John is a Managing Director at Protiviti with over 18 years experience in IT consulting, risk management, and audit.
His primary focus has been helping companies optimize their business practices and reduce risk through the use of enabling technology. A regular speaker on the subject, he leads the U.S. Central Region’s ERP Solutions practice, specializing in efficiently managing business risks and leveraging automation within mission-critical applications such as SAP’s and Oracle’s ERP platforms and their related Governance, Risk, and Compliance (GRC) toolsets.
Representative Engagements Include
- SAP Controls and GRC – Directed project to evaluate and enhance the segregation of duties (SoD) and security associated with a new SAP deployment at an exploration and production company. Further oversaw the implementation of SAP’s GRC Access Control tools to streamline and manage ongoing security matters
- Oracle Controls and GRC – Directed the controls integration work for an Oracle R12 implementation at a energy company by assisting the project team with input towards optimal configurable control design. This project also included the design and build of security responsibilities with proper access and segregation of duties controls within the security model Further, implemented Oracle’s GRC Access Governor to provide ongoing monitoring and control
- SAP Implementation – Assisted drilling start-up in the selection of a systems integrator for a new SAP implementation and directed the client side effort to monitor project timeline, coordinate requirement and design input, perform integration and user acceptance testing, coordinate training and deployment, and arrange for hosting and post-go live support. Additionally, consulted on controls and GRC
- SAP HR/Payroll Security Implementation – Directed an initial review of SAP security which identified issues and risks particularly within the HR/Payroll. This prompted a complete re-implementation of HR/Payroll starting with requirements gathering and architecture design, and proceeding through detailed design, build, testing, and deployment
- Software Strategy and Selection – Directed a project at an manufacturing firm to establish the application strategy going forward including a Phase I to gather requirements and select software to close gaps including RFPs, demos and scorecarding; a Phase II to consult on the implementation roadmap and project plan, and a Phase III to run a project management office for the pilot and rollout, with focus on status, resources, risks, and communication with stakeholders
- BBA, Management Information Systems, University of Houston
Professional Memberships & Certifications
- Certified Information Systems Auditor (CISA)/ISACA
- Certified Internal Auditor (CIA)/IIA