Karla Mowatt

Build and mature oversight capabilities, first as Operational Risk Liaison, then as leader of a Technology Risk Discipline focused on technology resilience. Experience highlights include:

• Implement and manage risk and resilience programs, supporting new risk management departments as organization evolves.
• Lead team of technology risk managers to conduct second line of defense risk identification, assessment, monitoring, and reporting.
• Influence through strong stakeholder partnerships, providing guidance and direction to develop risk governance and control.
• Receive departmental award to recognize championship of risk management principles and practices, exceptional teamwork, and “one-firm” partnership across lines of defense.
• Develop Firm's operational resilience framework, incorporating business, technology, third-party, and cyber resilience programs.
• Establish technology resilience risk oversight of disaster recovery planning, IT operations, availability and service level management, and capacity, scalability and performance management.
• Oversee firm-wide effort to deploy high availability architecture across data center zones and regions.
• Collaborate across risk disciplines to provide oversight of multi-year programs to modernize applications and implement new data centers.
• Receive departmental award for oversight of firm-wide program to scale applications and infrastructure to meet increases in transaction volumes.
• Collaborate with portfolio management office to formalize project risk methodology across all corporate projects.
• Leverage Capital Stress Testing scenario analysis to assess cyber incident response plans, system resiliency, and disaster recovery capabilities.
• Drive initiative with CIO Chief of Staff to align loss event management with technology problem management and establish routines for event research, risk mapping, data validation, and reporting.
• Conduct key risk profiles for technology services division and information security business unit and establish first firm-wide key risk category assessment for technology.
• Manage publication of quarterly second line IT risk update to executive leadership, including CIO, CTO, and CISO. Realign report to key areas of concern and challenge, and redesign reporting process to reduce cycle time and resource requirements by 50%.
• Implement assessment process to identify and remediate risk coverage gaps in technology risk & control self assessments (RCSAs).
• Respond to Federal Reserve Board and bank regulator examinations and continuous monitoring requests.

• Assisted in opening new office to provide internal audit coverage of private equity portfolio companies.
• Reported to VP of Corporate Audit and liaised with heads of technology, operations, and shared services, accounting and risk management.
• Managed audit project teams, led enterprise risk assessment discussions, published executive reporting, and coordinated with leadership to develop and implement risk management strategies.
• Audited separation of portfolio company technology from Fidelity, including technology policy and roadmap, network architecture, cybersecurity program, and operations automation.
• Managed assessments of system development, change management, problem management, disaster recovery, and master data management.
• Led audits of multi-year transformations of enterprise resource planning (ERP) systems and fund cost and profitability applications.
• Directed international team of 15 operational, technology, and data analytics auditors to evaluate credit functions supporting $4 billion in annual sales.
• Managed human resources and third party audits, including benefits administration, payroll processing, background verification, safety, and regulatory compliance.
• Established enhanced risk governance for portfolio company managing loan escrows. Assessed business operations and regulatory compliance and drove improvements to internal control and risk monitoring.

• Audited technology, operations, and regulatory compliance processes supporting financial products and corporate functions.
• Led technology reviews of products in various stages of development, including prepaid cards, web and mobile money transfer, and bill payments.
• Applied data analytics to evaluate transactions through point-of-sale, settlement, reporting, and anti-money laundering compliance.
• Implemented SOX technology controls for foreign exchange trading systems of Western Union Business Solutions, a $1 billion acquisition. Monitored efforts to consolidate transactional platforms on four continents.
• Managed audit of the information security function, including program management, risk management, identity & access management, security operations, penetration testing, and incident response.

• Led technology audit engagements with Fortune 1000 clients in financial services, telecom, technology, and oil & gas.
• Conducted regulatory audits of telecom companies for the Federal Communications Commission.
• Provided project management and business analyst support for system implementation projects for Department of Defense.