During her 14 year tenure as a bank examiner, Susan held numerous lead positions including Regional IT Examination Specialist, Special Assistant to the Regional Director, Special Assistant to the Director of DSC, and Special Assistant to the Vice Chairman of the FDIC. Susan was also a lead instructor for the FDIC's technology school and was instrumental in key industry initiatives such as the FDIC E-Risk Strategic Initiatives Risk Monitoring Committee, the Chicago Region Interagency Technology Group, and the Federal Financial Institutions Examination Council (FFIEC) IT Handbook rewrites.
Prior to launching her consulting practice, Susan was Vice President of Regulatory Compliance for an Internet security company where she advised staff, customers, and partners on regulation, security, and risk management.
As an auditor and consultant, Susan performs IT audit and regulatory reviews for financial institutions as well as assist institutions in preparing for and responding to a regulatory examination. Her expertise as an auditor and former examiner provides her the knowledge and expertise to assist all de novo institutions in preparing policies and procedures, and instituting controls.
Susan Orr Consulting, LLC. also provides targeted consulting and Virtual Information Security Officer services for financial institutions. These services include but are not limited to assisting the Information Security Officer as a Virtual Information Security Officer (vISO) reviewing and enhancing your IT and Information and Cyber Security Programs and assistance with implementing correcting action from regulatory Reports of Examination.
Susan also consults for numerous security providers and vendors helping them align products and services to meet institution regulatory mandates. She has over 18 years experience in the IT regulatory field and speaks regularly at risk management and security seminars and conferences and has authored numerous white papers on emerging information technology and security risk management topics.
Susan retains close relationships within the FFIEC agencies as well as industry trade groups to stay abreast on new technologies, best practices, and regulatory issues.