharePoint (Operations) and ServiceNow (Support) to document the granular stakeholder matrices and action sequences. These were used by vendor to develop the actual implementation steps With over 300,000 employees in 100 countries and 400 subsidiaries, both the vendor and the company faced a challenge on measuring and tracking progress across such a complex canvas. I led a small team to identify key metrics across each of the major transition and transformation areas (called Towers), conducted intense negotiations with vendor and client leadership to help arrive at a consensus set of metrics. Worked with Business Owners, Architects, Engineering and Support teams to identify the sources of raw performance data to derive the measurements from. Built a SharePoint dashboard to continually demonstrate the current state across all towers and tracked against governance plan objectives to help both vendor and company executives track and monitor progress The contracts were drawn up when company (mostly) used waterfall process but many groups rapidly adopted agile process and were not ready to go back to waterfall to fit into the contract structure. The business need for agile was very strong & the COO wanted the contract re-drawn to use agile as the SOP. I focused on identifying key contract clauses in SDLC, Release, Change and Support areas and introduced agile processes of product roadmaps, stand-ups, change in documentation patterns, DevOps and continuous integration into the contract. The same were presented to the CIO, Commercial, Legal and CFO teams as well as the vendor for approval and were incorporated into the contract.
  • 8. AGILE ADOPTION IN A GLOBAL ORGANIZATION METRICS-DRIVEN COMMERCIAL PROCESS OUTSOURCING CONTRACT RE-NEGOTIATION The contract between the vendor and the company was signed over an extended period that witnessed significant changes to both the CIO and CFO/COO teams. Thus, the contract had become too large, with gaps and duplications and the execution had become a major challenge for both parties. Worked closely with executives from vendor and company sides to identify key pain-points and helped resolve many conflicts. Introduced key concepts of harmonization, documentation down-sizing, SOX compliance driven adoption and agile process to bring into focus key goals that transcended the contract fine-print. About a year into the outsourcing contract, not a single invoice of the vendor was paid by the company and the situation was getting harder by the day for both sides. SDLC, Application Operations, Service Introduction, Gating, Quality Certification, system failures were the key pillars of invoicing and there were no metrics to objectively assess the performance in real terms. Developed a set of metrics to cover these areas and presented the same to both parties for discussion and helped arrive at a consensus. With a large team working on generating & agreeing on the metrics, helped the CFO office pay six invoices in a space of 45 days and helped stabilize the relationship. As the outsourcing plan was unrolling, the company was undergoing major strategic changes – acquiring companies as well as being acquired – that changed the strategic goals on a monthly basis. The waterfall-based contract was simply incapable of changing direction and the SDLC as well as Release process was bottle-necked. I recommended and kicked-off a major agile adoption drive to design a custom agile process that met the company needs, that the vendor could integrate into its delivery processes and both sides could track in terms of concrete measures and metrics. I personally trained over 400 key managers in global company locations in agile adoption.
  • 9. PCI DSS COMPLIANCE OF 1,100 GLOBAL LOCATIONS There were multiple systems involved in the card processing chain. New acquisitions presented a different state of PCI compliance on one side and the vendor processes that captured and stored the card data on the other. This complicated the card security chain and the company suffered a major card security breach at a major location. I worked with the front-end applications groups (over 400 people globally) and created a consolidated PCI Status Sheet to help identify risk, assign priority and resources to remediation. Led a major remediation design effort to address top risks against each of the twelve PCI requirements and set up the process for harmonizing card processing and storage systems to bring better compliance in future years. The company was growing rapidly and the sales team was getting bogged down with implementation, operations, compliance, billing and support tasks to manage client satisfaction rather than prospecting and sales pipeline building. This was creating a serious disruption as the company was in preparing to sell itself to a group of investors. I started an enterprise- wide effort to build the total picture, segregate sales and account management activities and presented the scenarios to the CEO and the COO. After review and approval, developed detailed workflows for each work-stream and conducted training programs for Directors and Operational Managers. During this period, I realized that issue tracking was the biggest gap across the organization and developed an issue-tracking system using Atlassian Confluence and JIRA platform. Within six months, the average sales person reported spending 70% of time on prospecting and sales pipeline, up from less than 30%. ENTERPRISE WORKFLOW INTEGRATION
  • 10. The company was built using an acquisition model, consisted of about 12 major application platforms acquired from as many acquisitions. The IT group had worked in a reactive manner and they were functioning as twelve different systems in the company, leading to huge duplication, gaps and client dissatisfaction. Developed an architectural approach to consolidate all systems into two categories – Microsoft-based for internal operations and Salesforce-based for prospecting and selling cycle management. I adopted a loosely-coupled approach for the medium-term as the technology maturity did not permit a tight integration and would have led to a collapse. Re-structured the IT team along the two technology tracks, sponsored many mid-level employees for skill-building training and mentored the IT team to align with business and become more client-focused. TECHNOLOGY STRATEGY & INTEGRATION Some clients need to develop & manage software products where they have significant Intellectual Property (IP) protection requirements as well as the ability to change directions quickly as they test the client reaction to features and performance. NDAs and agreements can do only so much when it comes to protecting IP. We developed and managed the product roadmap, user stories and the agile process and distributed the development over 2 or 3 different vendors. We managed the entire lifecycle in such a way that no one but the client saw the full product. We saw all the road-map but did not see any code, client was responsible for integration, acceptance and release, and individual development vendors saw only the code they wrote. This was a complex process but ensured that client’s IP was fully protected. SOFTWARE PRODUCT & IP MANAGEMENT