Todd is a Managing Director in KPMG’s Advisory practice and has more than 17 years of experience in delivering business process and information technology advisory services to Fortune 500 organizations. He has extensive experience performing large SAP transformation projects with a concentration on internal controls and security design. He has also led a number of large implementations and assessments of SAP’s Governance, Risk and Compliance (GRC) solutions including Access Controls and Process Controls. He is KPMG’s SAP Cyber Security leader and has help many clients address the unique security risks prevalent in the market today.
In addition to his work in the United States, Todd has extensive international business experience having completed a secondament in Sydney, Australia, as well as leading project teams in Scotland, UK, China, Japan, Israel and Brazil.
Professional and industry experience
- Directed a SAP Security Maturity assessment to identify the cyber security risk and performed a vulnerability assessment utilizing the SAP scanning tools and proprietary framework.
- Assisted a company develop its target operating model for their global security operations including third party security support, threat and vulnerability management program and patch and security notes management.
- Delivered Security and Controls Integration project organization going through a large SAP transformation project.
- Executed a SAP GRC and Role Based Security Assessment for a large company. Performed detailed security assessment and identified gaps in existing design of the SAP GRC tool. Identified enhancements to the existing internal controls structure.
- Led Cyber Maturity Assessment for a large organization. Identified areas for improvement and recommended enhancements across six domains: Legal and Compliance, Operations and Technology, Business Continuity and Crisis Management, Leadership and Governance, Human Factors and Information Risk Management. Presented results to the Audit Committee and Board of Directors
- Led a multi-phase project to assist in the implementation of SAP GRC 10.0 Access Controls. The project included the design, setup and configuration of the tool for a large healthcare and life sciences company.
- Led a multiyear SAP Center of Excellence (COE) project for a Fortune 150 pharmaceutical company. Optimized and further automated the existing business processes for P2P, OTC, G/L, Supply Chain, and HR. Performed extensive redesign of the organizations SAP Access Controls Ruleset and mitigating controls. Developed the COE’s upgrade plan for SAP GRC 10, which included SAP Process Controls.
- Developed a roadmap to redesign the SAP security architecture and deployment of SAP GRC at a Fortune 500 chemical company with a global instance of SAP.