Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Carrie Secondo

Littleton

Summary

Results-driven compliance professional with a proven track record in managing compliance initiatives. Experienced in developing and implementing comprehensive compliance frameworks aligned with organizational goals. Recognized for creating collaborative team environments that foster productivity and consistently deliver exceptional results. Strong skills in regulatory analysis and risk assessment, prepared to excel in ensuring adherence to industry regulations and maintaining a culture of compliance.

Overview

25
25
years of professional experience
1
1
Certification

Work History

Compliance Program Manager

SMARTSHEET
08.2023 - Current
  • Manage ISO and SOC2 audits for the compliance team, based on an AWS and GCP environment
  • Work directly with the external auditor for evidence and required documentation
  • Support the ISO internal audit for controls and documentation requirements
  • Manage export controls associated with OFAC to ensure compliance with Smartsheet subscriptions
  • Mange the NIST implementation framework for all internal and external audits
  • Implement the NIST 800-53 rev5 standard into the commercial environment and ensure standardization across the control families
  • Mange a (Plan of Action and Milestones (POAM) sheet with specific details focusing on risk
  • Review risks identified for the company with the Information Security Steering Committee (ISSC)
  • Communicate to senior management and executive leadership on all compliance auditing and projects
  • Cross functional across teams and executive management

Senior Internal Auditor

SMARTSHEET
02.2023 - 08.2023
  • Manage operational assessments to identity issues, gaps and areas that need improvement and efficiencies
  • Create Standard Operating Procedures (SOP) for the internal audit team to leverage for best practice and onboarding new team members
  • Review SOX controls for business processes and assist in the overall SOX audit

Senior Information Security and Compliance Specialist

SMARTSHEET
04.2021 - 02.2023
  • Assist in the quarterly user access review (QUAR) to gather data from systems and application for management review
  • Assist with C&A review of the QUAR data to ensure the accuracy, prior to management review
  • Assist with the enterprise risk assessment (ERA) program to interview executives on the corporate risk survey, and gather feedback to include in the internal audit and compliance program
  • Contribute with the ISO and SOC2 audits based within an AWS and GCP environment, and liaise with external auditors for evidence and documentation requirements
  • Liaise with Brandfolder and Outfit (acquisition) on security assessments and regulatory requirements

SOX Auditor IV (Contract)

SALESFORCE
11.2021 - 01.2021
  • Evaluate and test IT General controls for system applications and network environments, including active directory
  • Review the controls being tested, and serve to provide assurance regarding, accurate financial reporting and make suggested changes to the control structures
  • Articulate on work papers and understand how the control attributes were satisfied
  • Aggregate control deficiencies according to the nature and significance of deficiencies found in testing controls
  • Assist in developing formal communications to the SOX Compliance Steering Committee

Lead IT Audit Liaison

ORACLE
08.2018 - 02.2020
  • Assisted in assessment of compliance with Oracle policies and business practices (financial/operational/IT/compliance focused)
  • Worked collaboratively with internal and external subject matter experts
  • Drafted and ensure completion of audit programs, questionnaires
  • Performed audits among various lines of business including (Development- agile and waterfall methodology, Marketing, Consulting, and Oracle Public Cloud, SaaS) to ensure compliance with laws/regulations and effectiveness of internal controls
  • Utilized ISO 27001 and NIST 800 for best practice
  • Assisted on departmental initiatives/projects as needed
  • Followed up on prior audit findings and work with issue owners to ensure timely completion
  • Reviewed operational structure for maximum efficiency and effectiveness
  • Provided recommendations to business units on improving their internal control structure

IT Project Manager (Contract)

WESTERN UNION
03.2018 - 07.2018
  • Managed the General Data Protection Regulation (GDPR) for risk assessment, applications, and third-party supplier work stream
  • Documented risk assessments for applications not meeting the current TDE encryption and CISO sign off
  • Managed meetings for third party work stream with the client and obtain current requirements meeting GDPR and New York Department of Financial Services (NYDFS) regulations
  • Provided the client with weekly status reports on risk assessments, applications and third- party workstreams

IT Principal Security Analyst

ORACLE
09.2015 - 01.2018
  • Coordinated quarterly audits that included: database, application and user access to various system and applications
  • Managed My Oracle Support (MOS) HIPPA program that included: internal and external scanning, firewall and router audits, and remediation and compliance efforts for the business
  • Managed Product Development Secure Information Management Process (PD-SIM) to ensure source code is secure logically and physically and adhering to policy
  • Reviewed Alien Vault SIEM alarms for the MOS HIPAA environment and follow through to resolution
  • Managed SOX quarterly scans, along with vulnerability remediation efforts

Senior Manager of Compliance and Risk

ORACLE
10.2011 - 09.2015
  • Oversee and maintained the Security Exception Management Application (SEMS)
  • Reviewed all exceptions to ensure completeness and accuracy, prior to review and approval
  • Main point of contact for the delegation model in place for Oracle Managed Cloud Services (OMCS) for the SEMS application
  • Collectively worked along with Global Information Technology (GIT) Risk Management on End Point Encryption (EPE) project
  • Assisted with auditing requests, review submitted material and approve for various LOB’s

Principal Security Analyst

ORACLE
01.2007 - 10.2011
  • Managed security standards being developed and revised with IT stakeholders, route documentation through various security groups to ensure accuracy and approval
  • Assisted with Mergers and Acquisitions from a high-level security compliance perspective and worked closely with GIS to manage and oversee all risk items and vulnerabilities identified in a security assessment and track to closure
  • Managed the security technical review meetings; assign reviewers from various security groups to review pertinent security projects to ensure compliance and approval, prior to implementation
  • Program managed the Enterprise Security Assessment program, which consists of legacy environment assessments, improvements to the technical security assessments and GIT managed datacenter security assessments
  • Assisted with the Payment Card Industry compliance program, which consists of assessing all areas globally within oracle that contain credit card information
  • Document risk assessments that reflect short and long-term remediation and work closely with Global Information Security and Legal to approve the risk assessments

Associate Manager IS Audit

GREAT WEST LIFE
07.2006 - 01.2007
  • Audited a healthcare system implementation and design and Enterprise Interactive Voice Response system and focused on the pertinent areas of the software development lifecycle
  • Interviewed management to review client business processes and gather pertinent information for the healthcare system implementation and the Enterprise Interactive Voice Response system
  • Documented all audit related findings and submitted to final report

Professional, IT Risk Management

JEFFERSON WELLS
12.2004 - 07.2006
  • Provide guidance to clients for Sarbanes Oxley documentation and testing
  • Followed the Cobit framework to ensure the adherence of internal controls
  • Managed a wire transfer application post implementation system review engagement, which included setup, security, approvals, service level agreements and interface testing
  • Created post implementation review testing methodology standard for Jefferson Wells
  • Created General IT control documents to provide the client a formalized policy and procedure that is in accordance to the Sarbanes Oxley compliance
  • Present findings for Sarbanes Oxley and other IT related items to client upper management

Senior Associate

PRICEWATERHOUSECOOPERS
11.2003 - 11.2004
  • Audit Oracle 11i implementations and design, focusing on security and internal controls
  • Interview executive management to review client business processes and gather pertinent information
  • Analyze Oracle Financial production scripts to assess pertinent configurations and clarify setups are consistent with the clients’ business processes
  • Review segregation of duties and responsibilities within Oracle Financial modules to verify appropriate user accounts are assigned to validate security administration
  • Prepare documentation based on review to support Financial Audit and Sarbanes Oxley compliance requirements

Senior Consultant

ORACLE
02.2001 - 06.2003
  • Implemented Oracle 11i Financials with concentration on federal and public sector purchasing and payable applications for the Federal Aviation Administration and Tricare Management Activity government offices
  • Used project management skills to set up financial and HR modules, including gathering customer requirements, communicating with developers, developing enterprise pilot test scripts and performing system testing, unit testing and regression testing for business processes
  • Researched and customized AIM 3.0 Business Requirement setup document and MD050 Application Extensions Functional Design document for purchasing and payables
  • Mapped business processes and workflow, along with database mapping for interface development between Oracle, Comprizon.Buy and Prism (Acquire)
  • Customized Discoverer reports for business processes
  • Logged TARs to resolve issues, viewed tables through Toad and SQL queries, and assisted users on an ongoing basis

Oracle Business Analyst Consultant

IDEA INTEGRATION
07.2000 - 01.2001
  • Provided functional support with Oracle applications 11i (Purchasing & Inventory) within a full implementation including documentation, set up, testing and training at a client site
  • Analyzed business processes, acted as a liaison with Oracle technical support, logging TARs to resolve issues within the implementation cycle and tested Purchasing application and Business Processes using Winrunner
  • Determined strategy with Executive Management and developed business cases and gap analysis for AT&T Broadband’s System Development department to support budget expenditures for all IT projects
  • Assisted in writing Oracle purchasing procedures and processes for the purchasing organization

Education

B.S. - Business/Merchandising

Buffalo State College
Buffalo, NY
01.1994

Business/Design coursework

American College
01.1993

Skills

  • Team leadership
  • Risk Management
  • Security Audits & Compliance
  • Data Privacy/Governance
  • Information Security Standards and Policies
  • Project Management
  • Compliance monitoring
  • ISO27001/SOC2/NIST 800-53

Certification

Certified in Risk and Information Systems Control (CRISC) -2010

ITILv3 Foundation Certification- 2007

Timeline

Compliance Program Manager

SMARTSHEET
08.2023 - Current

Senior Internal Auditor

SMARTSHEET
02.2023 - 08.2023

SOX Auditor IV (Contract)

SALESFORCE
11.2021 - 01.2021

Senior Information Security and Compliance Specialist

SMARTSHEET
04.2021 - 02.2023

Lead IT Audit Liaison

ORACLE
08.2018 - 02.2020

IT Project Manager (Contract)

WESTERN UNION
03.2018 - 07.2018

IT Principal Security Analyst

ORACLE
09.2015 - 01.2018

Senior Manager of Compliance and Risk

ORACLE
10.2011 - 09.2015

Principal Security Analyst

ORACLE
01.2007 - 10.2011

Associate Manager IS Audit

GREAT WEST LIFE
07.2006 - 01.2007

Professional, IT Risk Management

JEFFERSON WELLS
12.2004 - 07.2006

Senior Associate

PRICEWATERHOUSECOOPERS
11.2003 - 11.2004

Senior Consultant

ORACLE
02.2001 - 06.2003

Oracle Business Analyst Consultant

IDEA INTEGRATION
07.2000 - 01.2001

Business/Design coursework

American College

B.S. - Business/Merchandising

Buffalo State College

Similar Profiles

  • Alex Jansen

    Alex JansenAlex Jansen

    Senior Product Manager at SmartsheetSenior Product Manager at Smartsheet

    View Profile
  • Kevin Wan

    Kevin WanKevin Wan

    Account Executive - Asia at SmartsheetAccount Executive - Asia at Smartsheet

    View Profile
  • Clarisa Campasino

    Clarisa CampasinoClarisa Campasino

    Mid-Market Account Executive, Expansions, Health and Life Sciences at SmartsheetMid-Market Account Executive, Expansions, Health and Life Sciences at Smartsheet

    View Profile
Carrie Secondo