2022-2023 Board Members
Kelly Lin is a VP, IT Project Manager at East West Bank with 8 years of experience in financial and IT audits. She leads the SOX IT program at East West Bank and has experience in cybersecurity, system, and application audits. Kelly was an IT Advisory and Risk Consulting Senior with KPMG.
Kelly’s involvement with the ISACA Los Angeles Chapter began when she was a college student and was nominated by the board to serve as the Treasurer. And since then, she has actively taken up various leadership roles, including Board Director, Programs Chair, Conference Registrar, Volunteer Chair, and was also managing the Chapter email communications. She is currently the Chapter President.
Kelly received the Chapter’s Beyond the Call of Duty Award in 2019, and was also an opening co-speaker with the ISACA CEO and Board Chair at the 2019 North America CACS Conference where ISACA celebrated its 50th anniversary.
Carol Gonzales currently serves as Cal Poly Pomona’s AVP for IT Security & Compliance and Chief Information Security Officer. She has over 30 years of experience in government, higher education, and financial service sectors with experience in security, audit, project management, and IT service operations. At Cal Poly Pomona, Carol is responsible for the information security and compliance management strategy and programs including the adoption of campus IT policies and procedures, all IT auditing and risk management projects, as well as accessible technology and services for persons with disabilities. Supported by the IT teams, she also works with the university community to support business continuity and disaster recovery. Carol also serves as an adjunct professor at Cal Poly Pomona for the College of Business Computer Information Systems department.
Carol is an active member of ISACA and has served in various chapter leadership roles as early as 1996. She currently serves as Vice President, where she has supported successful virtual membership events, as well as the Chapter’s transition to in-person events including the Chapter’s Holiday Seminar with IIA. She has also been an active partner with the Academic Relations committee. She has been a facilitator and presenter at the ISACA LA Spring Conference and CISA review sessions.
Carol is a proud alumnus of Cal Poly Pomona where she earned her Bachelor of Science in Computer Science and Master of Science in Business Administration with an emphasis in IS Auditing. She earned her doctorate from Claremont Graduate University in Information Systems and Technology.
Carol is a Certified Information Systems Auditor (CISA), Certified Data Privacy Solutions Engineer (CDPSE), and has the ITILv3 (Information Technology Infrastructure Library) certification.g
Carl Grifka is a Director of Process and Risk Consulting at RSM US LLP. Carl has a unique background encompassing a valuable set of finance, compliance, and IT experience. Carl specializes in internal/IT audit, Sarbanes-Oxley (SOX) compliance, and lean process improvement. Carl recently served as CFO at Cinionic, a cinema technology solutions provider, where he led the global finance department and built the company’s risk and compliance program. Additionally, Carl led Cinionic’s global initiatives to finance its new OPEX-focused business service models for cinema technology and equipment. His previous roles include being a lead auditor for General Motors and a revenue agent for the IRS. Carl is a PMP, CISM, CISA. CDPSE, and LSSGB. Carl is an alumnus of Michigan State University and the University of Michigan- Dearborn.
John is currently Director of Risk and Assurance for North America at Orora Group, an
Australian based packaging company. Previously, he was GRC Manager at LA County in the Internal Services Department Cyber Governance Organization and was Aon IA global leader for IT Audit, Privacy and Data Analytics in Chicago for 20 years. IT risk executive with
extensive experience in global corporate financial services and large government
organizations. Leader of data protection and cybersecurity reviews in regulated
environments, and data center and cloud hosting reviews leveraging NIST framework.
Passionate leader of global teams, as direct line manager and in collaborative multi-
John transformed an Internal Audit data analytics function into a leading function providing data science services, collaboration, training, and risk insights. He also co-led the development of cybersecurity incident governance processes to oversee and coordinate cybersecurity and privacy incident response activities, communication strategies, and content for executives and governance boards, external stakeholders including regulators and clients.
Daniel Razmjou, MBA and MSIS, is an IT auditor with the IT Assurance practice at Hutchinson & Bloodgood LLP. With over 16 years of professional experience in finance, IT, and healthcare, Daniel concentrates on governance, risk, and compliance (GRC), and business continuity planning (BCP). He is also a computer and information systems (CIS) and management information systems (MIS) guest lecturer at California State University Los Angeles.
Patricia is currently Senior Manager/Advisor of Risk & Compliance at Southern California Edison. She is an enterprise risk management, cybersecurity, audit, and compliance leader with a track record of success in program and project implementation, strategic planning, risk management, team development, vendor management, and cross-functional collaboration. Her management strengths include leadership, strategic planning and business case development, relationship management, risk management and controls, team development, and process improvement. She has demonstrated ability to build consensus within teams. Outstanding communication, presentation, and negotiation skills; easily builds positive working relationships with associates, managers, and senior executives.
Tom is director with PricewaterhouseCoopers in their Risk and Regulatory practice. Over the past 15 years with the firm, he has focused on providing IT process and control services to clients in southern and northern California areas, amongst other markets. His work experience with these clients includes controls readiness assessments, third party / vendor risk assessments, and cybersecurity maturity assessments. In addition, he has lead dozens of teams in developing and executing internal and external audits to ensure compliance with various frameworks, such as SOX 404, NIST, and PCI. He enjoys using data-driven analytics, robotics, data visualizations, and next generation technology to drive efficiency and insight into not only audit results, but also into overall organizational effectiveness. Tom has been a Certified Information Systems Auditor (CISA) for over 13 years.
Michael Bobrowicz is an IT enterprise risk management and information security specialist with over 10 year of experience in industry. During his career, he has held various roles in multiple areas, including IT risk management and compliance, IT project management, software engineering, and business continuity & disaster recovery management. He has managed 20 direct report as a IT managed services program manager, been involved in 60+ projects as a IT project manager or lead software engineer, and conducted IT Risk and Business continuity/disaster recovery assessments and exercises in the US, China, Hong Kong, and India. He is currently working as the assistant vice president of IT Risk Management and Compliance at East West Bank, specializing in monitoring, implementation, and remediation of financial regulatory controls related to IT risk and security (FFIEC/CBIRC/HKMA/NIST control framework).
Michael has been part of the ISACA Los Angeles for 5+ years, and is currently serving as the chapter secretary and programs chair.
CyberCatch – VP, Chief Information Security Officer
Andy is a strategic business partner to the C-Suite, implementing business vision within acceptable business risk. He is an avid technologist with the understanding that cyber security risks are fundamentally a human problem. A conclusion he has drawn from successfully implementing information security programs across heavily regulated industries including banking, investments, insurance, and healthcare for the past 18 years. Andy previously served as the CISO for the digital brands and innovation businesses at Allstate. Andy helped insurance innovators deliver their capabilities in the cloud, while managing risk within acceptable tolerances.
Andy previously led the Risk Solutions group at Neustar. As Director, he supported multi-million dollar anti-fraud deals involving the internet and call center consumer channels for the top 10 financial institutions in the US. As a thought leader, he has been featured on American Banker and has had published thought leadership blogs on identity and GDPR: https://www.risk.neustar/blog/authors/andy-kim
Before Neustar, Andy served as Director of Technology Risk Consulting Services at FIS (NYSE: FIS), in the Risk Information Security and Compliance business, which attained the #1 ranking in the Chartis RiskTech 100, where he was responsible for leading a team of subject matter experts that provided expert advisory and consulting services focusing on fraud, digital crime and cybersecurity to hundreds of financial services clients in the U.S. He also led the design and product marketing of CyberForce, an innovative next generation fraud and cybersecurity anomalous activity detection solution in the U.S. and EMEA markets.
Other positions include CISO of a large regional bank in Los Angeles, CISO supporting the CTO and CIO of a major US bank, CISO and HIPAA Security Officer at a pharmacy benefit management software company, Americas Security Officer of one of largest asset management firms, and Group IT Risk Officer to the third largest insurance company in the US.
Andy is highly regarded in the industry for his subject matter expertise and thought leadership and is a frequent speaker at industry conferences. He also holds multiple certifications such as CGEIT, CISA, CISSP, CISM, and the CDPSE.
Debbie Lew is Chief Audit Executive for Kaiser Permanente. She provides leadership to the department to execute the right work in partnership with customers and other risk management units to add value to the organization. Prior to Kaiser Permanente, she was an Executive Director at Ernst & Young leading IT risk and compliance services for the national Health practice.
Debbie has held several volunteer leadership positions within the Information System Audit and Control Association (ISACA). She has been the chapter’s Spring Conference Chair since 1999. She was the first female member on the COBIT Steering Committee, a member of the CRISC credentialing task force developing a certification for IT risk practitioners, the Audit Committee and a Director on the global board of ISACA. Debbie is on the advisory board of California State University, Northridge (CSUN) for Accounting and Information Systems and has been an adjunct professor for both CSUN and the Nanjing University of Science and Technology. Debbie was honored to receive the President’s Award for service and leadership to the profession in 2015 and ISACA’s Outstanding Chapter Leader award in 2019. Debbie has been appointed to serve on the IIA’s Information Technology Guidance Committee 2020-2021.
Debbie is a Certified Information Systems Auditor (CISA), has the Certified Risk and Information Systems Controls (CRISC) certification and is a Certified Healthcare Internal Audit Professional (CHIAP). Debbie holds a Bachelor of Arts and is a graduate of the Executive Leadership Program at the Harvard Business School.