- Extensive experience in technology, information security and operational risk management: identification, assessment, testing and reporting.
- Expertise in defining and initiating the establishment and oversight for governance, risk management and compliance.Certified in Risk and Information Systems Control (CRISC)
- IT Governance (NIST
- ISO standards
- Project Management and Reporting
Confidential, Jersey City,
Senior Risk Manager
- Utilize Archer’s modules as governance tool (ORM, Issue Management, Business Continuity Management, etc.).
- Assess the risk and control environment via identification of risks to the enterprise, measuring risk impact and likelihood of occurrence, recommending controls to mitigate risks, control design, execution and testing.
- Provide thought leadership as a SME and first line of defense for Information and Technology risk related matters and control issues, while ensuring effective communication between first and second line businesses.
- Ensure sound governance structures are in place to identify, mitigate/remediate and report on deficiencies/gaps so as to minimize operational risk events and losses, and security incidents.
- Enterprise Incident Management; prepare, identify, containment, recovery and post mortem documentation.
- Drive consistency and discipline into governance, risk management and compliance processes across the enterprise.
- Development of top - down and bottom up risk assessment approaches and tools (heat maps).
- Conduct risk assessments across technology disciplines; Information Security, Market Data, Trading and Order Management, Application Development, Business Continuity, Incident Management and Enterprise Data Management.
- Support the creation and communication of IT and IS risk reports and metrics in line with industry best practices within the business units to risk committees, Regulators and internal stakeholders.
- Oversee the facilitation of internal and external audit reviews, risk assessments (application, 3rd Party, BCM) and regulatory exams; ensure the enterprise operates within internal policies, standards and guidelines as well as external regulatory requirements and industry guidance.
- Approve the classification and reporting of operational risk losses, escalate significant operational risk events and deliver Root Cause Analysis reports for relevant events.
- Initiate remediation documentation to address issues in the risk and control environment.
Confidential., Rutherford, New Jersey
TEMPPrincipal Consultant, Operations and Technology Risk Management
- Technology and Operational Risk Management - Framework Development; Vendor/Third Party Oversight, Management Reporting and Presentations; Compliance to Service Level Agreements (SLAs); Program and Project Management.
- Gather, compile and prepare data for committee/senior management presentation and reporting purposes, specifically regulatory reporting on operations and technology, operational risk and audit.
- Analyze documentation, data and metrics via the audit, operational risk and regulatory data sources to identify risk, performance and quality issues and significant variances and trends.
Confidential, Livingston, New Jersey
Vice President, Information Technology Risk and Compliance
- Proactively monitor new and existing Information Technology and Operational risk and compliance activities across the enterprise. Notable success in determining the strategic direction of risk and compliance programs.
- Monitor risk and compliance activities across the global enterprise.
- Documented and monitored Risk and Control Self Assessments (RCSAs) and Key Risk Indicators (KRIs).
- Assessed the adequacy of and compliance to the enterprise’s operational and information security controls.
- Commended for creating an efficient and effective remediation process. Supervised the handling of resolutions to enterprise-wide and operational risk issues with management.
- Program lead for annual SOX review, testing, and reporting. Identify and assess IS and IT general controls.
Process governance functions
- Establish Policy and Procedures: development of new or revised documentation; working through initiation, expert consultations and agreement, revisions/version control, stakeholder socialization to final approved sign-off.
- Reviewed and updated information technology and entity level control process narratives/matrices.
- Provided guidance and oversight on technology (application and infrastructure) risks and controls.
- Introduced monthly Risk Committee across global enterprise to understand/address regulatory, internal and external risks, obtain agreement on mitigating actions/resolution dates, seek approval on risk-related priorities and plans, and initiate direct response to significant incidents.
- Reviewed operational risk incidents and loss events to ascertain operational gaps and control failures.
- Developed and published IT risk and compliance metrics for Operations & Systems to create a more consistent awareness of, and accountability for, the various risk and control functions.
- Achieved stakeholder consensus across matrixed businesses. Documented business objectives, identified solutions, estimated resourcing requirements and saw initiatives and projects executed on time and within approved budget.
- Developed and presented project performance reports including compiling and consolidating team status reports, and executive dashboard reporting.
- Overall relationship management with internal and external regulatory bodies, including the clear tracking and reporting of all regulatory obligations to senior management.
- Program managed Sarbanes Oxley compliance efforts to ensure compliance was attained.
- Managed deliverables and project plans while maintaining controls database.
Confidential, New York, New Yor
- Performed targeted financial and systems reviews over control activities for the full range of Confidential business segments and their products.
- Ensured the SOX Program Office deliverables were concluded. Recommended improvements to internal control processes, where applicable.