Muema Lombe
Angel Investor, Ex-Robinhood. _____________________________ #startupfunding #riskwhisperer #aigovernance #enterpriseriskguy
United States
Invests in
Sectors:
Locations:
Min Investment:
$0.00Max Investment:
$0.00Target Investment:
$0.00
Skills
Education
Work Experience
2021
Head of Data Analytics & Systems Monitoring
2023
● Provide executive leadership to implement data analytics and systems monitoring for the Global Risk Team and foster a culture of innovation and continuous improvements. ● Provide leadership to the advanced data analytic program. ● Promote the use of advanced analytics and automation methods and techniques across the Global Risk department through delivery of proof-of-concept engagements. ● Lead the implementation of new data analytics to identify risk insights. ● Manage and oversee the advanced analytic work to ensure it is delivered accurately, timely and complete, adhering to Global Risk documentation standards. ● Provide oversight to the team responsible for analyzing complex data, identifying anomalies, and providing useable insight to cross functional stakeholders. ● Facilitate the communication of delivered data analytics results to broader audit department, individual teams, and audit stakeholders, as necessary.
Head of Technology Audit
2021
● Set governance, strategy, and project management expectations across the Tech vertical project portfolio ● Built strong relationships with key IT, engineering, and business partners, including Infrastructure and Information Security, to thoroughly understand their business and identify appropriate risk mitigations and opportunities to add value ● Drove risk assessment and dynamic audit planning and participated in enterprise risk assessment and audit planning processes ● Managed and develop a team of audit professionals to execute audits and projects, providing direction and ongoing coaching and development ● Reported to the Head of Internal Audit, Executive Leadership, and the Audit Committee on risks, portfolio of audits, and outcomes ● Brought thought leadership, leading practice frameworks, audit process improvements, and contribute to the continuous improvement of the department ● Collaborated with other Internal Audit leaders to execute IA’s strategy and coordinate cross-vertical audit projects and initiatives ● Effectively managed relationship with the internal audit co-sourcing partner(s) to ensure that we execute as one team ● Coordinated with other risk management functions (e.g., Privacy, Compliance, Information Security) to minimize duplication of effort and maximize execution ● Viewed and respected as communication leader for Internal Audit and broader Finance organization
Audit & Compliance
2021
● Developed and implemented the annual audit plan and schedules using a risk-based approach. ● Managed the audit schedule and staffing. Be responsible for all aspects of SOX 404 requirements ● Drove the overall execution of audit engagements and actively manage the quality and timeliness of completed work. ● Reviewed team members’ work papers to ensure appropriate documentation and support aligned with internal quality control standards / the Institute of Internal Auditors International Professional Practices Framework ● Led testing of the SOX internal controls framework by performing walkthroughs, identifying risks, defining and reviewing testing procedures, and identifying control gaps ● Updated and maintained SOX process documentation, including flowcharts, narratives, and risk and controls matrices ● Oversaw IT general controls ● Provided support and guidance to control owners as part of deficiency remediation efforts and as new systems are implemented or processes change ● Developed and communicated clear, concise, actionable and practical observations and recommendations for addressing control gaps and enhancing the control environment and activities ● Partnered with internal and external stakeholders (process owners and external auditors) to build strong relationships and support the coordination of SOX activities ● Supported the preparation of reporting materials to deliver to senior leadership of the Company and the Audit Committee ● Acted as a trusted advisor to management, providing insights and recommendations to enhance business processes. ● Remained abreast of industry developments and changes in regulatory requirements to ensure the internal audit function remains effective and relevant.
Technology Risk Management
2021
● Responsible for leading the Airbnb technology risk assessment program. ● Provided technical and best practice guidance on Information Technology Risk taking into account specific business platform complexities, and issues. ● Provided input into the setting of risk appetite based on platform-specific differences and specific business considerations. ● Developed and reported the quarterly enterprise cyber and technology risk profile. ● Reviewed security and control processes along with associated documentation, and reporting. ● Reviewed key technology risks (e.g. cloud controls, etc.) to develop and communicate risk themes, and solutions to the business. ● Established effective monitoring practices to ensure adherence to the technology risk management framework and policy, and assist businesses in the identification of issues. ● Advised and collaborated with technology and the business on appropriate ways to strengthen controls in non-compliant areas. ● Advise and assist first line of defense in technology risk mitigation planning activities. ● Provided ongoing technology risk management governance and direction. ● Managed, developed, and played a leadership role for the staff. ● Developed a high-performing team. ● Managed the personnel processes for employees, including selection, training, performance management, development, and retention. ● Fostered an environment where colleagues are empowered and have the opportunity to develop and grow. ● Engaged with domain leads for Technology, BizTech, Information Security, Disaster Recovery & Business Continuity, Infrastructure, Data Quality, Performance & Scalability, and Change Management & Development Practices to obtain technical domain advice as appropriate. ● Worked effectively with Airbnb’s senior executives. ● Developed and maintained key business relationships in order to provide advice and oversight on new initiatives. ● Provided regular reporting of Information Technology risk.
Interim Head of Enterprise Risk Management
2023 - 2024
● Framework Development and Implementation - Created detailed documentation for the Airbnb risk management framework to ensure consistent application across the organization. ● Key Risk Indicators (KRI’s) - Collaborated with business units to identify KRI’s and integrate them into the ERM framework. ● Risk & Control Self Assessments (RCSA’s) - Ensured that the RCSA’s are conducted consistently and comprehensively, identifying key risks and controls. ● Risk Appetite & Tolerance - Monitored adherence to established risk appetite and tolerance levels, reporting any breaches or concerns. ● Reporting & Communication - Developed high-quality, visually appealing presentations to communicate complex risk management concepts. ● Stakeholder Engagement & Collaboration - Collaborated with technical teams to incorporate data analytics into ERM frameworks, enhancing their effectiveness. ● Compliance and Regulatory Alignment - Remained abreast of changes in the regulatory landscape and adjusted frameworks as necessary to maintain compliance.
IT Sarbanes–Oxley (SOX) Leader
2021 - 2024
● Led IT SOX Function ● Managed a team of FTE’s & co-sourced resources ● Reviewed the SOX 404 financial statement mapping, risk assessment and scoping process ● Oversaw the effort to design, develop and test the Company’s internal controls over financial reporting including documentation and assessment (i.e. narratives, flowcharts, risk and control matrices) and annual testing plan ● Oversaw internal compliance audits including scoping, testing and documentation of results ● Coordinated external audit controls testing efforts, including walkthroughs, testing, audit requests and evaluation of deficiencies ● Prepared and routinely presented findings of IT SOX program, testing and results to management and the Audit Committee and track any identified control deficiencies, remediation and closure of findings ● Acted as the "go-to" person for internal controls within the organization and provide reliable and insightful resource for implementing IT SOX controls in an efficient and effective manner ● Developed and maintained close working relationships with the management teams of all major functional areas as well as external auditor, ensuring a holistic understanding of key risks and processes of the organization ● Partnered with Global Risk and Finance Leadership to design, build and execute against a people development strategy to develop, promote and empower team members – this strategy is cross-functional between technology, business and strategy teams. ● Built relationships and collaborated with Technology, Finance, Accounting Control, Operations and Internal/External Auditors to design, build and execute against a SOX program that is risk based and is delivered by leveraging tools and automation. ● Provide training and subject matter expertise to team members and business and technology practitioners on technology controls ● Led the management of SOX tool ● Kept abreast of SOX regulatory requirements to support the company remain compliant.
Writer
2024
Join followers of Startup Funding Guy - who read actionable startup fundraising advice from a Silicon Valley angel.
2024
Mentor
2024
As a dedicated student mentor, I am passionate about empowering students to reach their full potential. With years of experience in guiding academic and personal growth, I strive to provide support, encouragement, and practical advice. My approach focuses on building strong relationships, fostering a growth mindset, and helping students navigate their educational journeys with confidence. Whether it's through one-on-one mentoring or group sessions, my goal is to inspire and equip the next generation of leaders with the skills and knowledge they need to succeed.
Board of Directors
2009
Tax preparation & planning We provide personal, customized service in the preparation of your individual or business federal, state and local tax returns. Ours services include: Tax planning & consulting Individual tax returns Registered domestic partners & same-sex married couples Business tax returns Amended & late returns IRS audit representation Authorized IRS e-file provider
2021
Advisor
2021
Softeq Launches $40M Venture Fund for Early-Stage Tech Startups. The Softeq Venture Studio invests in early-stage startups to help them develop an MVP, design to scale, and secure follow-on funding.
2013
Angel Investor
2013
Startup Advisor, Mentor, Investor.
2019 - 2023
Board Member, Vice President, Development Committee Chair, Technology Committee Chair
2019 - 2023
A short walk from Ocean Avenue in Carmel, California brings you to the venerable gallery originally occupied by the Friends of Photography, established in 1967, and launched by iconic artists Ansel Adams, Cole Weston, and Wynn Bullock. Today, CPA continues to serve as a valuable asset to its members, the community, and the greater world of the photographic arts.
2019 - 2021
Senior Program Manager, Technology Risk
2019 - 2021
FinTech Partnered with the VP of Risk and CCO in the build out and expansion as the Risk department scaled from 3 to 100+ employees; as Robinhood scaled from 300 to 2,000 employees; as customers scaled from 5m to 18m; and revenue scaled from $200m to $1 billion. ● Developed, managed and led Risk and Compliance teams, programs, policies, procedures, and processes ● Provided day-to-day Compliance and Risk advice/best-practices to Business and Support Unit constituents relating to various activities, including high-risk activities, cryptocurrency risk, cybersecurity risk, third party risk management, etc. ● Developed and refined internal and external compliance and risk management tools to support expected growth. ● Collaborated with team members to evaluate and risk assess new and novel products and services. ● Developed and presented periodic risk and compliance reviews for senior leadership, noting key areas of focus and progress against established goals, emerging risks, and regulatory changes impacting Robinhood’s products, services, and markets. ● Ensured regulatory requirements were understood and complied with, within emerging growth initiatives and new products. ● Collaborated with cross-functional team professionals and strove to deliver exceptional and responsive service by providing risk and compliance management expertise in a clear, solution-oriented, and customer-focused manner. ● Identified, managed and monitored key risks, including risks associated with cryptocurrency, cybersecurity, regulatory compliance, etc. ● Cultivated relationships and maintained regular interactions with internal teams (Legal, Information Security, Physical Security, Engineering, HR, etc). ● Maintained current awareness of regulatory developments. ● Hired, managed, and trained compliance staff. ● Escalated timely and actionable information to key stakeholders.
IPO Readiness Assessment
2020 - 2021
● Assessed the current state of Robinhood IPO operational and technology readiness against policies, processes, people, reporting, methodologies, and systems and data benchmarks ● Identified the readiness of core public company requirements with respect to risk, compliance, internal controls, cybersecurity, and business continuity ● Assessed the urgency of solutions needed to close identified gaps based on an analysis of costs and benefits along with the required timeline ● Developed work plans, timeline and resource requirements to implement the appropriate solutions
FINRA Cybersecurity Gap Assessment
2020 - 2021
Led cybersecurity evaluation vs FINRA requirements. Evaluated the following dimensions: ● Section 1 - Identify and Assess Risks: Inventory ● Section 2 - Identify and Assess Risks: Minimize Use ● Section 3 - Identify and Assess Risks: Third Party Access ● Section 4 - Protect: Information Assets ● Section 5 - Protect: Systems Assets ● Section 6 - Protect: Encryption ● Section 7 - Protect: Employee Devices ● Section 8 - Protect: Controls and Staff Training ● Section 9 - Detect: Penetration Testing ● Section 10 - Detect: Intrusion ● Section 11 - Response Plan ● Section 12 - Recovery Evaluated and made recommendations to enhance cybersecurity policies, standards and procedures. * FINRA evaluates firms’ approaches to cybersecurity risk management through reviews of their controls in areas including: technology governance, risk assessment, technical controls, access management, incident response, vendor management, data loss prevention, system change management, branch controls and staff training. Through these reviews, FINRA also assesses a firm’s ability to protect the confidentiality, integrity, and availability of sensitive customer information.
Privacy Program Review
2020 - 2021
Led and managed an assessment of Robinhood’s Privacy Program. ● Drove and supported privacy programs that met global legal requirements ● Led, coordinated and managed internal assessment of Robinhood’s privacy program and processes ● Collaborated with business owners to prioritize projects and solutions to reduce privacy risk and improve compliance ● Reviewed new product features and designs and provided guidance on requirements impacting Robinhood’s privacy compliance framework. ● Validated operating effectiveness of privacy policies and controls ● Performed risk assessments relating to the privacy program, working with the team to implement mitigation strategies ● Worked with important privacy partners (e.g. Legal) on key privacy strategies for Robinhood
Regulatory Compliance PMO
2020 - 2021
● Built a Regulatory Compliance PMO function (Project Execution Team), understanding the needs of the business to provide support on key strategic investments ● Collaborated with Hoodies across the company to understand company initiatives and build a plan to support it ● Drove the project prioritization based on business needs and resource availability Identified areas of risk to the project scope or timeline, and escalating to leadership in a timely manner ● Dove deep where needed to resolve blocking issues during project execution, testing, launch and cutover ● Communicated the overall program roadmap and periodic status updates to executive stakeholder body, including Stripe businesses, Finance, and related technical teams ● Defined and implement metrics to measure and communicate success ● Hired and managed a team of 3 FTE's ● Maintained Compliance Action Tracker
Books & Records Gap Assessment
2020 - 2020
● Assessed the current state of Robinhood Books and Records against FINRA policies, processes, people, reporting, methodologies, and systems and data benchmarks ● Identified the readiness of core FINRA books and records requirements ● Assessed the urgency of solutions needed to close identified gaps based on an analysis of costs and benefits along with the required timeline ● Developed work plans, timeline and resource requirements to implement the appropriate solutions * Exchange Act Rules 17a-3 and 17a-4, as well as FINRA Rule 3110(b)(4) (Review of Correspondence and Internal Communications) and FINRA Rule Series 4510 (Books and Records Requirements) (collectively, Books and Records Rules) require a firm to, among other things, create and preserve, in an easily accessible place, originals of all communications received and sent relating to its “business as such.” Such records must be immediately produced or reproduced and may be maintained and preserved for the required time on electronic storage media (ESM) subject to the conditions set forth in Exchange Act Rule 17a-4(f)(2) (ESM Standards), including “non-rewriteable and non-erasable format.” Firms must also provide notification to FINRA as required by Exchange Act Rule 17a-4(f)(2)(i), including a representation that the selected storage media meets the conditions of Exchange Act Rule 17a-4(f)(2) and a third-party attestation as set forth in Exchange Act Rule 17a-4(f)(3)(vii) (collectively, ESM Notification Requirements).
FINRA Written Supervisory Procedures - Program Management
2020 - 2020
Led program management of broker/dealer Written Supervisory Procedures aligned with FINRA guidelines. ● Evaluated current state - existing systems, policies, processes and procedures ● Conducted gap analysis - existing rules and guidance vs current processes and procedures ● Developed revised WSP’s and gained stakeholder buy-in ● Promulgated, trained and conducted ongoing evaluation and fine-tuning Three FINRA rules form a regulatory scheme addressing the supervision of firms and their associated persons. These include: ● FINRA Rule 3110 requires a firm to establish and maintain a system to supervise the activities of its associated persons that is reasonably designed to achieve compliance with the applicable securities laws and regulations and FINRA rules. ● FINRA Rule 3120 requires a firm to have a system of supervisory control policies and procedures (SCPs) that tests and verifies a firm's supervisory procedures. ● FINRA Rule 3130 requires a firm to designate and identify to FINRA on Schedule A of Form BD one or more principals to serve as a chief compliance officer (CCO). The rule also requires the firm's chief executive officer(s) (CEO(s)) to certify annually that the firm has in place processes to establish, maintain, review, test and modify policies and procedures reasonably designed to achieve compliance with applicable securities laws and regulations and FINRA rules.
BEX Employee Resource Group - Founding Member
2020 - 2020
Founding member of Robinhood’s BEX Employee Resource Group (ERG). ● Led and implemented the BEX ERG guest speaker series. This included the development of project plans, deliverables, and timelines for execution. This spanned from idea generation to day-to-day hands-on execution of this project ● Supported and provided critical insights to drive the DEI communications strategy in collaboration with HR and the Communications teams and consistently report and highlight DEI initiatives (intranet sites, corporate website, emails, etc.) ● Served as an employee resource group subject matter specialist; supported group initiatives, assisted with planning and group guidelines; developed & monitored metrics ● Represented the company in meetings with internal and external partners, where appropriate ● Continually reviewed current and future diversity, equity, and inclusion trends, progress and goals, identifying strengths, gaps, key drivers, ideas and opportunities for continuous improvement ● Partnered with the People Team stakeholder groups (including talent acquisition, learning and development, communications, and business partners) to develop programs that attract and retain and support actions and for a fair and equitable professional work environment for all Hoodies ● Coordinated and drove global Diversity, Equity and Inclusion (DEI) initiatives directly and through HR team members & business leaders from assessing need, conceptualization, vendor or resource sourcing/ management, implementation, marketing & evaluation
SOC 1: Clearing, Settlement & Custody
2019 - 2020
Led and implemented Robinhood’s first SOC 1 assessment over the Clearing, Settlement & Custody functions. Managed a team of 5 resources. ● Facilitated Clearing, Settlement & Custody internal control examinations in accordance with Service Organization Control (SOC) 1 reports and conducted in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16. ● Led status meetings and liaise with cross functional teams and business unit management to achieve project milestones. ● Reviewed reports and approved changes. ● Managed Robinhood’s SOC 1 audits’ preparatory processes and oversaw the activities, which included managing a body of testing pertaining to the company’s internal controls over internal controls and IT controls. ● Provided leadership and coaching to all of Robinhood’s departments, in addition to ensuring the quality and timely execution of testing that will be relied upon by management. ● Oversaw all audit activities relating to SOC 1 audits ensuring work and deliverables in accordance with agreed upon timeframes and departmental procedures, standards, and protocols. ● Partnered cross-functionally and inter-departmentally to understand the process from an end-to-end perspective and appropriately and effectively communicates with these partners to understand the status for the corporation as a whole. ● Provided technical expertise to direct reports, department, and internal partners, and includes assessing training needs and providing training for the department ● Ensured frequent communication of test and/or audit results and analysis on a timely basis to the appropriate stakeholders and senior management within the audit department. ● Conducted the performance management process for direct reports. ● Determined staffing needs and ensured resources were available to accomplish priorities.
Enterprise Risk Foundation & Development
2019 - 2019
Partnered with the VP of Risk on Enterprise Risk Team foundation and the initial the bottom-up risk assessment ● Supported the development, maintenance, and implementation of Robinhood’s Enterprise Risk function including Policy, Risk Appetite Framework, Enterprise Risk Management Framework and bespoke Risk Management Frameworks ● Performed assessments of Robinhood’s Enterprise Risk Management capability through self-assessments that are kept up to date with industry best practices and regulatory expectations ● Worked directly with various business/functional teams to identify, assess, treat and report risks that may materially impact Robinhood and worked cross-functionally to develop and enhance risk mitigation plans ● Documented company-wide and entity-specific risk appetite statements and tolerances ● Created a risk response program for key risks; evaluate and consult on key risk mitigation strategies ● Applied the risk management methodology to new products, change initiatives, and business developments ● Collaborated to address regulatory inquiries regarding company risks and ERM ● Partnered with the People Team (HR) for recruiting, interviewing and staffing the Enterprise Risk Function
Internal Audit Foundation & Development
2019 - 2019
First hire on the risk team reporting to the VP of Risk ● Developed internal audit mission, vision, charter, documentation templates and hiring plan ● Partnered with the People Team (HR) for recruiting, interviewing and staffing the Internal Audit Function ● Managed co-sourcing partner Protiviti in the execution of the IT General Controls gap assessment and Business Process narrative and flowchart creation ● Monitored & assisted the company with risk management ● Led documentation and development of the company’s internal control framework ● Monitored & tested the company’s operational processes for compliance ● Communicated the role of internal audit to the organization ● Assessed the organization’s risk maturity
2020 - 2020
Judge
2020 - 2020
Judge @ Launch Accelerator 19 The LAUNCH Accelerator selects 7 startups for each cohort. Over 14 weeks, the founders meet 200+ investors and take an immersive growth program. For a year, founders have monthly check-ins with Jason Calacanis and the LAUNCH Team. The LAUNCH team selects founders who execute at a high level in markets that are important. We look for world-class product design, traction, revenue, and technical execution. Said simply, people with skills and products that people love.
2020 - 2020
Mentor
2020 - 2020
Google for Startups has officially launched the Atlanta Founders Academy, inspired by the first Google for Startups pop-up in the U.S. The Academy is an 8-month program for 40 Georgia-based startups that have revenue and/or user traction. Demo Day Mentor.