SUMMARY:

• Experienced Cybersecurity Identity Access Management and Risk Consultant with solid industry expertise.
• Translates technical issues into understandable business language for end users.
• Drives end to end assessments of cyber security breaches and potential breaches.
• Demonstrated experience with CMMI, InfoSec and process design.
• Delivers products and solutions according to operating standards, ensuring timeliness and cost effectiveness.
• Strong knowledge of security standards and techniques, and proficient in achieving technology goals in alignment with corporate goals.
• Leads projects, ensuring on - time executions. Oversees project timeline .
• Proficient in protecting and preserving data confidentiality and integrity.
• Promotes availability of data for authorized and unauthorized users in access request management platform to provision and de-provision access privileges in support of increasing efficiency and reducing risk.
• Proven ability to provide security support on system architectures.
• Provides end-user support, while resolving complex issues.
• Strong communication skills, building strong internal and external relationships.

IT SYSTEMS:

Aveska, Citrix, Firoscoft, Control SA, Maximo, Tivoli, Mainframe RACF, SailPoint, Oracle Identity Access Management, Access Request Management, SharePoint, Support Central, ROCK, GIS Dashboard, Continuous Monitoring, Active Directory, Service Now, Data Loss Prevention (DLP)

SKILLS & CORE COMPETENCIES:

• Enterprise Identity Access Management (IAM)
• Cyber Security Risk Consulting
• Information Security Assessments
• Industry Best Practices & Annual Certifications
• Enterprise Business Goals
• Evaluate Information Security Risk Evaluation
• Processes & Procedures Development
• Process Improvement
• Information Security Solutions
• Info Security Policy & Governance
• Info Security Risk Framework
• Enterprise Information Security Risk Management
• Application Inventory Tool (AIT)
• Enterprise Information Security Policies
• Security Recommendations
• Training & Development
• Cyber Fraud Investigations
• Financial Services Cyber Security
• Emerging Cyber Threats & Operational Audits
• Data Loss Prevention & Risk Mitigation
• Regulatory Compliance
• Risk & Vulnerability Assessment
• Information Security & Privacy
• Quarterly to Annual Entitlements Reviews
• Security Risk Assessment & Trends Analysis
• Application & Infrastructure Security
• Report Writing & Process Documentation
• Security Controls Implementations
• Disaster Recovery
• MS Office (Word, Excel, Outlook, PowerPoint)

PROFESSIONAL EXPERIENCE:

Confidential, Charlotte, NC

LEAD BUSINESS PROCESS CYBER ASSESSMENT

Responsibilities:

• Partner closely with GIS partners to facilitate identification, escalation and appropriate management of risks.
• Complete consistent application risk assessments to identify cyber risks within key applications.
• Liaise as audit support and line of defense, with accountability for identifying emerging risks, reporting issues, and providing recommendations on corrective action in mitigating risk to business units.
• Supervise, coach and mentor a team of Assessment Analysts.
• Confirm process, people, technology and third parties, enabling critical service under assessment.
• Partnered with stakeholders and virtual task force to drive key information.
• Direct activities of analysts supporting assessments, and provide weekly update on assessments and progress.
• Leverage technical acumen, project management skills, business process knowledge and playbook experience to execute duties. Utilize attention to details to identify and mitigate risks.

Confidential, Charlotte, NC

SR. IDENTITY ACCESS MANAGEMENT & RISK CONSULTANT

Responsibilities:

• Partnered with IS Governance and Compliance Internal Audit team in ensuring all policy and standards were in compliance with IAM manual certification process.
• Tracked and reported weekly metrics, performed audit reviews, and completed special projects.
• Facilitated certification training to managers, business and technology owners regarding entitlement reviews.
• Assisted in leading SIAM and manual web-ex certification training.
• Partnered with Governance team to ensure certification meet standards, and adhered to standard operating procedures for SIAM and manual certifications.
• Maintained focus on risk and best practices for Synchrony identity management.
• Demonstrated continuous process improvements by reviewing and providing feedback to senior leaders and Governance team.
• Facilitated manual certification training for managers, business owners, technology owners, quarterly and annual certification reviews based on SOX and PCI application score.
• Collaborated with Relate in setting up Web-EX training for SIAM automation and IAM manual certification.

Confidential, Charlotte, NC

INFORMATION SECURITY ENGINEER

Responsibilities:

• Managed risk and process improvement in accordance with regulatory and audit requirements, documenting all processes, procedures and best practices.
• Guided managers, application owners, and end users in performing entitlement reviews within Aveska application.
• Monitored transferred staff HR queue and communicated internal transfers to managers and application owners.
• Built and submitted entitlement management verification to managers.
• Maintained entitlement review schedule, ensuring 21-day cycle performance adherence.
• Organized staff account removals and suspensions, and tracked and documented metrics regarding internal users.

Confidential, Charlotte, NC

SR. BUSINESS TECHNICAL ANALYST

Responsibilities:

• Supported onboarding initiatives and documented procedural requirements for Financial Crimes Technology, Center of Excellence, Global Economic Sanctions Teams, and PACRIM users.
• Developed tools to track and report metrics and project status to key stakeholders.
• Approved Line of Business ( Confidential ) user access through Group Management and Firco Continuity for UAT Testing.
• Facilitated Confidential onboarding user demo training in Enterprise Transaction Scanning (ETS) applications.

Confidential, Charlotte, NC

ASSISTANT VICE PRESIDENT | IT SECURITY SPECIALIST

Responsibilities:

• Authorized standard user access and solved complex security and access issues.
• Managed technical issues, evaluated and identified threats to security structures, and remediated audit findings and security administration issues. Assisted junior level support analyst in resolving critical and escalated issues.
• Consulted key stakeholders on security administration issues and operations processes.
• Introduced security policies to manage platform systems access, and provided on-call and disaster recovery assistance.
• Directed consolidation of applications into Global Information Security standards. Identified and mitigated gaps to bank policies on provisioning and de-provisioning. Oversaw development and governance of high risk applications.
• Assessed remediation plan within Application Inventory Tool (AIT). Analyzed and documented metrics.
• Implemented high risk application privilege access and information security data loss prevention systems.
• Executed active directory user administration, and performed periodic access reviews.
• Managed network vulnerability, and implemented secure solutions to protect customer and bank assets.

Confidential, Charlotte, NC

INVESTIGATOR, ANTI-MONEY LAUNDERING | SENIOR BUSINESS ANALYST CONSULTANT

Responsibilities:

• Identified suspicious criminal activities, and implemented compliance and risk management controls.
• Prepared suspicious activity reports and documents for Confidential, ensuring compliance with regulatory guidelines.
• Analyzed processes and planned improvement initiatives. Monitored production release status to audit guidelines.
• Implemented HIPPA, Sarbanes-Oxley, GLBA and other regulations to maintain internal controls and compliance.
• Served on the Platform Access Control (PAC) segment of the Information Security Residual Risk (ISR3) team.
• Collaborated with CIO reps and HR managers in reviewing Confidential for tech services to determine staff accessibility levels.
• Determined excessive TSO access, managed PAC processes and tool, and created metrics analysis reports.