Ted Bell, CISA, CRISC
Senior CIP Auditor at SERC Reliability Corporation- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
Topline Score
Bio
Credentials
-
COSO Internal Control Certificate
AICPAJan, 2021- Nov, 2024 -
Certified In Risk and Information Systems Control (CRISC)
ISACAApr, 2020- Nov, 2024 -
Certified Information Systems Auditor (CISA)
ISACASep, 2017- Nov, 2024 -
Microsoft Certified Database Administrator (MCDBA)
MicrosoftApr, 2001- Nov, 2024 -
Microsoft Certified Solution Developer (MCSD)
MicrosoftMar, 2001- Nov, 2024
Experience
-
SERC Reliability Corporation
-
United States
-
Utilities
-
1 - 100 Employee
-
Senior CIP Auditor
-
Jan 2023 - Present
I am responsible for leading CIP remote and onsite audits of utilities in the SERC region as well as serving on audit teams auditing both physical and cyber security NERC CIP Standards. This includes managing the logistics of the audit, delivering presentations to senior management of SERC and the utility, as well as ensuring the audits are completed on-schedule and follow the NERC Compliance Monitoring and Enforcement program. I also serve on internal committees and regularly present on CIP and Cybersecurity topics at member facing seminars.
-
-
CIP Auditor
-
Jun 2019 - Dec 2022
Coordinate, schedule and lead audit teams in the execution of Compliance Monitoring Engagements, Organizational Certifications and Spot-Checks.* Conduct Compliance Monitoring Engagements, and other CMEP activities * Coordinate information gathering, dissemination, data retention and confidentiality related to performance of Compliance Monitoring Engagements and Spot-Checks * Act as Audit Team Leader (ATL), or a team member reporting to the ATL, during Compliance Monitoring engagements * Participate as a team member on Certifications and Investigations * Ensure audit reports are accurate, thorough, and contain sufficient information upon which to base findings* Prepare audit reports * Analyze data related to compliance including routine filings, self-certification statements, self-reports, complaints and other forms and draw logical conclusions relative to non-compliances and PNCs of reliability standards* Develop CIP compliance reports and presentations used for internal training, seminars, SERC Board Meetings and other SERC or ERO activities* Ensure compliance with Government Auditing Standards for objectivity, independence, impairment, rules of evidence and professional judgment* Develop risk based scopes for entity monitoring engagements* Participate on corporate committees and cross-functional teams
-
-
-
Southwest Power Pool
-
United States
-
Utilities
-
400 - 500 Employee
-
Senior CIP Technical Specialist
-
Jul 2018 - Jun 2019
Ensured that the SPP RTO maintained both a CIP-compliant and highly secure IT stance.Focused on CIP-005, CIP-007, and CIP-010.Evaluated and improved controls to reduce security risk.Coordinated with stakeholders and Compliance Enforcement Authority on self report mitigation.Coordinated evidence preparation and SME discussion at CIP Audits.Provided CIP-related consultation for development initiatives.Proactively ensured that stakeholders are educated on upcoming changes to CIP Requirements.Educated and mentored staff on current CIP Requirements.
-
-
Senior CIP Compliance Auditor - SPP Regional Entity
-
Nov 2016 - Jul 2018
Led and participated in multi-week audits of electric utility companies to ensure compliance with federal Critical Infrastructure Protection (CIP) standardsEvaluated utility companies’ security policies, processes, and proceduresDeveloped positive relationships with auditees and worked with them to improve their companies’ security through improving processes and implementing best practicesCommunicated with auditees on audit and compliance expectationsAnalyzed utility companies’ control processes around key process areas and then advises them with process improvement recommendationsWrote audit reports and other critical audit documentationAnalyzed utility companies’ inherent risk and creates documentation to supplement audit processesWorked with utility companies and the SPP RE enforcement team on issues of non-compliance and mitigation of those issuesPresented compliance information at industry workshops for 200+ stakeholders Analyzed utility companies firewall code and procedures using the Network Perception (NP View) applicationServed on NERC committees and worked with staff from other Regional Entities on program enhancements
-
-
Transmission Planning Analyst III
-
Aug 2011 - Oct 2016
Performed process automation: used C# and Oracle to reduce reporting processes that once took 4 hours down to 4 minutes while also adding greater report quality and adding additional reports to the process. Eliminated the need for external consultants, saving the company over $1.5M per studyDesigned system architecture: created highly efficient and cost effective architecture leveraging distributed computing and virtual machines to dramatically increase efficiencyPerformed Data Analytics: used Oracle for in-depth look at multi-million record simulationsLed Project Milestones: ensured that project milestones are met on-time with maximum qualityInterfaced with stakeholders: Cost Allocation Working Group Liaison
-
-
Sr Developer
-
Apr 2005 - Aug 2011
Developed numerous production applications and support toolsHelped mature numerous processes within the IT department, including Development Standards, Documentation Standards, and usage of dedicated Business Analysts and TestersAssumed leadership role on the Markets Team, providing training and mentoring to employeesServed as Technical Lead or Project Lead on numerous projects and initiativesDeveloped Technical Requirements and Testing DocumentationPerformed Production support both during regular work hours and after-hours
-
-
-
UAMS - University of Arkansas for Medical Sciences
-
United States
-
Hospitals and Health Care
-
700 & Above Employee
-
Sr IT Specialist
-
Apr 2004 - Apr 2005
Developed web-based Pharmacy and Operating Room inventory ProgramsLed Development teams and projectsUpdated existing programs and database routines for better HIPAA compliance Developed web-based Pharmacy and Operating Room inventory ProgramsLed Development teams and projectsUpdated existing programs and database routines for better HIPAA compliance
-
-
-
Edgewater Consulting
-
United States
-
Information Technology & Services
-
1 - 100 Employee
-
Senior Consultant
-
Apr 2000 - Apr 2004
Designed multi-tier, highly complex and highly available software solutions for national and global customersPerformed project management and was customer point of contactDeveloped data access layers, business rules modules, user interfaces, shopping carts, commerce applications for the .net framework using C#, VB.net, and ado.netDesigned and developed data structures, and performed data modeling on Oracle, SQL Server, and DB1 platformsPerformed systems integration between third-party applications and custom designed applicationsTrained and mentored developers in company standards and proceduresSupervised analysts and testers to ensure quality delivery
-
-
-
-
Sr Developer
-
May 1992 - Mar 2000
Developed web-based Banking, Sales Management and Corporate Research toolsLed Development teams and projectsDeveloped ASP, COM objects, JavaScript, VBScript, and Oracle Stored Procedures Developed Visual Basic and Oracle Forms applicationsPerformed Data Modeling Developed web-based Banking, Sales Management and Corporate Research toolsLed Development teams and projectsDeveloped ASP, COM objects, JavaScript, VBScript, and Oracle Stored Procedures Developed Visual Basic and Oracle Forms applicationsPerformed Data Modeling
-
-
Education
-
1990 - 1992
University of Arkansas at Little Rock
Master of Arts (MA), Technical and Expository Writing -
-
University of Arkansas at Little Rock
BA, English
Community
