Brenda L Grant
Arlington,TX
Summary
Results-driven in audit, compliance and project management with extensive experience in leading compliance initiatives within Fortune 500 global IT services companies. Demonstrates expertise in managing teams of up to 15 direct reports and overseeing budgets exceeding $10M annually. Proficient in SOC audit program management, Internal Controls over Financial Reporting (IFCRs), Governance, Risk and Compliance (GRC), with a solid understanding of risk management frameworks and regulations such as SOX, NIST, PCI, GDPR, ISO, PCI, HIPAA, OCC Heightened Standards, etc.. Holds a BBA, PMI PMP Certification and ISO27001 Lead Auditor Certification.
Overview
25
25
years of professional experience
1
1
Certification
Work History
Senior Internal Audit Manager
Citibank, NA
Irving, TX
06.2023 - Current
- Responsible for providing governance oversight, coordination, monitoring and direction within Internal Audit (IA) to enable consistent and sufficient audit coverage across the CBNA and the North America region
- Monitor IA remediation engagements
- Coordinate pre-vetting of policies and standards in preparation for formal approval and publishing
- Perform Material Legal Entity Assessment for CBNA assessing the completeness of IA’s audit universe to identify gaps
- Perform a comprehensive review across the audit universe and engagement with audit teams to ensure key risks, priorities and regulations are sufficiently covered in audits
- Stakeholder reporting for various committee meetings
- Coordination of IA's assessment of OCC Heightened Standards across various business lines
Senior Manager, Compliance and Certifications
DXC TECHNOLOGY
09.2021 - 06.2023
- Direct management of Third-Party Assurance organization responsible for System and Organization Controls (SOC) audit examinations (SSAE18, ISAE3402, ISAE3000, SOC 2) and PCI DSS certifications with functional oversight of all other certifications and assertions globally
- Managed relationships with auditing vendors, which included contract editing and negotiations
- Included management oversight of 32 resources between two organizations
- Included creation and internal auditing of IT general/internal controls applicable to services provided to customers
- Responsible for producing 130+ SOC 1 and SOC 2 reports that were distributed to 400+ DXC customers annually (reports cover various industries and offerings including Banking, Cloud, Insurance and Healthcare to name a few) and 12 PCI DSS audits annually
- Board Member for GRC organization where responsibilities included defining a mandated baseline of policy content in the GRC Archer tool addressing specific needs of Delivery, compliance monitoring, and resolution/remediation of audit issues/findings
- Advisor and SME as needed for Sales/Solutioning on new deals, to account delivery teams, clients and other internal organizations regarding compliance and remediation activities
- Developed strategic and tactical plans for annual audit activities
- Managed executive-level metrics reporting for key stakeholders.
- Identified areas of potential risk and provided recommendations for corrective action plans to senior management and other delivery organizations
- Prepared detailed reports summarizing audit results and findings
- Aided in formulating and updating policies for improved internal controls.
- Collaborated with various internal organizations including the SOX organization, Internal Audit, and other organziations that were required to participate in audit activities
- Made recommendations to resolve compliance audit findings and tracked audit issues through remediation
Third Party Assurance & Audit Manager
DXC TECHNOLOGY
08.2020 - 09.2021
- Directly responsible for managing and supervising a team of 15 Security Compliance Auditors that were responsible for coordinating and facilitating 150+ SOC audits globally
- Performed internal audit assurance activities over IT general controls, which involved working with various internal organizations such as Data Centers, Network Operations, Change and Incident Management and Data Backup teams
- Maintained oversight of multiple areas of complex testing work during audit activities to advise and direct staff
- Created and maintained annual risk assessments used to assess risks on internal controls and to monitor changes to the environment
- Reviewed work of team members; providing feedback/questions and completed audit team end-of-engagement evaluations when applicable
- Ensured engagements were completed on time, objectively, professionally, and in accordance with corporate and industry audit standards
- Made recommendations for severity ratings to compliance organization
- Reviewed, analyzed, and interpreted data collected from multiple sources to ensure valid conclusions from audit testing were drawn
- Identified control weaknesses and opportunities for improvement in the operating environment and provided recommendations for corrective action; drafted the related audit issues and audit reports to respective client leadership and coordinated and/or conducted follow-up audit activities
Security Compliance Advisor - Project/Program Manager
HEWLET PACKARD ENTERPRISE SERVICES (HP ES)
08.2008 - 08.2020
- Company Overview: Merger occurred with Computer Sciences Corporation in April 2017 to form DXC Technology
- Lead the PMO for a complex program to integrate audit functions while effectively project managing a high performing team of 18 resources in a high-energy environment
- Coordinated team communications, ensuring alignment with client expectations, identification of critical business issues, and discovery of pertinent information related to client’s expectations for service organization audits
- Project managed the integration of the Computer Sciences Corporation (CSC) and Hewlett Packard Enterprise Services (HP ES) Third Party Assurance Programs
- This integration grew the number of SOC reports produced from 180 to over 250
- Implemented the new SSAE18 standard for 250+ ISAE3402/SSAE18 SOC 1 and SOC 2 examination engagements
- Ensured consistent communication with all stakeholders regarding critical path items and overall audit results via metrics reporting, oversight of governance and facilitating a monthly Executive Steering Committee meeting
- Project Manager for the integration of HPE and EDS Third Party Assurance Program post-merger
- Managed implementation of the ISAE3402/SSAE16 attestation standard when transitioned from the SAS70 standards
Third Party Assurance – Compliance Program Manager
ELECTRONIC DATA SYSTEMS (EDS)
10.2005 - 08.2008
- Company Overview: EDS purchased by Hewlett-Packard in August 2008
- Managed compliance activities for start-up EDS self-funded health insurance program
- Obtained and maintained self-funded state licensing in 36 states
- Created compliance management processes and procedures documentation in preparation for delivery teams
- Developed regulatory training material for sales and delivery teams
- Managed all regulatory compliance and governance activities
Contracts and Compliance Manager
AMERICAN ADMINISTRATIVE GROUP (AAG)
11.1999 - 08.2003
- Managed all compliance activities for self-funded health insurance company (included implementation of HIPAA)
- Managed a team of five resources
- Negotiated, maintained and managed contract renewals for all client and vendor contracts
- Responsible for maintaining self-funded and health insurance licensing in all states requiring licensing
- Responsible for all stop-loss insurance quotes and claims processing activities
- Tracked and responded to all regulatory and customer complaints
- Managed all compliance activities
- Modified and updated policy documents to comply with regulatory changes and obtained approvals from state regulatory agencies
- Reviewed and approved all marketing material prior to release to ensure adherence to regulatory requirements
Education
Bachelors Business Administration -
University of Houston-Downtown
Houston, TXSalutatorian -
Hemphill High School
Skills
- Reporting oversight and management
- Cross-functional team leadership
- Strategic planning
- Resource allocation
- Cross-functional communication and collaboration
- Change control processes
- Compliance monitoring
- Progress reporting
- Verbal and written communication
- Contract management
- Project management
- Compliance initiatives
- Regulatory documentation
- Policy administration
- Audit support and oversight
- Regulatory standards
Industry Knowledge and Expertise
Health Insurance, ITO, Banking, GRC & General Risk, SOC auditing, PCI, Microsoft Office (Word, Excel, PowerPoint, MS Project), SharePoint, RSA Archer, Confluence
Certification
- Project Management Professional (PMP) since March 2006 (PMI)
- ISO 27001 Lead Auditor Certification since May 2023 (BMI)
References
References available upon request.
Timeline
Senior Internal Audit Manager
Citibank, NA
06.2023 - Current
Senior Manager, Compliance and Certifications
DXC TECHNOLOGY
09.2021 - 06.2023
Third Party Assurance & Audit Manager
DXC TECHNOLOGY
08.2020 - 09.2021
Security Compliance Advisor - Project/Program Manager
HEWLET PACKARD ENTERPRISE SERVICES (HP ES)
08.2008 - 08.2020
Third Party Assurance – Compliance Program Manager
ELECTRONIC DATA SYSTEMS (EDS)
10.2005 - 08.2008
Contracts and Compliance Manager
AMERICAN ADMINISTRATIVE GROUP (AAG)
11.1999 - 08.2003
Bachelors Business Administration -
University of Houston-Downtown
Salutatorian -
Hemphill High School