- Senior GRC practitioner with deep expertise designing framework and developing and implementing supporting platforms.
- Promotes control culture by designing, implementing, and administrating frameworks, policies, and standards using leading practices like COSO standards and CObIT.
- Has extensive experience supporting development of both business and technical requirements and has written many strategic GRC roadmaps for major corporate clients.
- Builds effective and efficient qualitative and quantitative decision support systems by leveraging a deep understanding of fundamental AI concepts and how to ensure data structure integrity.
- Has extensive experience integrating complex data structures and hierarchies by with GRC elements in alignment with leading standards like ISO 31000.
- Diverse and proven track record in team building and managing strategic global operations. An industry thought leader in GRC, operational risk, with a focus on anti - fraud initiatives, and contributor to the development of industry standards.
Senior Solution Architect
- Provide technical expertise in developing solutions to complex software engineering problems, which required frequent use of ingenuity and creativity. Provided work leadership to others. Interfaced with senior management to provide and obtain information and to build consensus regarding project direction.
- Write functional detailed design specs as well as responding to requirement documents and system level test plans
- Significant contributor to organizational goals and objectives
- Interact cross-functionally on matters that required coordination across functional/organizational lines.
- Accountable for overall product and/or served as a customer advocate, sometimes represent organization as principal customer contact
- Collaborate with other engineers and other engineering groups, voluntarily share information
- Offer proposed design changes/suggestions to processes and products, exert significant latitude in determining objectives of an assignment
- Exercise considerable latitude in determining technical objectives, without appreciable direction
- Understand and adhere to cost/delivery/quality targets established during the program design phase
- Work effectively with cross-functional and/or global teams, readily share information with others.
Senior Architect, Practice Lead
- Oversaw the execution of the control model within the context of the firm’s global compliance mandate on GRC platform
- Developed automated compliance risk control self assessment technology to support leading practices leveraging control officers;
- Provided guidance on how to strengthen control framework as well as process improvements with respect to the management of risk and compliance issues
- Provided guidance on identifying emerging issues and distilled thematic or systemic control issues affecting the global organization.
- All work product was delivered to the Board of Directors
- Implemented Incident Management, Threat & Vulnerability Management (including Qualys data feed integration), Compliance Management, Change Management, Audit Management and Policy Management solutions based on client requirements.
- Worked with ADM to model current and projected application risk profile of Customer/Entity MasterFile. Tracked the impact of control improvement implementations across five phases of the MasterFile redesign by applying and augmenting methodology developed by IT Architect. Methodology incorporated reliance on Confidential approved deployment patterns (for example CRE), migration to strategic user interface (PTS to PBS), security architecture, change controls, sufficiency of support personnel and documentation. Quantified impact of EMF teams use of spufis and job reruns to “code around” exceptions. Also identified specific issues with application portability and data integrity.
- Worked with ADM to model risk profile of Security Master File applications using methodology developed by IT Architect. Assessment included NSCC Master, Euro CCP, and DTC Master File.
- Developed legacy technology risk assessment methodology based on six technology aspects enumerated in Confidential mid-year strategy document - user interface, development language, application platform, security, database, operating platform, key person and documentation. Methodology addressed hardware, software, documentation, skill sets, and strategic alignment. Proposed quantitative expression of risk associated with technology status (legacy, current, strategic).
- Performed gap analysis between Confidential policies and COBIT control standards to develop COBIT control assessment as part of IT Risk team to drive policy review and remediation of policy gaps.
- Worked with VMO to develop view of vendor-driven risks. Delivered analysis of 110 threat scenarios to identify those driven or significantly impacted by reliance on staff augmentation and outsourcing.