Expertise establishing IT risk management programs, data protection and privacy programs, and information security programs; evaluating IT and business processes and internal controls; managing internal and external audit engagements; working in the Project Management Offices (PMOs) of large ERP projects. Managed and executed controls assessments, business process reviews, risk assessments, ERP controls reviews, IT organization assessments, IT process reviews, operational audits, SAS 70 engagements, external audit engagements, and led risk and compliance teams for large systems implementation projects. Led assessments of information security programs for large organizations subject to Federal Trade Commission Consent Decrees following breaches of consumer personally identifiable information; developed methodology and approach for performing similar assessments. Experience with financial planning and analysis for IT budgets. Specialties: Strong report writing and oral presentation skills, with an emphasis on communicating technical IT and regulatory/compliance risks to non-technical audiences. Excellent leadership skills; professional and trustworthy demeanor with senior leadership; strength in training, coaching and mentoring junior staff. Certified Public Accountant (CPA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP)

Gretchen Hiley is skilled in: Information Security, Risk Assessment, Security, Business Process, Auditing, Internal Controls, Program Management, Information Technology, Financial Risk, Analysis, Leadership, Management, PMO, ERP, SAS70