Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Kip Shoemaker

Pottstown

Summary

Dependable thought leader with a wide breadth of knowledge in technology, program management, standards, frameworks, and industry experience. A proven record of being a forward thinker with a client-focused approach to identifying, assessing, and resolving processes, policies, and system issues. Versatile manager who is comfortable leading multiple complex global risk management, cybersecurity, privacy, compliance, and regulatory assessments. Positive, eager, and collaborative leader who works well with others and builds relationships at all levels.

Overview

20
20
years of professional experience
1
1
Certification

Work History

Senior IT Risk Officer

DLL
Wayne
02.2016 - Current
  • Lead organization’s global efforts for technology risk management, compliance, regulatory, governance, control measurement.
  • Provide insights and expertise to senior management to increase their awareness and better understand their risk portfolio.
  • Advised senior management at all levels of technical risks and emerging threats.
  • Assisted senior management to create and implement the organization’s cyber security.
  • Developed, implemented, and oversaw all aspects of internal control framework testing globally.
  • Collaborated with team to enhance the risk portfolio (privacy, compliance, risk, and regulatory).
  • Coordinated response and incident management protocols testing.
  • Facilitated public accounting financial statement engagement and regulatory examinations.
  • Became instrumental in the creation of organization’s 1st and 2nd line of defense concepts of risk.
  • Designed and implemented an IT GRC solution and reporting.
  • Monitored and reported the progress of numerous security initiatives to senior management.
  • Implemented risk management strategies and frameworks.
  • Coordinated multiple risk assessments, internal, privacy and compliance assessments.
  • Collaborated with various teams to interpret relevant compliance and regulatory requirements.
  • Matured a program to continuously monitor and report on several hundred aspects through central processes and automation. Reducing the organization’s effort by thousands of hours a year and allowing for cross utilization of results.
  • Implemented a risk management process that allowed for remediation time to be reduced 50% in two years, allowing resources focus and prioritizing more efficiently.
  • Facilitated 10 years of internal, external and regulatory audits with no significant findings identified.
  • Acted in the capacity of CISO as needed, helped in every aspect of building the current global team and responsible for the training of at least twenty individuals that are still with the organization.

IT Risk Officer

DLL
04.2015 - 02.2016
  • Drove the organization’s design and implementation of a global control framework, IT Risk, and Information Security efforts.
  • Developed a continuous monitoring program aligned numerous standards (ISO2700, COBIT, NIST) with the organization’s requirements.
  • Led all aspects of information security assessments and standards for organization.
  • Identified, created interpretations, strategies and advice on diverse topics to senior management.
  • Reduced internal/external efforts related to controls testing by approximately 50%.
  • Increased awareness of senior management of efforts like cyber security, privacy, compliance, and regulatory lead to the reduction of findings by sixty%.
  • The monitoring program was cited by internal auditors as best practice.

Vice President – Technology Regulatory Interface

JPMorgan Chase
New York
01.2012 - 02.2015
  • Global liaison between the organization and all technical inquiries, advising as subject matter expert in areas of breach, regulatory, SOX and compliance.
  • Coordinated all responses and communications to third party’s inquiries.
  • Oversaw the performance and support of all corporate SOX program.
  • Reviewed all documentation for accuracy and completeness before submission.
  • No significant SOX findings reported (thousands of hours of testing coordinated).
  • Ten examinations were conducted with no matters requiring attention issued to technology.

Vice President – IT Technology Auditor – Team Lead

JPMorgan Chase
New York
01.2012 - 02.2015
  • Lead and ensure the quality of all technical audits done within two multi-billion dollar business units.
  • Leveraged personal knowledge of the organization to develop audit plan and rationale.
  • Communicated with all levels of senior executives to ensure accurate and value of deliverables.
  • Represented Internal Audit in various steering committees and initiatives.
  • Advised Internal Audit organization on Sox, PCI, risk, privacy, and compliance.
  • Oversaw four full time IT auditors who conducted twenty internal audits in a timely manner and producing value to the auditee and organization through accurate and insightful findings.

Vice President – Information Risk Leader

JPMorgan Chase
New York
01.2012 - 02.2015
  • Developed and monitored the performance of all aspects of technology risk management for several multi-billion dollar business units.
  • Key collaborator in financial, operational, governance, and Information Risk committees.
  • Led JPMorgan Chase’s PCI program office and merchant assessments.
  • Oversaw the performance of the business unit’s control self-assessment program.
  • Coordinated and supervised the execution of multiple SSAE16 and other outside assessments.
  • Led the performance of multiple security, projects, privacy, and operational risk assessments.
  • Coordinated all aspects of the Internal Audit technical findings.
  • Functioned as a single point of contact for all inquiries about IT Risk for these business units reduced efforts by 100s of hours.
  • Created heightened awareness of the risk portfolio therefore increasing risk mitigation speed increased 10% and reduction of overdue findings by 20%.
  • Internal Assessments were leveraged for multiple purposes and net realization of mitigation was increased an estimated 15%.

Data Privacy

QVC
West Goshen
01.2005 - 01.2012
  • Created and drove the implementation of for technology enabling data governance, retention, compliance, and security for the organization.
  • Drove incident investigation and response efforts for the organization.
  • Developed global privacy, retention, and data classification policy.
  • Oversaw all compliance efforts (PCI, Safe Harbor, and regulatory).
  • Created contract management language for talent and vendor management efforts.
  • Advised the organization on privacy, risk, vendor management and security strategy.
  • Organized and conducted external and internal assessments of technology security and compliance.
  • Lead the investigation of organization helping the organization better understand what occurred and lessons learned.
  • Guided the organization’s PCI efforts from initial assessment to compliance with minimal spend. Leveraging efforts as a competitive advantage for other internal efforts as well as the marketplace.
  • Managed the efforts of multiple third parties efficiently to achieve goals in a timely and efficient manner enabling the core function of the organization to continue efficiently given enhanced requirements.
  • Created heightened awareness of data privacy and information security at the organization allowing for the creation of dedicated roles and immediate funding.
  • Established sustainable assessment processes, management support and talented internal resources.

Manager of IT Audit

01.2005 - 01.2012
  • Chosen to build an IT audit group for the organization to address the growing needs of the organization in the initial stages of Sox.
  • Created and delivered organization’s approach to Sox.
  • Oversaw all internal efforts related to SOX and external audit.
  • Envisioned and implemented internal audit strategy, rationale, and efforts outside.
  • Recruited, hired, and mentored numerous individuals to fill internal audit roles.
  • Identified various information security, compliance, and regulatory requirements, and provided guidance to the organization on how to effectively address them.
  • Responsible for the validation efforts of key compliance efforts of the organization (PCI, Safe Harbor, FACTA, SOX).
  • Oversaw all aspects of Sox internal and external reviews, reducing the organization’s spending by 25%.
  • Created a highly performing IT audit team that took over efforts from external consultants and conducted additional internal efforts within two years.
  • Identified the need and created the strategy to be compliant with various requirements such as Safe Harbor, FACTA and PCI.
  • Effectively interfaced with all levels of management to deliver clear, concise and value added findings to the organization and drive proper prioritization of resources.

Education

Bachelor of Science - Business Administration Concentration in MIS, Accounting and Economics

Drexel University
Philadelphia

Skills

  • Standards
  • Program Management
  • Regulatory
  • Risk Management
  • Vendor Management
  • Frameworks
  • Data privacy
  • Audit
  • Governance and oversight
  • Compliance
  • Control testing
  • Monitoring and oversight
  • Problem solving
  • Project Management
  • Presentation
  • Contract Management
  • Cyber Security
  • Cloud Security
  • Artificial Intelligence
  • Incident Management

Certification

  • CISM, Certified Information Security Manager, 02/01/05
  • CISSP, Certified Information Systems Security Professional, 01/01/07
  • CRISC, Certified Risk & IS Controls, 01/01/07
  • CCSP, Certified Cloud Security Professional, 01/01/17
  • CISA, Certified Information System Auditor, 01/01/97 - 12/31/16
  • CIPP, Certified Information Privacy Professional, 01/01/14 - 12/31/16

Timeline

Senior IT Risk Officer

DLL
02.2016 - Current

IT Risk Officer

DLL
04.2015 - 02.2016

Vice President – Technology Regulatory Interface

JPMorgan Chase
01.2012 - 02.2015

Vice President – IT Technology Auditor – Team Lead

JPMorgan Chase
01.2012 - 02.2015

Vice President – Information Risk Leader

JPMorgan Chase
01.2012 - 02.2015

Data Privacy

QVC
01.2005 - 01.2012

Manager of IT Audit

01.2005 - 01.2012

Bachelor of Science - Business Administration Concentration in MIS, Accounting and Economics

Drexel University

Similar Profiles

CREATE PROFILE
Kip Shoemaker