Forum Facilitator: Susan Orr
Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise. During her 14 year tenure as a bank examiner, Susan held numerous lead positions including Regional IT Examination Specialist, Special Assistant to the Regional Director, Special Assistant to the Director of DSC, and Special Assistant to the Vice Chairman of the FDIC. Susan was also a lead instructor for the FDIC's technology school and was instrumental in key industry initiatives such as the FDIC E-Risk Strategic Initiatives Risk Monitoring Committee, the Chicago Region Interagency Technology Group, and the Federal Financial Institutions Examination Council (FFIEC) IT Handbook rewrites. Prior to launching her consulting practice, Susan was Vice President of Regulatory Compliance for an Internet security company where she advised staff, customers, and partners on regulation, security, and risk management.
As an auditor and consultant, Susan performs IT audit and regulatory reviews for financial institutions as well as assist institutions in preparing for and responding to a regulatory examination. Her expertise as an auditor and former examiner provides her the knowledge and expertise to assist de novo institutions in the vendor selection process, preparing policies and procedures, and instituting controls. She also consults for numerous security providers and vendors helping them align products and services to meet institution regulatory mandates. She has over 18 years experience in the IT regulatory field and speaks regularly at risk management and security seminars and conferences and has authored numerous white papers on emerging information technology and security risk management topics. Susan retains close relationships within the FFIEC agencies as well as industry trade groups to stay abreast on new technologies, best practices, and regulatory issues. Susan is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) and Certified Risk Professional (CRP).