Board Nominees 2021 - 2022
Kelly Lin is a VP, IT Project Manager at East West Bank with 8 years of experience in financial and IT audits. She leads the SOX IT program at East West Bank and has experience in cybersecurity, system, and application audits. Kelly was an IT Advisory and Risk Consulting Senior with KPMG.
Kelly’s involvement with the ISACA Los Angeles Chapter began when she was a college student and was nominated by the board to serve as the Treasurer. And since then, she has actively taken up various leadership roles, including Board Director, Programs Chair, Conference Registrar, Volunteer Chair, and was also managing the Chapter email communications. She is currently the Chapter Vice President.
Kelly received the Chapter’s Beyond the Call of Duty Award in 2019, and was also an opening co-speaker with the ISACA CEO and Board Chair at the 2019 North America CACS Conference where ISACA celebrated its 50th anniversary.
Carol Gonzales currently serves as Cal Poly Pomona’s AVP for IT Security & Compliance and Chief Information Security Officer. She has over 30 years of experience in government, higher education, and financial service sectors with experience in security, audit, project management, and IT service operations. At Cal Poly Pomona, Carol is responsible for the information security and compliance management strategy and programs including the adoption of campus IT policies and procedures, all IT auditing and risk management projects, as well as accessible technology and services for persons with disabilities. Supported by the IT teams, she also works with the university community to support business continuity and disaster recovery. Carol also serves as an adjunct professor at Cal Poly Pomona for the College of Business Computer Information Systems department.
Carol is an active member of ISACA and has served in various chapter leadership roles as early as 1996. She has been a facilitator and presenter at the ISACA LA Spring Conference and CISA review sessions.
Carol is a proud alumnus of Cal Poly Pomona where she earned her Bachelor of Science in Computer Science and Master of Science in Business Administration with an emphasis in IS Auditing. She earned her doctorate from Claremont Graduate University in Information Systems and Technology.
Carol is a Certified Information Systems Auditor (CISA), Certified Data Privacy Solutions Engineer (CDPSE), and has the ITILv3 (Information Technology Infrastructure Library) certification.
Carl Grifka is Chief Financial Officer of Cinionic and Principal of Newport Consulting LLC. Carl is a dynamic Finance and IT leader specializing in finance, IT security/risk, project management, lean process design, and risk advisory solutions. Carl leads Newport Consulting LLC’s IT consulting division and new international Flex Specialist Center. Carl is also the CFO/Compliance Officer leading Cinionic’s finance department and global initiatives to finance new OPEX service models in the cinema industry. Prior to joining Newport Consulting LLC and Cinionic, Carl was a worked in consulting at RSM LLP specializing in IT and Finance advisory, in internal audit at General Motors, and as a revenue agent for the Internal Revenue Service. Carl holds a CISM, CISA, PMP, and a CDPSE certification.
IT risk executive with extensive experience in global corporate financial services and large government organizations. Leader of data protection and cybersecurity reviews in regulated environments, and data center and cloud hosting reviews leveraging NIST framework. Passionate leader of global teams, as direct line manager and in collaborative multi-functional teams. Led creation of GRC function in a centralized cybersecurity operation.
Transformed Internal Audit data analytics function into a leading function providing data science services, collaboration, training, and risk insights. Co-led the development of cybersecurity incident governance processes to oversee and coordinate cybersecurity and privacy incident response activities, communication strategies, and content for executives and governance boards, external stakeholders including regulators and clients.
Director Nominees 2021-2022
Anna Carlin is a CIS Instructor and Director for the FC Hornet Security Education Center at Fullerton College. She teaches Introduction to Cyber Security, Network Security, Ethical Hacking, Intrusion Detection, Incident Response, and in the Business and CIS Division, Computer Information Systems Department. Anna serves as co-Principal Investigator on a National Science Foundation grant to support workforce and curriculum development in digital forensics and incident response.
Anna Carlin holds a Master of Science in Business Administration from Cal Poly Pomona. Prior to joining Fullerton College, she was a faculty member at Cal Poly Pomona in the College of Business Administration.
Anna has over 15 years of experience in IT audit, software development, and operations management. Anna previously was 1st Vice President of the HTCIA SoCal chapter. Anna currently serves as a Director and Academic Relations Chair for ISACA Los Angeles.
Michael Bobrowicz is an IT enterprise risk management and information security specialist with over 10 year of experience in industry. During his career, he has held various roles in multiple areas, including IT risk management and compliance, IT project management, software engineering, and business continuity & disaster recovery management. He has managed 20 direct report as a IT managed services program manager, been involved in 60+ projects as a IT project manager or lead software engineer, and conducted IT Risk and Business continuity/disaster recovery assessments and exercises in the US, China, Hong Kong, and India. He is currently working as the assistant vice president of IT Risk Management and Compliance at East West Bank, specializing in monitoring, implementation, and remediation of financial regulatory controls related to IT risk and security (FFIEC/CBIRC/HKMA/NIST control framework).
Michael has been part of the ISACA Los Angeles for 5+ years, and is currently serving as the chapter secretary and programs chair.
Daniel Razmjou, MBA and MSIS, is an IT auditor with the IT Assurance practice at Hutchinson & Bloodgood LLP. With over 14 years of professional experience in finance, IT, and healthcare, Daniel concentrates on governance, risk, and compliance (GRC), and business continuity planning (BCP). He is also a computer and information systems (CIS) and management information systems (MIS) guest lecturer at California State University Los Angeles.
Patricia is currently Senior Manager/Advisor of Risk & Compliance at Southern California Edison. She is an enterprise risk management, cybersecurity, audit, and compliance leader with a track record of success in program and project implementation, strategic planning, risk management, team development, vendor management, and cross-functional collaboration. Her management strengths include leadership, strategic planning and business case development, relationship management, risk management and controls, team development, and process improvement. She has demonstrated ability to build consensus within teams. Outstanding communication, presentation, and negotiation skills; easily builds positive working relationships with associates, managers, and senior executives.
Tanya is a Senior Manager in Deloitte Advisory practice in the Los Angeles office. Tanya brings over 12 years of consulting experience to clients in the financial services industry including internal auditing, public accounting/external auditing and advisory services. She has held leadership positions on a variety of projects. Tanya’s experience ranges from managing small to large-scale engagements and includes leading and performing development of resolution plans/playbooks based on Dodd-Frank requirements, COSO 2013 readiness assessments, SOX readiness, re-design and optimization services, control design and effectiveness assessments, risk and controls governance, internal audits, internal audit risk assessments, credit risk management assessments, financial statement audits and regulatory compliance assessments.
Allstate – Chief Information Security Officer – eBusiness
Andy is a strategic business partner to the C-Suite, implementing business vision within acceptable business risk. He is an avid technologist with the understanding that cyber security risks are fundamentally a human problem. A conclusion he has drawn from successfully implementing information security programs across heavily regulated industries including banking, investments, insurance, and healthcare for the past 18 years. Andy currently serves as the CISO for the digital brands and innovation businesses at Allstate. Andy helps insurance innovators deliver their capabilities in the cloud, while managing risk within acceptable tolerances.
Previously, Andy led the Risk Solutions group at Neustar. As Director, he supported multi-million dollar anti-fraud deals involving the internet and call center consumer channels for the top 10 financial institutions in the US. As a thought leader, he has been featured on American Banker and has had published thought leadership blogs on identity and GDPR: https://www.risk.neustar/blog/authors/andy-kim
Before Neustar, Andy served as Director of Technology Risk Consulting Services at FIS (NYSE: FIS), in the Risk Information Security and Compliance business, which attained the #1 ranking in the Chartis RiskTech 100, where he was responsible for leading a team of subject matter experts that provided expert advisory and consulting services focusing on fraud, digital crime and cybersecurity to hundreds of financial services clients in the U.S. He also led the design and product marketing of CyberForce, an innovative next generation fraud and cybersecurity anomalous activity detection solution in the U.S. and EMEA markets.
Other positions include CISO of a large regional bank in Los Angeles, CISO supporting the CTO and CIO of a major US bank, CISO and HIPAA Security Officer at a pharmacy benefit management software company, Americas Security Officer of one of largest asset management firms, and Group IT Risk Officer to the third largest insurance company in the US.
Andy is highly regarded in the industry for his subject matter expertise and thought leadership and is a frequent speaker at industry conferences. He also holds multiple certifications such as CGEIT, CISA, CISSP, CISM, and the CDPSE.
Debbie Lew is Vice President, Internal Audit, Information Technology and Enterprise Shared Services for Kaiser Permanente. She provides leadership to the department to execute the right work in partnership with customers and other risk management units to add value to the organization. Prior to Kaiser Permanente, she was an Executive Director at Ernst & Young leading IT risk and compliance services for the national Health practice.
Debbie has held several volunteer leadership positions within the Information System Audit and Control Association (ISACA). She has been the chapter’s Spring Conference Chair since 1999. She was the first female member on the COBIT Steering Committee, a member of the CRISC credentialing task force developing a certification for IT risk practitioners, the Audit Committee and a Director on the global board of ISACA. Debbie is on the advisory board of California State University, Northridge (CSUN) for Accounting and Information Systems and has been an adjunct professor for both CSUN and the Nanjing University of Science and Technology. Debbie was honored to receive the President’s Award for service and leadership to the profession in 2015 and ISACA’s Outstanding Chapter Leader award in 2019. Debbie has been appointed to serve on the IIA’s Information Technology Guidance Committee 2020-2021.
Debbie is a Certified Information Systems Auditor (CISA), has the Certified Risk and Information Systems Controls (CRISC) certification and is a Certified Healthcare Internal Audit Professional (CHIAP). Debbie holds a Bachelor of Arts and is a graduate of the Executive Leadership Program at the Harvard Business School.