Richard R. Gomes
Richard’s recent professional focus has been on IS Governance, and he brings a standards and regulatory compliance perspective to the development and pragmatic implementation of IS policies and controls. At Citigroup he is responsible for the Records Management Program, and a member of the IS Policy and Standards working group.
With over 20 years of experience in the Strategic IT field, over 7 of which dealing specifically with Information Security, and IS Governance, Richard is an active member of both ISACA (CobiT) and (ISC) 2 (ISO 17799/27001) where he participates in the drafting and review of IS Governance and Security frameworks and standards.
Prior to joining Citigroup while with Deloitte & Touche’s Enterprise Risk Practice, Richard developed compliance programs for such directives as the SEC White Paper, BASIL II, SAS-70, SOX (302,404,409), and HIPAA. In addition to establishing a robust Program Office function for his clients, he lead senior management workshops on the business benefit and applicability of ISO 17799/27001, CobiT, CoSO, ITIL, and NIST/Trusted Architectures.
Richard brings thought leadership, best practices, and established methodology to very large scale strategic initiatives involving the compliant deployment of Business and Technology directives. This involves the deployment and administration of tight controls over all aspects of the program life cycle with a strong emphasis on risk mitigation, embedded security and compliance controls, program/project controls, delivery validation, knowledge transfer and awareness, acceptability testing methodologies, and ongoing assessment methods.
Richard R. Gomes has spoken at the following CGOC events:
-
Getting your Retention Program in Order and linking it to Holds
-
An Operational Framework