Monica Boggan
Katy,United States
Summary
Passionate cybersecurity leader with over 20 years of information systems experience helping organizations achieve compliance with leading security standards, while monitoring and minimizing risk holistically. I have written over 200 SOC 1/2 reports, facilitated successful audits on the entity side, and managed GRC from an Enterprise Security Architecture viewpoint, matching every asset to a business objective. I have saved organizations over $2m over the last 8 years implementing innovative and reliable solutions to increase efficiency and minimize risk.
Overview
21
21
years of professional experience
1
1
Certification
Work History
Cybersecurity Manager, Governance, Risk & Compliance
ENGIE North America
05.2018 - Current
- Functions as Deputy CISO, reporting to CISO
- Created procedures and controls to assure compliance with applicable contract requirements, including cybersecurity frameworks of SOC 1, SOC 2, NIST, ISO 27001, and others
- Oversight of formal Privacy program for various Information Services systems and processes
- Implemented formal Security Awareness and Phishing campaigns to educate and regularly test employees security awareness knowledge, reducing overall click-rate from 16% to under industry average over 12 month period
- Established formal data protection program
- Completed data security document reviews in conjunction with Procurement and Legal
- Liaison to Internal Audit, Corporate Compliance, Office of General Counsel and Risk Management to remediate new and outstanding issues; track security-related issues in the electronic GRC system (Archer)
- Oversight of ENGIE North America and its entities' security policies, standards, guidelines and baselines
- Work with business units to ensure data is properly classified
- Maintain expertise on security trends through training, research and development in order to mitigate potential security exposures.
- Championed a culture of continuous improvement within the cybersecurity team, fostering innovation and collaboration among members
Vice President, Risk Remediation, Global Technology Infrastructure
JP Morgan Chase
01.2020 - 10.2020
- Audit preparation for Middleware business unit, proactive validation of compliance and effectiveness of all controls and ongoing governance implementation
- Led cross-functional teams for the successful completion of major compliance assessments, resulting in increased efficiency and internal client satisfaction
- Partnered with various audit groups to review documentation requests and approve submissions
- Risk identification and remediation to identify gaps and root cause, assess the impact and severity and register the risk in the firms approved risk system
- Provided guidance on risk policies and remediation scope
- Oversight of security configuration management and drift monitoring in the Middleware space
- Identified and recommended opportunities to enhance processes and strengthen control effectiveness through automation and process enhancements.
Senior IT Audit Consultant
Schellman & Company
06.2016 - 05.2018
- Prepared SSAE 16/18 SOC 1 and 2, Type 1 and 2 reports, ISO 27001 and HIPAA certifications and documentation supporting Schellman's audit opinions
- Over 200 SOC 1/2 reports prepared for clients
- Performed readiness assessments to identify gaps between client's current information system internal controls over financial reporting, or over trust services criteria of security, availability, processing integrity, confidentiality, and privacy, and other frameworks mentioned above
- Established effective working relationships with client personnel
- Performed analytical review of audit documents
- Reviewed client operating procedures and systems of internal control
- Designed and performed tests of internal controls
- Provided recommendations for improved controls and enhanced business efficiency
- Developed customized audit plans tailored to client-specific needs and requirements
Audit and Enterprise Risk Services Auditor
Deloitte and Touche, LLC
08.2015 - 06.2016
- Enhanced financial accuracy by conducting thorough audits and identifying discrepancies in financial statements
- Increased internal control effectiveness through diligent evaluation of processes and providing recommendations for improvement
- Developed an understanding of the Deloitte audit approach, methodology & tools
- Established working relationships with client personnel
- Performed analytical review of audit documents
- Reviewed client accounting and operating procedures and systems of internal control
- Identified accounting and auditing issues; perform research to solve issues that arise
- Exhibited a professional, business-like demeanor
- Prepared financial statement reports and documentation supporting Deloitte's audit opinions
- Applied concepts of risk assessment
- Designed and performed tests of internal controls
- Provided recommendations for improved controls and enhanced business efficiency.
Web Developer
SoftMed Systems (now 3M)
05.2003 - 12.2006
- Developed web applications for internal and external training
- Provided project management for technical training projects
- Prototyped, designed, and developed company Intranet
- Created all policies regarding intranet site usage, updates, and content approvals
- Oversight of AHIMA CPE granting authority status
- Facilitated training, including initial HIPAA related trainings.
- Streamlined website maintenance tasks for increased efficiency and improved site functionality
- Enhanced user experience by implementing responsive web design and optimizing website performance
Education
MBA - Enterprise Resource Planning
Lamar University
Beaumont, TX12.2017
BBA - Management Information Systems
Lamar University
Beaumont, TX05.2015
BBA - Accounting
Lamar University
Beaumont, TX05.2015
Skills
- Management
- Cybersecurity
- Governance
- Risk Management
- Compliance
- SOC 1
- SOC 2
- IT Audit
- GRC
- Business Continuity
- Vendor Risk Management
- Security Awareness Training
Certification
- CISSP - Certified Information Systems Security Professional
- CISA - Certified Information Systems Auditor
- CRISC - Certified in Risk Information System Controls
- ISO 27001 Lead Auditor
Timeline
Vice President, Risk Remediation, Global Technology Infrastructure
JP Morgan Chase
01.2020 - 10.2020
Cybersecurity Manager, Governance, Risk & Compliance
ENGIE North America
05.2018 - Current
Senior IT Audit Consultant
Schellman & Company
06.2016 - 05.2018
Audit and Enterprise Risk Services Auditor
Deloitte and Touche, LLC
08.2015 - 06.2016
Web Developer
SoftMed Systems (now 3M)
05.2003 - 12.2006
MBA - Enterprise Resource Planning
Lamar University
BBA - Management Information Systems
Lamar University
BBA - Accounting
Lamar University
Similar Profiles
Naftale HirdNaftale Hird
Investments Compliance Manager at QBE North America, Investments Compliance North AmericaInvestments Compliance Manager at QBE North America, Investments Compliance North America
Bernard TAMKOBernard TAMKO
Alternant Contrôleur de Gestion at ENGIE HOME SERVICES - Groupe ENGIEAlternant Contrôleur de Gestion at ENGIE HOME SERVICES - Groupe ENGIE
Amitha Patricia AlbuquerqueAmitha Patricia Albuquerque
Deputy Financial Controller at ENGIE COFELY, a group company of Engie Solutions, FranceDeputy Financial Controller at ENGIE COFELY, a group company of Engie Solutions, France
Mary HuertasMary Huertas
Medical Logistics Specialist at USAFMedical Logistics Specialist at USAF
Katelyn CamposKatelyn Campos
Server at Pappasitos CantinaServer at Pappasitos Cantina