Debra Paschke

Experience

• 

  State of California

  Jun 2002 - Sept 2021

  •Ensures compliance with established internal control procedures by examining records, reports, operating practices, and documentation.•Verifies assets and liabilities by comparing items to documentation.•Completes audit workpapers by documenting audit tests and findings.•Appraises adequacy of internal control systems by completing audit questionnaires.•Maintains internal control systems by updating audit programs and questionnaires; recommending new policies and procedures.•Communicates audit findings by preparing a final report; discussing findings with auditees.•Complies with federal, state, and local security legal requirements by studying existing and new security legislation; enforcing adherence to requirements; advising management on needed actions.•Prepares special audit and control reports by collecting, analyzing, and summarizing operating information and trends.•Maintains professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; participating in professional societies.•Contributes to team effort by accomplishing related results as needed. Show less 1. Lead in the development and enforcement of Information Security policies, procedures and standards. Conduct and complete an annual review of required FTI regulations and reports.2. Maintain the Agency’s Security Policies. These are formal policies that detail and document actual mechanisms and controls and should include at least the following:• Administrative: Risk analysis and management, documentation management and controls, information access controls and sanctions for failure to comply.• Personnel Security: Personnel only have access to the sensitive information for which they have appropriate authority and clearance.• Physical Safeguards: Assign security responsibilities, control access to media and the controls in place against unauthorized access to workstations and related equipment.• Technical Security: Set the access and authorization controls for everyday operations as well as emergency procedures for data.• Transmission security: Set the standards for access controls, audit trails, event reporting, encryption and integrity controls.3. Maintain the Agency’s Security Procedures that include:• Evaluation and compliance with security measures.• Disaster Recovery and Emergency operating procedures.• Security Incident Response and process protocols including Incident Reporting and Sanctions.• Testing of security procedures, mechanisms and measures.4. Maintain appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted patient data and protect against reasonably anticipated threats and hazards.5. Oversee and/or assist in performing on-going security monitoring of organization information systems including:• Assess information security risk periodically.• Conduct functionality and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements.• Evaluate and recommend new information security technologies Show less

  • Retired

    Jun 2005 - Sept 2021

  • Information Security Program Auditor

    Sept 2014 - Dec 2016

  • Information Security Specialist

    Jun 2002 - Sept 2014
• 

  SMUD

  Jan 2017 - May 2021

  Sr. IT Auditor

  • performs and leads audits of operations, systems, records and control processes by developing audit risk assessments, objectives and plans. • Schedules audit projects• Review work papers and oversees report preparation• Reviews and approves scope changes• Develops solutions to problems encountered during an audit• Performs the most technical of audit activities.• Assists in the development, implementation and maintenance of SMUD audit policies, procedures and standards by assessing current audit processes• Identifies controls or measures that are operationally or economically deficient• Develops and recommends improvements; provides management with independent evaluations of management practices; communicates revisions to management; and implements modifications and improvements. Show less