I believe there is no one approach to resolving risk management and compliance challenges. And while I believe it’s best to integrate risk / compliance into your business strategy and operations from the beginning, it’s never too late to start. The goal should be continuous improvement over perfection. I also believe there are trade-offs in decision making. With quality information, you can make informed, risk-aware decisions in order to deploy resources with maximum return.
As an independent consultant, I implement strategic and tactical risk management and compliance solutions tailored to the company and industry. I leverage my experience to influence decision-making, reduce risk / exposure, and solve complex problems.
REPRESENTATIVE PROJECTS
Over the course of my career, I have worked on vast and varied projects across clients and industries.
A handful of my recent notable projects are highlighted below.
Risk Management Framework Implementation
I worked with the company to define a risk management strategy based on the goals and risk appetite of the business. I implemented a comprehensive risk management framework to support the strategy and compliance requirements, identifying key risk indicators and monitoring protocols to effectively manage risk, conduct an annual maturity analysis, report to senior management, and enable decision making.
Data Center Migration Control Framework
A company had embarked on a complex, multi-year data center migration to outsource their critical high availability data centers to a third-party. I was engaged early in the project to identify the impacted processes and compliance requirements and implement measures to ensure the third-party could support the company’s compliance requirements during and after the migration. SOC 2 compliance was maintained and no negative impact to existing or new business was experienced during the transformation.
GDPR Compliance
In response to the European Union’s General Data Protection Regulation (GDPR), I managed an initial Risk Assessment and developed remediation plans with business and technology leaders to support compliance with the regulation.
SOC 2 Readiness Assessments
I have worked with several companies at various stages of risk and control maturity to prepare them for a first-time SOC 2 audit or recommend remediation plans in advance of an upcoming audit. I refined the control framework to align with the business strategy and objectives while still meeting the necessary compliance requirements. My broad SOC 2 experience, both as an adviser and an auditor, has taught me there’s no “one size fits all” approach to SOC 2 compliance.
Risk & Compliance Standard Contract Terms
A company frequently contracted with Fortune 500 financial institutions with stringent risk / security requirements. I developed standard contractual terms and negotiated the risk / security elements for a multitude of contracts to minimize risk to the company and ensure contractual requirements could be maintained in a strategic and cost-effective manner.
STANDARDIZED Risk & Compliance Due Diligence
After analyzing the time incurred by the organization to support bespoke client requests and risk questionnaires, I identified common information requests and relevant industry standards to develop a standard due diligence package. The package was used to uniformly respond to information requests and proactively manage the third-party oversight requirements of the company’s 100+ Fortune 500 clients.
SOC 2 Transformation
A company was struggling to “pass” their SOC 2 audit – multiple qualifications to the required criteria resulted in ongoing questions from clients and increased monitoring / oversight by them. We implemented targeted remediation plans and evolved the control environment to not only resolve the qualifications, but deliver a report tailored to client requirements and industry standards beyond the minimum SOC 2 criteria.
Third-Party Oversight Program Implementation
A company utilized hundreds of third parties to support their services but didn’t have a centralized repository or program to manage them. I implemented a comprehensive third-party oversight program, including requirements and processes for third-party contracting, initial due diligence, and ongoing monitoring. I then worked with management to conduct initial and ongoing risk assessments and monitoring activities over critical third-party vendors.
Process & Control Development
A company frequently implemented significant changes to their technology and augmented their services with third parties. I worked with the business and technology teams to implement processes and procedures that required a comprehensive risk assessment at project initiation and ensured security, risk, and compliance requirements were considered throughout the project lifecycle.
“I had the pleasure of working with Maggie for a number of years. She is driven, detail-oriented and always gets the job done. Her level of expertise and deep domain knowledge enabled her to identify critical risk and compliance gaps and implement strategic, tailored solutions to address business needs. Maggie’s core competencies and skillset truly helped transform our business area.”