About Stephen Spence
I am originally from Seattle, where I sent a majority of my life with the exception of nine years in the Air Force, three of which were overseas in Okinawa Japan. I entered the Air Force as a Computer Operator and finished both my Bachelors and Masters degrees while in the Air Force. I moved into Data Center Management after obtaining my officer commission. I continued to manage data centers for various firms in the Seattle area after leaving active duty and joining the Reserves/Washington Air National Guard. I retired from the US Air Force/Air National Guard at the rank of Major.
For the past eighteen years, after leaving a career in Information Technology Services Management, I have been working primarily in IT Audit and IT Risk and Control Management. I was first recruited into IT Audit by Bank of America for my strong IT experience and skills while still in Seattle. I moved to the Dallas area in late 1999 with EDS and remained in the Dallas-Fort Worth area ever since. Prior to moving into a Contract Consultant role I was most recently with The Depository Trust and Clearing Corporation (DTCC) as the Director of Enterprise Infrastructure and Information Security Audit. DTCC is a company may have never heard of, but is classified by the Federal Regulators as a Systemically Important Financial Market Utility (SIFMU) supporting all US trading clearing and settlement. I moved from an audit assurance role to build the IT Infrastructure Risk Advisory Services practice within DTCC Internal Audit Department. Prior to DTCC I Directed the Risk and Control Management Self-Assessment group for Citigroup's Global Consumer Group (GCG) IT Organization, which included all major Citi consumer businesses; CitiCards, CitiBank, etc. I directed the development and implementation of a GCG-wide IT Risk and Control Framework that was later used as the foundation of the Citi Technology Infrastructure-wide framework.
The past 3 years I have been working with several large organization in IT Risk, Compliance, and Governance consulting roles. However, I am continuing to explore new opportunities to develop Risk and Compliance Management programs and/or practices within a growing and evolving organization looking to enhance or implement strong risk and control governance practices and data/information protection policies and procedures. If your organization is investigating or currently involved in pursuing the development or enhancement of the Risk and Control/Compliance practices and processes within the organization, whether it be in IT/business operations or Internal Audit, I would be very interested in meeting and discussing my experience and background, and what I can bring to the table to help you in your pursuit.
For the past eighteen years, after leaving a career in Information Technology Services Management, I have been working primarily in IT Audit and IT Risk and Control Management. I was first recruited into IT Audit by Bank of America for my strong IT experience and skills while still in Seattle. I moved to the Dallas area in late 1999 with EDS and remained in the Dallas-Fort Worth area ever since. Prior to moving into a Contract Consultant role I was most recently with The Depository Trust and Clearing Corporation (DTCC) as the Director of Enterprise Infrastructure and Information Security Audit. DTCC is a company may have never heard of, but is classified by the Federal Regulators as a Systemically Important Financial Market Utility (SIFMU) supporting all US trading clearing and settlement. I moved from an audit assurance role to build the IT Infrastructure Risk Advisory Services practice within DTCC Internal Audit Department. Prior to DTCC I Directed the Risk and Control Management Self-Assessment group for Citigroup's Global Consumer Group (GCG) IT Organization, which included all major Citi consumer businesses; CitiCards, CitiBank, etc. I directed the development and implementation of a GCG-wide IT Risk and Control Framework that was later used as the foundation of the Citi Technology Infrastructure-wide framework.
The past 3 years I have been working with several large organization in IT Risk, Compliance, and Governance consulting roles. However, I am continuing to explore new opportunities to develop Risk and Compliance Management programs and/or practices within a growing and evolving organization looking to enhance or implement strong risk and control governance practices and data/information protection policies and procedures. If your organization is investigating or currently involved in pursuing the development or enhancement of the Risk and Control/Compliance practices and processes within the organization, whether it be in IT/business operations or Internal Audit, I would be very interested in meeting and discussing my experience and background, and what I can bring to the table to help you in your pursuit.