SUMMARY:

• Combines over 8 years of IT expertise across third party risk management, IT GRC (governance, risk & compliance) management, banking back - office operations, systems administration including IT security for Confidential 500 banks as well as community banks in the financial services sector.
• Provides superior project leadership with a record of success in eliminating systematic deficiencies, improving automation and compliance with regulatory standards, and generating significant time and cost savings.
• Exercises strong communication and a collaborative, team-focused approach with the goal of ensuring maximum efficiency in IT management and support service.
• Provided accurate and concise risk assessment analysis of third party engagements based on information security baseline questionnaires, contracts and SSAE 16 reports as well as review of third party vendors submitted artifacts as part of the bank's compliance with various regulations and standards.
• Successfully managed the IT security gap remediation process initiated from compliance assessments of third party law firm vendors by providing IT risk guidance and close collaboration leading to IT gap resolution within the accepted time frame for a Confidential 500 bank.
• Over 8 years of electronic banking administration, support, client service, back office operations processing in a leadership capacity supporting up to 8 banking branches, 79 internal employees, users, over 500 business clients and 350+ consumer clients.
• 2+ years of IT risk management in an Confidential -regulated financial services environment with responsibilities and activities that include vulnerability reports and risk assessments, daily systems risk logs and reports review (including firewall, SEIM, anti-virus, Windows Event & Network among others) maintenance and revisions of IT security program, policies, manuals and standards as well as e-discovery investigation requests and incident response.
• Over 3 years of combined experience in vendor management in a leadership role, IT support coordination as well as governance, risk, and compliance (GRC) application in an FDIC/NYS Banking/ Confidential -regulated environment across contract management, SSAE16 reviews, proposal reviews, RFP specifications, technical evaluations and recommendations.
• Advanced communication and project management skills gained through engagements with all levels of management, users, vendors and clients as part of monthly IT committee meeting, board meetings and ad hoc meetings.

PROFESSIONAL EXPERIENCE:

Confidential, Jersey City, NJ

Senior Security Engineer / Vendor Risk Analyst

Responsibilities:

• Provided remote information Security risk assessment of high risk and critical Third Party vendors including Cloud vendors utilizing Archer GRC system.
• Provided management of the vendor risk process including document collection and verification, risk finding identification, remediation and termination.
• Completed 34 Information Security risk assessments
• Showed tenacity, persistence, multitasking and excellent interpersonal skills to achieve positive results in difficult situations involving simultaneous Third Party reviews, SIG forms, SOC reports, NDAs, conference calls with all relevant parties, tepid cooperation from Third Party Managers and Third Party contacts.
• Leveraged additional tools to enable a more efficient Information Security review process including leveraging ISO audit reports, contract right to audit clauses and ISO verification.
• Identified over 8 moderate findings representing security gaps identified based on OCC, Confidential, GLBA, ISO 27002 standards and regulatory requirements.
• Provided remediation management and resolution of over 15 findings based on review and verification of Third Party provided evidence.
• Identified over 8 completed Information security reviews that were incorrectly assessed as well as provided a professional attitude of conveying messages and analysis towards failed assessments and inaccurate risk assessment questionnaires of Third Party Managers.

Confidential, Yonkers, NY

Vendor Risk Analyst

Responsibilities:

• Provided accurate and concise risk assessment analysis of third party vendors based on information security baseline questionnaires, contracts and SSAE 16 reports as well as review of third party vendors submitted artifacts as part of the bank's compliance with various regulations and standards including ISO 27001, Confidential, OCC and NIST.
• Completed 13 SSAE 16 report reviews
• Completed 13 Complementary User Entity control report reviews
• Completed 15 information Security Baseline reviews
• Tracked Third Party engagement deliverables including supporting documentation and other artifacts by communicating with vendor contacts, relationship managers and other stakeholders.

Confidential, Jersey City, NJ

Information Technology Risk Remediation Delivery Manager

Responsibilities:

• Successfully managed the IT security gap remediation process initiated from compliance assessments of third party law firm vendors by providing IT risk guidance and close collaboration leading to IT gap resolution within the accepted time frame.
• Completed 78 remediation projects as part of a successfully managed portfolio of 12 third party law firm vendors totaling 115 remediation projects and collaborated with internal IT Risk Managers (ITRM) to close outstanding remediation gaps, convert non compliance acceptances to remediation plans as well as managed meetings with ITRM.
• Provided consistent IT risk guidance and management to successfully remediate IT risk gaps of third party law firm vendors.

Confidential, Garden City Park, NY

AVP, Head of Information Technology, Electronic Banking Systems Administrator, Information Security Officer

Responsibilities:

• Independently oversaw the project while managing support from outside vendors in regards to risk assessment, IT audits, and compliance.
• Identified and addressed critical deficiencies from previous administration to achieved a successful FDIC IT Exam rating of 2.0 as Information Security Officer.
• Developed, implemented, and enforced the bank’s IT security program, as well as trained employees and Board members in IT security awareness.
• Supervised the migration to cloud-based services for document management, generating a projected annual cost savings of $25K.
• Chaired monthly IT Committee meetings with the participation of all other department heads, ad hoc meetings and as well as presentation of official IT regulatory reports, updates, projects and proposals to the monthly Board of Directors meetings.
• Successfully upgraded consumer and business online banking system to meet Confidential requirements for multi-factor authentication.
• Revised and implemented a comprehensive disaster recovery plan and testing that included multiple successful disaster recovery tests conducted on-site and off-site annually to meet the requirements of the business continuity plan.
• Managed internal and external IT audits and GLBA risk assessments.
• Installed and oversaw Conetrix Tandem Vendor Management GRC system including process workflows and regulatory exams.
• Implemented social engineering and internal and external penetration tests, and successfully remediated deficiencies.
• Eliminated 3 servers in converting from JHA's Synergy In-House document management system to Synergy Express SaaS.

Confidential, Great Neck, NY

Electronic Banking Systems Administrator

Responsibilities:

• Responsible for oversight of online banking services across 7 branches for high-volume regional bank serving business and personal banking customers.
• Heavily involved in day-to-day back office banking operations and IT support for internal help desk support for upwards of 80 employees across regional branches and the corporate office.
• Setup accounts and customized access for business banking clients, as well as implemented bill pay integration for business and consumer users.
• Managed communications among customers, branch management, and other key bank personnel to resolve customer issues.
• Implemented multi-factor authentication (MFA) for business online banking and consumer online banking platforms.
• Supported yearly Confidential compliance and internal audit reports and requirements.