Susan Johnson is an experienced consultant and manager who works at the intersection of business and information technology, in a variety of industries including public sector, healthcare, banking, insurance, telecoms, IT (software, consulting services), airlinesand railroads). Facilitation, skills transfer and coaching have been key elements of all her successful projects, whether the focus was risk assessment, development and implementation of privacy and security policies, business process redesign, organizational change, business and IT strategy, project management, systems development, or package evaluation and implementation. She has worked with and provided consultation services to large organizations in the UK, Canada, USA, Australia, Singapore and Hong Kong. She is comfortable at all organizational levels. She has also travelled extensively, to over 50 countries.
Susan has significant knowledge and experience in the area of information privacy and security, helping organisations to:
Address security issues within an integrated risk management framework, which considers people, business policies, processes and physical environment, as well as information technology.
Use privacy management to attract and retain customers, reduce risks and cut costs through progressive corporate policy, improved business practices and security of customer information.
Susan also believes that security is a continuing process, not a one-time effort, and must involve key stakeholders to ensure that recommended controls are actually implemented and sustainable over time. She has presented to and served as a subject matter expert on privacy and security to various business and professional groups.
Susan's secondary consulting focus is on enabling business innovation and performance improvement through effective use of information technology. This includes: developing technology strategies to support business strategic objectives; designing innovative business processes, work structures and management systems to improve operating efficiency and customer experience, while reducing costs; and assisting the organizational change process through the use of facilitated structured workshops to ensure commitment and results.
Privacy opportunity and risk assessment - Providing a snapshot of the critical risks, helping to focus compliance efforts. Considering legal/regulatory context, Generally Accepted Privacy Principles (AICPA/CICA). Identifying opportunities to attract and retain customers and cut costs through improved information management practices and customer service.
Privacy Impact Assessment (PIA) - Using a proactive and practical approach to ensure that privacy concerns and safeguards are addressed early in a project rather than ignored or added on later as an expensive afterthought. This offers significant benefits by inspiring trust and confidence of consumers / citizens in what happens to their personal information.
Strategic security analysis - Identifying critical assets, threats and vulnerabilities using a structured workshop approach. Recommending appropriate and cost-effective controls, considering the business context, legal and regulatory environment, best security practices, and organization strategy and culture. See presentation: Security Strategies to Enhance Privacy
Security training / awareness sessions for executives, managers and business users of information technology. See Internet Security & Privacy for Beginners for an example of a community awareness presentation.
Security policy development - Facilitating an inclusive process with key executives and managers to develop security policies that will be accepted and enforced.
Business and IT strategic planning, including E-business and CRM strategies.
Business process innovation, including design of work structures and management systems and effective management of change to achieve benefits from the investments in technology.
Project management and systems development, including business requirements, prototyping / iterative development, data, process and object modeling and methodologies.
Marketing and business development of consulting services.
Financial and security management and audit functions.
Workshop facilitation (IT strategy, planning, business solutions design)
Software package evaluation and implementation of financial and human resource applications
CRISC (Certified in Risk and Information Systems Control, Certificate #232115103), ISACA, 2023
CISSP (Certified Information Systems Security Professional) designation awarded by the International Information Systems Security Certification Consortium (ISC2), 2002
Certificate Programme in Internet and Technology Security, (joint program of the Justice Institute of BC / University of British Columbia), 2002
Chartered Accountant since 1977. Member of the Chartered Professional Accountants of British Columbia, Canada.
BA (Major in Accounting & Finance), Brock University, Canada, 1974
As part of a small team, conducted Privacy Impact Assessments for information technology projects for several Canadian federal government departments. These assessments include analysis of the collection and distribution of personal information, facilitating the completion of a Privacy Analysis, evaluation of privacy issues and risks, including information security risks and safeguards, associated implications, and recommendation of potential mitigation strategies.
As an Enterprise Strategy Consultant (and subject matter expert for Privacy) for Microsoft Consulting Services in the UK, worked with clients in public sector and financial services to identify security and privacy impacts and risks of information projects. Worked with colleagues in security and risk assessment groups to draft Privacy Assessment tools for use by Microsoft consultants in the UK.
Conducted a privacy risk assessment for a financial services regulatory agency, to identify risk areas in current privacy policy and practices. Subsequently drafted a 'plain English' privacy policy suitable for reading by the 1.5 million customers of the financial service providers in the province, and information access procedures and forms to implement the policy.
Worked with senior management and the board of directors of a large non-profit arts organization to review current privacy practices, draft a privacy policy in compliance with PIPEDA, and present it to the Executive Committee of their board for review and approval. The policy covered the collection of personal information from patrons, donors, sponsors and volunteers, and addressed a number of issues around forms of consent, and potential impacts to their marketing and fundraising practices.
Performed a privacy risk assessment and strategic security analysis for a professional services firm in the financial industry. The project included identifying threats and vulnerabilities, and recommending appropriate and cost-effective controls to protect client privacy and safeguard critical assets.
As the Privacy Officer, developed a privacy policy, procedures, and supporting systems for Horizons Unlimited, an e-business site serving a niche market in the travel sector. As co-founder, responsibilities include strategy, design and implementation planning, content development, newsletter, web design and usability, community building, marketing and online sales. The site is supported by a rapidly growing (over 500,000 user sessions per month) and incredibly loyal user group, and is a respected provider of specialized content (currently over 180,000 pages) to a desirable demographic segment. The privacy policy covers an active bulletin board, and information content provided by travellers using electronic forms and web logging software.
Supported the development of an information management and technology strategy for the UK healthcare regulator, facilitating structured workshops to define high level business processes and the associated information requirements. The strategic vision is supported by a number of technologies, including customer relationship management (Siebel CRM), website redesign and content management, document management and the infrastructure to support them. Assisted with program implementation and latterly assumed responsibility for business change and benefits realization.
As a Consulting Executive for a major UK outsourcing and consulting firm, assumed the role of Head of E-Business for a professional services joint venture in the financial industry. The mandate combined both management and consulting roles, and included developing an E-Business strategy, defining an E-Business consulting service offering and value proposition, and creating a professional team through recruiting and retraining, while exceeding ambitious revenue targets. A major achievement was to gain agreement by the Executive and Board to an E-Business vision and approval of investment in capability (methods, skills, partnering). The subsequent mandate focused on creating a new innovation service to nurture e-business ideas within the bank and its subsidiaries and joint venture partners.
Coached and facilitated the development of a technology strategy for the corporate banking department of a large UK bank. The assignment featured extensive use of facilitated workshops with senior business and technology managers to determine future business requirements for the organisation, establish guiding principles and the technology architecture and define the strategic technology work programme. The programme includes Internet banking, e-Commerce, customer relationship management, and the replacement of legacy product processing systems. Subsequently assisted with mobilization of the programme, including programme management structure, resourcing and benefits management.
As interim Head of Business Change for the UK healthcare regulator, responsible for the business transformation needed to achieve benefits from the IT strategy and program. Most recent responsibility was supporting organisational change needed to achieve benefits from the investment in information technology, including development of business cases and benefits realisation plans, training and internal communications.
Supported a large Australian telecommunications company in their redesign of workflow and processes in the Customer Service and Payroll departments. Facilitated workshop sessions to refine the understanding of business goals, critical success factors and priorities for process redesign, and to set ambitious targets for productivity improvements. For example, for an application supporting customer service, we reduced elapsed time for the process from 7 weeks to 48 hours by eliminating redundant activities and redesigning the process using electronic forms and workflow technology. The workshops were then used as the foundation for system architecture and for structured rapid prototyping of new information systems.
Facilitated and coached the downsizing and restructuring of the Information Technology department for a major (50,000 employees) Australian bank with international operations. Re-engineered the IT processes for greater efficiency. Developed systems to enable monitoring of projects and effective resource utilization. Designed and implemented new career and reward structures to encourage skills development and flexibility.
Responsible for the design, development and delivery of professional development seminars for management consultants for DMR Group (now Fujitsu Consulting), an international information technology consulting firm. Topics included the consulting process, business development, interpersonal skills, conflict resolution, presentation and report-writing skills, business ethics and quality management in consulting.
Conducted training in Productivity Plus (DMR Group's system delivery life cycle methodology) for both clients and DMR staff in Australia, New Zealand and Asia. Courses taught included project management techniques; definition of business requirements; data and process modeling and prototyping techniques; software package evaluation; and the roles and responsibilities of users in the development process. In addition, provided consulting assistance and workshop facilitation services to clients on systems development and implementation projects in the airline, leisure and insurance industries.
Managed the DMR Group Education Services function in Melbourne, Australia, encompassing training of DMR professional staff and clients. Responsibilities included marketing of education services, course organisation and scheduling, training trainers. Also provided coaching, facilitation and quality assurance services to clients on systems development and implementation projects in the airline and insurance industries.
As a Consulting Director and practice leader for Lotus Consulting (now IBM Global Services), built the Process Innovation practice in the Asia-Pacific region, generating consulting revenues in excess of $1 million in less than a year. Responsibilities included business development of the practice, translating client needs into business solutions, directing consulting projects, maintaining constructive account relationships, developing methodologies, recruiting and professional development of consulting staff.
For the UK healthcare regulator, following approval of an information management and technology strategy, assisted with mobilization of the multi-year implementation program, including development of the strategic business case for board approval, establishment of the program governance, recruitment of project managers and business analysts.
As a consultant to the Ministry of Finance of the Province of British Columbia, planned the implementation of Oracle financial systems (General Ledger, Accounts Payable, Purchasing, Asset Management, and Projects) for several large and decentralised provincial government departments in Canada. Working closely with the business representatives, facilitated the development of strategies and detailed plans for redesign of work processes, documentation, end-user training, acceptance testing and communications activities necessary to successfully implement Web-enabled processes using the Oracle financial systems. Developed a generic implementation guide as a template for these and other provincial departments to be used for planning their Oracle financials implementations in succeeding years.
Project director and thought leader of the Accelerated Value Method (AVM) - the system development methodology used by Lotus Consulting (now IBM Global Services). This integrated approach incorporates business process redesign, rapid application development / prototyping, enterprise-wide deployment, organizational transformation and project management in order to deliver business value rapidly using new technologies. The AVM team incorporated worldwide best practices in these disciplines and produced tools (such as checklists and questionnaires) and techniques for use by consultants and clients.
Concurrently developed and taught a series of five two-day AVM courses for Lotus Consulting, Lotus' business partners and clients in North America, Europe, Australia and Asia. The courses included Transformation Management, Process Innovation, Collaborative Development, Enterprise Deployment and Engagement Management.
Managed the development of a customer relationship management (CRM) system for the corporate banking department of a UK bank, using structured rapid prototyping techniques to deliver a system ready for worldwide implementation in less than six months. The work was done in Singapore for a worldwide user base of corporate bankers, and training took place in the UK, Hong Kong and Singapore.
Conducted a review of the effectiveness of change management processes for the system supporting payment of agent remuneration for a major Australian insurance company. The review encompassed workload distribution, tools and facilities, documentation, control mechanisms and quality assurance and testing functions within Information Systems.
As Freight Revenue Project Manager for BC Rail, managed a multi-divisional project (Finance, Marketing and Information Systems) to replace the freight invoicing and interline settlement systems in a dual vendor hardware environment. Developed the logical database design for the system using data modeling techniques. Subsequently used a prototyping approach to develop a working model of the invoicing system, including inquiry capability and automated interfaces to other systems.
Directed the development of internal DMR methodology for selection and implementation of application software packages, including package evaluation guidelines, generic functional specifications for financial and human resource applications and implementation planning aids. Conducted numerous package evaluation and implementation projects for companies in various industries, including government departments, telecoms, airlines and professional services. The approach made extensive use of workshops and coaching of client personnel.
Responsible for the requirements analysis, market survey and evaluation of a human resource information system for a Canadian airline. Assignment featured extensive coaching of client personnel through the software package evaluation process.
Directed the requirements definition and evaluation process for general ledger, accounts payable, fixed assets, capital project management and purchasing software in an IBM mainframe environment for a large Canadian telecommunications company. The assignment featured extensive use of workshops and coaching of client personnel.
Directed the requirements definition and evaluation of alternatives for replacement of all major financial systems (job costing, billing, accounts receivable, accounts payable and general ledger) for a large engineering consulting firm in a minicomputer environment.
As Financial Projects Co-ordinator, managed the requirements definition and selection of software packages for financial systems in an IBM mainframe environment for the British Columbia Government Ministry of Lands, Parks and Housing. Subsequently, directed the implementation of Walker Interactive financial software in a complex, decentralised organisation. Developed and conducted management and user training in field offices and headquarters.
As Manager of General Accounting for BC Rail, managed a staff of 25, responsible for payroll of 2,600 employees, accounts payable, billing and interline freight settlement functions functions for a $300 million transportation company. Security management responsibilities included the implementation of policy and procedures to establish and maintain effective security controls on complex mainframe billing and freight settlement systems, and implementation of all external audit recommendations. Established administrative security controls over critical assets, including separation of duties, job rotation, backups, record retention and audit trails.
As Manager of Financial Operations for the British Columbia Government Ministry of Lands, Parks & Housing, managed the Financial Services Branch (staff of 23), responsible for payroll of up to 2,000 full- and part-time employees, accounts payable and internal controls on assets and revenues. Security management responsibilities included development and implementation of security policies, procedures and administrative controls protecting key financial and payroll systems, and implementation of audit recommendations. Supervised and trained accounting staff.
As Audit Supervisor in the Office of the Auditor General, British Columbia, Canada, participated in comprehensive financial management audits of government departments and corporations. . These audits encompassed a review of the planning and budgeting processes, control of assets, revenues and expenditures, management of the financial function and internal audit, and included reviews of the security controls on critical assets, revenues and expenditures. Responsible for conducting interviews, liaison with senior executives in the client organisations, writing and presenting audit reports.
As Audit Supervisor for Joscelyn, Laughlin, Harper, Tory, Chartered Accountants (now part of Ernst & Young), planned and executed audits of organizations in a variety of industries over a 5-year period. These audits included reviews of the security controls (administrative, operations and technical aspects) in place to protect the confidentiality, integrity and availability of critical information systems and assets, and recommendations for security improvements. Supervised articling students, and provided consulting and tax planning services to small- and medium-sized clients in a variety of industries.
Canadian and UK citizenship
Written and spoken English and Spanish
Travelled around the world on a motorcycle with my husband, to over 26 countries in Europe, Africa and South America. We were written about in several publications as a result of successfully completing an odyssey that only a few hundred people in the world have accomplished. While still travelling, we published our travel stories and photos on our website, which we have now expanded to become Horizons Unlimited, the best known and most respected motorcycle travel information site on the web, attracting over 500,000 visitors a month from 140 countries.
© 2006 -
Horizons Global Consulting, All Rights Reserved.
Horizons Global Consulting is a division of Horizons Global Enterprises Limited.