| |
Susan A. Johnson,C.A.,
CISSP
Professional Profile
Susan has over
10 years management and 15 years consulting
experience in business and information technology,
in a variety of industries including healthcare, banking, insurance,
telecoms, IT
(software, consulting services), public sector,
and transportation (airlines and railroads). Facilitation, skills transfer and coaching to support organisational change have been key elements of all her successful consulting projects, whether the project focus was business process redesign, strategy, systems development, or package evaluation and implementation. She has worked with and provided consultation services to large organizations in the UK, Canada, USA, Australia, Singapore and Hong Kong. She is comfortable at all organizational levels. She has also travelled extensively, to over 50 countries.
Susan has significant recent knowledge and experience in the area of information security and privacy, helping organisations to:
-
Address security issues within an integrated risk management framework, which considers people, business policies, processes and physical environment, as well as information technology.
-
Use privacy management to attract and retain customers, reduce risks and cut costs through progressive corporate policy, improved business practices and security of customer information.
Susan also believes that security is a continuing process, not a one-time effort, and must involve key stakeholders to ensure that recommended controls are actually implemented and sustainable over time. She has presented to and served as a subject matter expert on privacy and security to various business and professional groups.
Susan's secondary consulting focus is on enabling business innovation and performance improvement through effective use of information technology. This includes: developing technology strategies to support business strategic objectives; designing innovative business processes, work structures and management systems to improve operating efficiency and customer experience, while reducing costs; and assisting the organisational change process through the use of facilitated structured workshops to ensure commitment and results.
Top
|
Areas of Professional Expertise
-
Privacy opportunity and risk assessment - Providing a snapshot of the critical risks, helping to focus compliance efforts. Considering legal/regulatory context, Generally Accepted Privacy Principles (AICPA/CICA). Identifying opportunities to attract and retain customers and cut costs through improved information management practices and customer service. See presentation: Canada's New Privacy Laws... and how businesses can benefit from them!
-
Privacy Impact Assessment (PIA) - Using a proactive and practical approach to ensure that privacy concerns and safeguards are addressed early in a project rather than ignored or added on later as an expensive afterthought. This offers significant benefits by inspiring trust and confidence of consumers / citizens in what happens to their personal information.
-
Strategic security analysis - Identifying critical assets, threats and vulnerabilities using a structured workshop approach. Recommending appropriate and cost-effective controls, considering the business context, legal and regulatory environment, best security practices, and organization strategy and culture. See presentation: Security Strategies to Enhance Privacy
-
Security training / awareness sessions for executives, managers and business users of information technology. See Internet Security & Privacy for Beginners for an example of a recent community awareness presentation.
-
Security policy development - Facilitating an inclusive process with key executives and managers to develop security policies that will be accepted and enforced.
-
Business and IT strategic planning,
including E-business and CRM strategies.
-
Business process innovation, including
design of work structures and management systems and effective management of change to achieve benefits from the investments in technology.
-
Project management and systems development,
including business requirements, prototyping /
iterative development, data, process and object modeling
and methodologies.
-
Marketing and business development of consulting services.
Top
|
Professional Qualifications
Top
|
Selected Professional Experience
|
Information Privacy and Security
As part of a small team, conducted Privacy Impact Assessments for information technology projects for several Canadian federal government departments. These assessments include analysis of the collection and distribution of personal information, facilitating the completion of a Privacy Analysis, evaluation of privacy issues and risks, including information security risks and safeguards, associated implications, and recommendation of potential mitigation strategies.
Conducted a privacy risk assessment for a financial services regulatory agency, to identify risk areas in current privacy policy and practices. Subsequently drafted a 'plain English' privacy policy suitable for reading by the 1.5 million customers of the financial service providers in the province, and information access procedures and forms to implement the policy.
Worked with senior management and the board of directors of a large non-profit arts organization to review current privacy practices, draft a privacy policy in compliance with PIPEDA, and present it to the Executive Committee of their board for review and approval. The policy covered the collection of personal information from patrons, donors, sponsors and volunteers, and addressed a number of issues around forms of consent, and potential impacts to their marketing and fundraising practices.
Performed a privacy risk assessment and strategic security analysis for a professional services firm in the financial industry. The project included identifying threats and vulnerabilities, and recommending appropriate and cost-effective controls to protect client privacy and safeguard critical assets. Subsequently assisted with implementation of the recommendations, which addressed people, policy and business process aspects, the physical environment and information technology.
As the Privacy Officer, developed a privacy policy, procedures, and supporting systems for Horizons Unlimited, an e-business site serving a niche market in the travel sector. As co-founder, responsibilities include strategy, design and implementation planning, content development, newsletter, web design and usability, community building, marketing and online sales. The site is supported by a rapidly growing (over 12 million hits and 415,000 user sessions per month) and incredibly loyal user group, and is a respected provider of specialized content (currently over 20,000 pages) to a desirable demographic segment. The privacy policy covers an active bulletin board, and information content provided by travellers using electronic forms and web logging software.
Top |
Business and IT Strategy
Supported the development of an information management and technology strategy for the UK healthcare regulator, facilitating structured workshops to define high level business processes and the associated information requirements. The strategic vision is supported by a number of technologies, including customer relationship management (Siebel CRM), website redesign and content management, document management and the infrastructure to support them. Subsequently assisted with mobilisation of the multi-year implementation programme, including development of the strategic business case for approval at board level, establishment of the programme governance and organisation, recruitment of project managers and business analysts. Most recent responsibility was supporting organisational change needed to achieve benefits from the investment in information technology, including development of business cases and benefits realisation plans, training and internal communications.
As a Consulting Executive for a major UK outsourcing and consulting firm,
assumed the role of Head of E-Business for a professional services joint
venture in the financial industry. The mandate combined both management
and consulting roles, and included developing an E-Business strategy, defining
an E-Business consulting service offering and value proposition, and creating
a professional team through recruiting and retraining, while exceeding
ambitious revenue targets. A major achievement was to gain agreement by
the Executive and Board to an E-Business vision and approval of investment
in capability (methods, skills, partnering). The subsequent mandate focused
on creating a new innovation service to nurture e-business ideas within
the bank and its subsidiaries and joint venture partners.
Coached and facilitated the development of a technology
strategy for the corporate banking department of a large UK bank. The assignment
featured extensive use of facilitated workshops with senior business and
technology managers to determine future business requirements for the organisation,
establish guiding principles and the technology architecture and define
the strategic technology work programme. The programme includes Internet
banking, e-Commerce, customer relationship management, and the replacement
of legacy product processing systems. Subsequently assisted with mobilisation
of the programme, including programme management structure, resourcing
and benefits management.
Top
|
Organisational Change Management and Business Process Innovation (BPI/BPR)
Supported
a large Australian telecommunications company in their redesign of workflow
and processes in the Customer Service and Payroll departments. Facilitated
workshop sessions to refine the understanding of business goals, critical
success factors and priorities for process redesign, and to set ambitious
targets for productivity improvements. For example, for an application supporting customer service, we reduced elapsed time for the process from 7 weeks to 48 hours by eliminating redundant activities and redesigning the process using electronic forms and workflow technology. The workshops were then used as
the foundation for system architecture and for structured rapid prototyping
of new information systems.
Facilitated and coached the downsizing and restructuring of the Information
Technology department for a major (50,000 employees) Australian bank with
international operations. Re-engineered the IT processes for greater efficiency.
Developed systems to enable monitoring of projects and effective resource
utilization. Designed and implemented new career and reward structures
to encourage skills development and flexibility.
Top
|
Knowledge Management and Competence
Development
Responsible for the design, development and delivery of professional development seminars for management consultants for DMR Group (now Fujitsu Consulting), an international information technology consulting firm. Topics included the consulting process, business development, interpersonal skills, conflict resolution, presentation and report-writing skills, business ethics and quality management in consulting.
Conducted training in Productivity Plus (DMR Group's system delivery life cycle methodology) for both clients and DMR staff in Australia, New Zealand and Asia. Courses taught included project management techniques; definition of business requirements; data and process modeling and prototyping techniques; software package evaluation; and the roles and responsibilities of users in the development process. In addition, provided consulting assistance and workshop facilitation services to clients on systems development and implementation projects in the airline, leisure and insurance industries.
Managed the DMR Group Education Services function in Melbourne, Australia, encompassing training of DMR professional staff and clients. Responsibilities included marketing of education services, course organisation and scheduling, training trainers. Also provided coaching, facilitation and quality assurance services to clients on systems development and implementation projects in the airline and insurance industries.
Top
|
Business and Practice Development
As a Consulting Director and practice leader for Lotus Consulting (now IBM Global Services), built the Process Innovation practice in the Asia-Pacific region, generating consulting revenues in excess of $1 million in less than a year. Responsibilities included business development of the practice, translating client needs into business solutions, directing consulting projects, maintaining constructive account relationships, developing methodologies, recruiting and professional development of consulting staff.
Top
|
Project Management and Systems Development
As a consultant to the Ministry of Finance of the Province of British Columbia, planned the implementation of Oracle financial systems (General Ledger, Accounts Payable, Purchasing, Asset Management, and Projects) for several large and decentralised provincial government departments in Canada. Working closely with the business representatives, facilitated the development of strategies and detailed plans for redesign of work processes, documentation, end-user training, acceptance testing and communications activities necessary to successfully implement Web-enabled processes using the Oracle financial systems. Developed a generic implementation guide as a template for these and other provincial departments to be used for planning their Oracle financials implementations in succeeding years.
Project director and thought leader
of the Accelerated
Value Method (AVM) - the system development methodology used by
Lotus Consulting (now IBM Global Services). This integrated approach incorporates business
process redesign, rapid application development / prototyping, enterprise-wide
deployment, organizational transformation and project management in order
to deliver business value rapidly using new technologies. The AVM team
incorporated worldwide best practices in these disciplines and produced
tools (such as checklists and questionnaires) and techniques for use by
consultants and clients.
Concurrently developed and taught
a series of five two-day AVM courses for Lotus Consulting, Lotus' business
partners and clients in North America, Europe, Australia and Asia. The
courses included Transformation Management, Process Innovation, Collaborative
Development, Enterprise Deployment and Engagement Management.
Managed the development of a customer relationship
management (CRM) system for the corporate banking department of a UK bank, using
structured rapid prototyping techniques to deliver a system ready
for worldwide implementation in less than six months. The work was done
in Singapore for a worldwide user base of corporate bankers, and training
took place in the UK, Hong Kong and Singapore.
Conducted a review of the effectiveness of change
management processes for the system supporting payment of agent remuneration
for a major Australian insurance company. The review encompassed workload
distribution, tools and facilities, documentation, control mechanisms and
quality assurance and testing functions within Information Systems.
As Freight Revenue Project Manager for BC
Rail, managed a multi-divisional project (Finance, Marketing and Information
Systems) to replace the freight invoicing and interline settlement systems
in a dual vendor hardware environment. Developed the logical database design
for the system using data modeling techniques. Subsequently used a prototyping
approach to develop a working model of the invoicing system, including
inquiry capability and automated interfaces to other systems.
Top
|
Package Evaluation & Implementation
Directed the development of internal DMR methodology for selection and
implementation of application software packages, including package evaluation
guidelines, generic functional specifications for financial and human resource
applications and implementation planning aids. Conducted numerous package
evaluation and implementation projects for companies in various industries,
including government departments, telecoms, airlines and professional services.
The approach made extensive use of workshops and coaching of client personnel.
Responsible for the requirements analysis, market
survey and evaluation of a human resource information system for a Canadian
airline. Assignment featured extensive coaching of client personnel through
the software package evaluation process.
Directed the requirements definition and evaluation process for general
ledger, accounts payable, fixed assets, capital project management and
purchasing software in an IBM mainframe environment for a large Canadian
telecommunications company. The assignment featured extensive use of workshops
and coaching of client personnel.
Directed the requirements definition and evaluation of alternatives for
replacement of all major financial systems (job costing, billing, accounts
receivable, accounts payable and general ledger) for a large engineering
consulting firm in a minicomputer environment.
As Financial Projects Co-ordinator, managed the requirements definition
and selection of software packages for financial systems in an IBM mainframe
environment for the British
Columbia Government Ministry of Lands, Parks and Housing. Subsequently,
directed the implementation of Walker Interactive financial software in
a complex, decentralised organisation. Developed and conducted management
and user training in field offices and headquarters.
Top
|
Financial and Security Management
As Manager of General Accounting for BC
Rail, managed a staff of 25, responsible for payroll of 2,600 employees,
accounts payable, billing and interline freight settlement functions functions
for a $300 million transportation company. Security management responsibilities
included the implementation of policy and procedures to establish and maintain
effective security controls on complex mainframe billing and freight settlement
systems, and implementation of all external audit recommendations. Established
administrative security controls over critical assets, including separation
of duties, job rotation, backups, record retention and audit trails.
As Manager of Financial Operations for the British
Columbia Government Ministry of Lands, Parks & Housing, managed
the Financial Services Branch (staff of 23), responsible for payroll of
up to 2,000 full- and part-time employees, accounts payable and internal
controls on assets and revenues. Security management responsibilities included
development and implementation of security policies, procedures and administrative
controls protecting key financial and payroll systems, and implementation
of audit recommendations. Supervised and trained accounting staff.
Top
|
Internal and External Audit
As Audit Supervisor in the Office
of the Auditor General, British Columbia, Canada, participated in comprehensive
financial management audits of government departments and corporations.
. These audits encompassed a review of the planning and budgeting processes,
control of assets, revenues and expenditures, management of the financial
function and internal audit, and included reviews of the security controls
on critical assets, revenues and expenditures. Responsible for conducting
interviews, liaison with senior executives in the client organisations,
writing and presenting audit reports.
As Audit Supervisor for Joscelyn, Laughlin, Harper, Tory, Chartered Accountants
(now part of Ernst & Young), planned and executed audits of organizations
in a variety of industries over a 5-year period. These audits included
reviews of the security controls (administrative, operations and technical
aspects) in place to protect the confidentiality, integrity and availability
of critical information systems and assets, and recommendations for security
improvements. Supervised articling students, and provided consulting and
tax planning services to small- and medium-sized clients in a variety of
industries.
Top
|
Professional Associations
Top
|
Recent Presentations, Speaking Engagements
and Articles
Top
|
Other
-
Canadian and Australian dual citizenship.
-
UK Residence permit valid to May, 2011.
-
Qualified for USA TN-1 work permit under NAFTA regulations.
-
Written and spoken English and Spanish
Personal Accomplishments
Travelled around the world on a motorcycle with my husband, to over 26
countries in Europe, Africa and South America. We were written about in
several publications as a result of successfully completing an odyssey
that only a few hundred people in the world have accomplished. While still
travelling, we published our travel stories and photos on our website,
which we have now expanded to become Horizons
Unlimited, the best known and most respected motorcycle travel information
site on the web, attracting over 550,000 visitors a month from 140 countries.
Printable
version (Adobe Acrobat PDF file)
Top
|
|
 |
|
