Paul Smith
@paulsmith1
Experienced audit, risk and information security leader driving GRC and compliance.
United StatesWhat I'm looking for
I am a seasoned audit, risk management and information security professional with deep experience designing and running GRC, third-party risk and internal controls programs for large enterprises. My background spans SOX, NIST, ISO, PCI, privacy, and implementing tools such as RSA Archer and ServiceNow to operationalize risk and compliance.
Throughout my career I have led internal audit organizations, built ERM and audit programs from the ground up, coordinated IT SOX efforts, and managed third-party risk assessments and remediation across complex global environments. I have delivered measurable process improvements, implemented security frameworks, and coordinated cross-functional stakeholders to reduce risk and ensure regulatory compliance.
I hold multiple professional certifications (CPA, CISA, CISSP, CISM, CFE, CRISC, PMP, PCIP, ISA) and certifications in privacy and GRC tooling, and I bring a pragmatic, business-aligned approach to security and compliance that emphasizes practical controls, remediation ownership, and measurable outcomes.
Experience
Work history, roles, and key accomplishments
TACyber Security Engineer
Toyota Motor North America
Jul 2022 - Present (3 years 3 months)
Lead third-party cyber risk assessments and remediation activities, reviewed supplier contract security/privacy requirements, and implemented risk-based security controls to improve compliance and reduce vendor-related security exposure.
TAGRC Management
Toyota Motor North America
Mar 2017 - Jul 2022 (5 years 4 months)
Coordinated IT SOX audits, implemented NIST CSF across Americas, and deployed RSA Archer to strengthen the GRC program while advising cross-functional teams on privacy and security controls.
CILed GRC oversight for consumer businesses, directed issue tracking and remediation, and provided PCI and information security governance during major card program transitions to maintain regulatory compliance and reduce control gaps.
Managing Director, Internal Audit
VRM Mortgage Services
Jul 2012 - Sep 2015 (3 years 2 months)
Established and led a 12-person internal audit function, developed risk-based audit plans across finance, operations, IT and cybersecurity, implemented ERM and business continuity programs, and drove process improvements saving 10,000 person-hours.
RASenior Risk & Compliance Specialist
Raytheon
Dec 2008 - Jan 2012 (3 years 1 month)
Provided internal audit and SOX compliance services, implemented quarterly self-assessments across 15 locations, chaired the Internal Controls, Risk & Compliance Council, and remediated control design and operating effectiveness gaps.
Education
Degrees, certifications, and relevant coursework
PBPace University, Lubin School of Business
Bachelor of Business Administration, Accounting
Completed a Bachelor of Business Administration with a major in Accounting and a minor in Finance at Pace University's Lubin School of Business.
SUSouthern Methodist University
Master's (Information Assurance), Information Assurance
Completed graduate-level studies in Information Assurance resulting in a master's-level certification from Southern Methodist University.
HUHarvard University
Certificate, Data Privacy and Technology
Completed a Data Privacy and Technology certification program at Harvard University.
Tech stack
Software and tools used professionally
Availability
Location
United StatesAuthorized to work in
Job categories
Skills
Interested in hiring Paul?
You can contact Paul and 90k+ other talented remote workers on Himalayas.
Message PaulFind your dream job
Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!
