Profiles search
Jeffrey Lemmo
Information Security Senior Director GRC and IT SOX, CISA, CISM, CISSP, CGEIT, CRISC, CRMA, CSX, CDPSE, AWS Cloud Practitioner, MBA
Portland, ME, United States
Details
Education:
MBA
International Business
Southern New Hampshire University
2005 : 2007
Bachelor of Science degree in Business Administration
Management Information Systems & Accounting
University of Vermont
1997 : 2001
International Business
Southern New Hampshire University
2005 : 2007
Bachelor of Science degree in Business Administration
Management Information Systems & Accounting
University of Vermont
1997 : 2001
Experience:
2022 : Present
Ferguson Enterprises
Information Security Senior Director GRC and IT SOX
• Acquired responsibility and oversight to the WEX IA Global SOX Financial and IT Program with purchase volume over $25 billion and processing transactions over $294 million across 5 continents in 11 countries
• Oversaw alignment and mapping of 462 key controls and test attributes to SOX, SOC, and HITRUST in order to execute a “test once and use many times” evidence and workpaper mantra; workpapers are leveraged by both Deloitte and Baker Tilly; team members are HITRUST certified to achieve leverage for Baker Tilly; annual savings increased to 500k on engagement fees
• Implemented SOX and SOC program optimization strategy through automation of IA control testing (462 key controls), evidence requests, deficiency notification and status, control dashboards, and management execution of their controls; savings of 1200 hours between IA and management in year one of optimization implementation
• Periodic presentations of IA SOX and SOC strategies, plans, and status updates to all levels of management including the WEX Audit Committee and the WEX Bank Audit Committee
• Building a sustainable SOC compliance program across four global lines of business; 20+ SOC and 4 HITRUST reports
• Leveraging automation via Alteryx and GRC tools; enhanced team skill sets to develop automation internally
• Leading domestic and international resources; 1 Sr.manager, 3 managers, 6 senior auditors, matrix reports from IA operations to execute SOX work, and a team of EY resources to execute SOX control testing
• Partners SOX and SOC program efforts with external audit : Deloitte as external auditors, EY and PWC for staff augmentation, and Baker Tilly to execute SSAE 18 and HITRUST audits
• Partnering with Finance and M&A to enhance risk and controls on integration of operational, financial, and IT functions; anywhere from 1-3 acquisitions annually; significant growth to SOX and SOC programs annually
2021 : 2022
WEX
Director of Financial, Business Process and IT SOX and SSAE 18 Audits
• Developed strategy and directed team in implementing common sampling approach to minimize external testing redundancies for IT SOX and SOC; saving $350k annually on engagement fees with external audit
• Developed line of business product and process framework to enhance stakeholder participation and improve market execution
• Executed IT, risk, and security audits including WEX strategies for cloud transformation, and management ad hoc requests
• Hired two managers to assist in facilitating growth of the IT audit function throughout 11 countries and three lines of business
• Promoted in March 2019 from Director level one to a Director level two
• Acquired responsibility and oversight of the IA function for WEX Australia
• Acquired responsibility and oversight for 18 SOC reports across three lines of business and five continents
• Develops reports and team members; each person has an Individual Development Plan to support and guide career growth
• Ongoing support and facilitation of the WEX mentorship program to develop and support career growth of all employees
2018 : 2021
WEX
Director IT Audit
• Successfully developed strategy and led management effort to remediate IT Material Weakness in 2016, including IT control transition from third-party vendor. Efforts included leading the material weakness committee comprised of CFO and Sr. VP of Strategy to monitor execution of remediation; I received the 2017 WEX President’s Club award in recognition of my work.
• Built out the IT Audit function including risk assessment methodology, control testing strategy, and workpaper enhancements including IUCs and completeness and accuracy
• Doubled the size of the IT audit department from two direct resources to four; resulting from risk and IT audit planning strategies
2016 : 2018
WEX
Senior Manager IT Audit
Recruited to strategically design, develop, and mature the company’s information security program including control compliance with FINRA and SEC regulatory requirements.
• Strategically designed and established security governance, including policies, standards, and committee composition
• Periodically presented information security and business risk strategies and recommendations to Executive Management
• Assisted and consulted with customers in handling of their own security breaches
• Implemented a risk methodology and initiated a companywide risk assessment including a business impact analysis
• Developed and provided information security awareness training campaigns including phishing and social engineering
• Consulted with technology vendors to improve penetration and vulnerability testing including SIEM reporting
2016 : 2016
Foreside Financial Group, LLC
Information Security & Risk Officer
Ferguson Enterprises
Information Security Senior Director GRC and IT SOX
• Acquired responsibility and oversight to the WEX IA Global SOX Financial and IT Program with purchase volume over $25 billion and processing transactions over $294 million across 5 continents in 11 countries
• Oversaw alignment and mapping of 462 key controls and test attributes to SOX, SOC, and HITRUST in order to execute a “test once and use many times” evidence and workpaper mantra; workpapers are leveraged by both Deloitte and Baker Tilly; team members are HITRUST certified to achieve leverage for Baker Tilly; annual savings increased to 500k on engagement fees
• Implemented SOX and SOC program optimization strategy through automation of IA control testing (462 key controls), evidence requests, deficiency notification and status, control dashboards, and management execution of their controls; savings of 1200 hours between IA and management in year one of optimization implementation
• Periodic presentations of IA SOX and SOC strategies, plans, and status updates to all levels of management including the WEX Audit Committee and the WEX Bank Audit Committee
• Building a sustainable SOC compliance program across four global lines of business; 20+ SOC and 4 HITRUST reports
• Leveraging automation via Alteryx and GRC tools; enhanced team skill sets to develop automation internally
• Leading domestic and international resources; 1 Sr.manager, 3 managers, 6 senior auditors, matrix reports from IA operations to execute SOX work, and a team of EY resources to execute SOX control testing
• Partners SOX and SOC program efforts with external audit : Deloitte as external auditors, EY and PWC for staff augmentation, and Baker Tilly to execute SSAE 18 and HITRUST audits
• Partnering with Finance and M&A to enhance risk and controls on integration of operational, financial, and IT functions; anywhere from 1-3 acquisitions annually; significant growth to SOX and SOC programs annually
2021 : 2022
WEX
Director of Financial, Business Process and IT SOX and SSAE 18 Audits
• Developed strategy and directed team in implementing common sampling approach to minimize external testing redundancies for IT SOX and SOC; saving $350k annually on engagement fees with external audit
• Developed line of business product and process framework to enhance stakeholder participation and improve market execution
• Executed IT, risk, and security audits including WEX strategies for cloud transformation, and management ad hoc requests
• Hired two managers to assist in facilitating growth of the IT audit function throughout 11 countries and three lines of business
• Promoted in March 2019 from Director level one to a Director level two
• Acquired responsibility and oversight of the IA function for WEX Australia
• Acquired responsibility and oversight for 18 SOC reports across three lines of business and five continents
• Develops reports and team members; each person has an Individual Development Plan to support and guide career growth
• Ongoing support and facilitation of the WEX mentorship program to develop and support career growth of all employees
2018 : 2021
WEX
Director IT Audit
• Successfully developed strategy and led management effort to remediate IT Material Weakness in 2016, including IT control transition from third-party vendor. Efforts included leading the material weakness committee comprised of CFO and Sr. VP of Strategy to monitor execution of remediation; I received the 2017 WEX President’s Club award in recognition of my work.
• Built out the IT Audit function including risk assessment methodology, control testing strategy, and workpaper enhancements including IUCs and completeness and accuracy
• Doubled the size of the IT audit department from two direct resources to four; resulting from risk and IT audit planning strategies
2016 : 2018
WEX
Senior Manager IT Audit
Recruited to strategically design, develop, and mature the company’s information security program including control compliance with FINRA and SEC regulatory requirements.
• Strategically designed and established security governance, including policies, standards, and committee composition
• Periodically presented information security and business risk strategies and recommendations to Executive Management
• Assisted and consulted with customers in handling of their own security breaches
• Implemented a risk methodology and initiated a companywide risk assessment including a business impact analysis
• Developed and provided information security awareness training campaigns including phishing and social engineering
• Consulted with technology vendors to improve penetration and vulnerability testing including SIEM reporting
2016 : 2016
Foreside Financial Group, LLC
Information Security & Risk Officer
Company:
Ferguson Enterprises
Years of Experience:
24
Skills
Access, Analysis, Assurance, Auditing, Business Process Improvement, CISA, COBIT, COSO, Enterprise Risk Management, Financial Audits, Financial Reporting, Financial Risk, FinTech, HITRUST, Information Technology, Internal Audit, Internal Controls, IT Audit, Leadership, PeopleSoft, Process Improvement, Risk Assessment, Risk Management, Sarbanes-Oxley, Sarbanes-Oxley Act, SAS70, SDLC, Security, Software Documentation, SOX 404, SSAE 18, Strategy, Training, Visio, Enterprise Risk, Business Process
About
A highly experienced and innovative risk and control professional with comprehensive skills in business operations, finance, information technology and auditing seeking opportunities where those skills can be utilized to add value and enhance business operations while increasing professional and personal growth. Experience in optimization and automation of internal audit functions.
Profile Photo
