Gina Godlewski, CISA
Education:
Bachelor of Science (B.S.)
Double Major in Information Systems and Accounting
Fairfield University
2010 : 2014
Experience:
- Direct the completion of Cybersecurity risk analysis sessions and risk assessment activity.
- Identify and lead the appropriate SMEs to participate in the identification and analysis of risk scenarios.
- Support the accountable parties in determining the appropriate treatment of identified risks and partner with Cybersecurity risk leaders to develop audit and risk mitigation plans.
- Identify and lead the determination of appropriate action plans for risk remediation.
- Communicate risks and risk remediation and facilitate the acceptance of risk aligned with Travelers risk appetite.
- Inventory, assess significance, assign accountability, and lead the development of appropriate monitoring for the Cybersecurity control environment.
- Align IT Risk Management (ITRM) activity with the IT Process, Risk and Control (PRC) framework.
- Gain an understanding of how Cybersecurity controls map to the IT PRC framework and gaps in risk and control coverage.
- Partner with Cybersecurity in identifying and obtaining the data required for consolidated metrics and reporting.
- Develop and lead efforts for creation and support of Cybersecurity specific reporting dashboards and metrics that are external to the risk management tool.
- Identify additional Cybersecurity ITRM processes or specific requirements that can be operationalized through the risk management tool and lead efforts associated with bringing these efficiencies into fruition.
- Lead the development of training methodologies that support the education and awareness of Cybersecurity personnel across ITRM principles, concepts, and methodologies.
- Lead enterprise-wide strategy development initiatives for communication, education, and awareness of key ITRM initiatives.
- Leadership in the ITRM council.
- Lead efforts in supporting the LOBs understanding and applying policies, standards, and procedures across the IT environment.
- Serve as primary point for all risk programs (e.g., ITRM, Corporate Audit, Compliance).
2022 : Present
Travelers
Cybersecurity Governance, Risk, and Compliance Officer
- Assist the Program Director as requested in managing the audit team.
- Develop, lead, and execute audits of various company technology functions (including Sarbanes-Oxley compliance reviews), incorporating an understanding of technology processes, risk assessment techniques and generally accepted auditing standards.
- Supervisory responsibility for review of work performed and leads the most complex audit projects.
- Independently assess the effectiveness of controls, determine the potential impact of any control failure, and recommend corrective actions to the business.
- Prepare documentation in adherence to internal audit professional standards, best practices and Corporate Audit's methodology.
- Review workpapers to determine completion and adherence to standards.
- Write audit reports with minimal supervision.
- Perform regular business monitoring of Traveler's IT functions by maintaining ongoing relationships with key members of business management, attending meetings and reviewing documentation.
- Monitor the status of existing corrective actions and schedules validation of completed corrective actions.
- Ensure that all parts of each audit are completed, in addition to monitoring and reporting time incurred versus time budgeted.
- Identify emerging industry issues and assesses any implications for the company.
- Assist PD with preparation of the quarterly audit results summary presented to business management. The summary includes the results of recent audits and the status of issues and corrective action plans.
- Proactively train and develop staff in the application of various technology audit and risk assessment techniques as well as provides guidance, support and constructive feedback to team members and managers.
- Manage additional Corporate Audit projects that support the department, including, but not limited to, assistance in the development of the Audit Universe, plan and schedule.
- Develop and support internal improvement initiatives.
2022 : 2022
Travelers
Director, Technology Audit
- Plan, lead and ensure execution of the audits of various company technology functions, incorporating an understanding of technology processes, risk assessment techniques and generally accepted auditing standards.
- Develop audit plans, programs and specific tests to evaluate control areas.
- Hold supervisory responsibility for review of work performed and act as a lead reviewer to manage audit projects.
- Independently assess the effectiveness of controls, determine the potential impact of any control failure and recommend corrective actions to the business.
- Prepare documentation in adherence to internal audit professional standards, best practices and Corporate Audit's methodology.
- Review workpapers to determine completion and adherence to standards.
- Write audit reports with minimal supervision.
- Perform regular business monitoring of Traveler's IT functions by maintaining ongoing relationships with key members of business management, attending meetings and reviewing documentation.
- Monitor the status of existing corrective actions and schedule validation of completed corrective actions.
- Ensure that all parts of each audit are completed, in addition to monitoring and reporting time incurred versus time budgeted.
- Identify emerging industry issues and assess any implications for the company.
- Assist leadership with preparation of the quarterly audit results summary presented to business management. The summary includes the results of recent audits and the status of issues and corrective action plans.
- Proactively train and develop staff in the application of various technology audit and risk assessment techniques as well as coach team members to enhance their capabilities and career development.
- Consistently adhere to internal audit professional standards, best practices and Corporate Audit’s methodology.
- Lead Sarbanes-Oxley compliance reviews and perform business monitoring.
2020 : 2022
Travelers
Manager, Technology Audit
- Lead and participate in audit reviews of various company technology functions, incorporating an understanding of technology processes, risk assessment techniques and generally accepted auditing standards.
- Act as lead reviewer on complex infrastructure audits and targeted assurance initiative projects.
- Identify risks and oversee testing of/ test controls associated with financial integrity, operational effectiveness, compliance with rules and regulations, and systems and data integrity.
- Develop audit plans, programs and specific tests to evaluate control areas.
- Analyze findings and test results and arrive at sound fact-based conclusions and appropriate recommendations for problem areas noted.
- Prepare documentation in adherence to internal audit professional standards, best practices and Corporate Audit's methodology.
- Prepare audit reports including recommendations for improvement and present to executive senior leadership.
- Assist in training and developing others in audit, risk assessment techniques, and technology principles.
- Perform regular business monitoring of Traveler's IT functions by maintaining ongoing relationships with key members of business management, attending meetings and reviewing documentation.
- Monitor the status of existing corrective actions and schedules validation of completed corrective actions.
2018 : 2019
Travelers
Senior Technology Auditor
- Identify risks and test controls associated with financial integrity, operational effectiveness, compliance with rules and regulations, and systems and data integrity
- Assist in developing audit plans, programs and specific tests to evaluate control areas
- Meet with senior management to conduct walkthroughs to confirm understanding of process
- Analyze findings and test results and develop sound conclusions and appropriate recommendations for problem areas noted
- Prepare documentation in adherence to internal audit professional standards, best practices and Corporate Audit’s methodology
- Contribute to the preparation of audit reports including recommendations for improvement for delivery to executive management
- Perform regular business monitoring of Traveler’s IT functions by maintaining ongoing relationships with key members of business management, attending meetings and reviewing documentation
- Monitor the status of existing corrective actions and schedules validation of completed corrective actions
- Assist in integrated audits and targeted assurance reviews of business areas to provide technology control expertise
2016 : 2018
Travelers
Technology Auditor
Company: Travelers
Years of Experience: 10
Spoken Language: English, Spanish