Karen Riley
LSC Communications
VP, Chief Information Security Officer
Biographical Info
Karen has over 20 years of experience in internal/external audit, compliance, risk management, enterprise systems, and information security. Working in professional services, she has key clients in the consumer goods, financial services, healthcare, and manufacturing industry sectors. Her technical experience includes: • Compliance: Developed compliance programs for NIST, CSF, COBIT, Reg SCI, ACA Financial processes, SOX, and MAR. Projects included developing standards, policy, procedures, and controls, implementing GRC systems (Archer, RSAM, SAP GRC), executing compliance training, and implementing compliance monitoring processes • Internal Audit: Led co-sourcing engagements that executed enterprise risk and IT risk assessments, developed annual IA plans, leveraged established IA methodology to complete IA assessments and consultative management reviews, and reported to Executive Management Leadership and Audit Committees • External Audit: Led engagements to assess business processes and internal controls in support of the integrated financial statement audit • Enterprise System Experience: Completed implementation and assessment projects for PeopleSoft, SAP, WorkDay, Oracle EBS, and Oracle Cloud environments • Information Security Experience: Completed implementation and assessment projects for cybersecurity maturity, third party risk management, incident response, data loss prevention, identity and access management, and business continuity management and led project activities to harden infrastructure components including database, server, and perimeter security • Privacy Experience: Developed strategies for addressing privacy components such as cross border data transfer mechanisms, works council negotiations, and Data Privacy Authority registrations and addressed privacy risk exposure