SUMMARY

• A highly dedicated and motivated IT Governance, Risk and Regulatory and Compliance Management leader adept at quickly and successfully responding to changing environments and situations, consistently achieving goals within critical project deadlines and applying an eye for detail to ensure the quality and accuracy of projects.
• Specific value adding expertise in team management, IT risk and strategy, development and review of IT Risk and Control Assessments, IT Policies and Procedures, special projects, writing reports, and as well as developing findings and communicating with clients to develop action plans.
• Proven track record mentoring and training staff, identifying and assessing controls and risk, and reviewing complex business processes, while always maintaining a focus on client relationship management.
• Diverse experience in IT Risk and Controls, IT Audit, the Big 4, IT Consulting, and project management.
• Financial Services industry expert having worked at JP MorganChase, Confidential, Confidential and Consulting for the Big Four at PwC and Arthur Andersen.
• Expert in creating IT Information Security, IT SDLC/Change Management, IT Operations, IT Vendor Management, IT DRP/BCP, and IT Development and Acquisition Risk and Control Assessments.
• Expert in creating IT Enterprise Risk Management Rollup Reports and Assessments.
• Expert communicator and relationship builder including C - level decision makers.
• Leadership and people management including motivating, training and mentoring colleagues and staff while leading by example as an individual contributor.
• Expert program and project management skills for driving and managing delivery of multiple projects with emphasis on budget management, timely delivery, scope control, quality and overall customer satisfaction.
• Expert in applying FFIEC, COBIT, NIST, COSO, ISO, ISACA and PCAOB principals and best practices.
• Expert in managing, implementing, and executing end to end integrated SOC and Sarbanes Oxley assessments.
• Expert application of the IT audit lifecycle.
• SME level knowledge of IT Regulatory and Compliance and IT Risk and Control Frameworks in the Financial Services Industry.
• IT Regulatory & Compliance: experienced leader in the execution, delivery and reporting in SOC, Sarbanes Oxley, FFIEC Compliance, First and Second Line of Defense, Recertification’s, IT Audit and IT Risk Management. Also an adept manager in developing, executing and delivering IT Risk Assessments, interfacing with the Fed and internal and external audit. Relationship builder with IT teams such as Application Development, Operations and the end to end CIO organization.

CORE COMPETENCIES

• IT Risk Management
• IT Audit
• IT Risk Mitigation & Gap Identification
• IT General Controls (Application & Infrastructure)
• IT Policy and Procedure Development
• SOC 1, 2, 3
• Sarbanes Oxley
• FFIEC IT Regulatory and Compliance
• IT Risk Assessments
• First & Second Lines of Defense (FloD)
• GLBA and Red Flag
• NIST Framework
• Access Recertification and Annual Reviews
• COBIT and COSO Frameworks
• PCAOB Audit Standards
• SDLC/Change Management
• Big Data Security & Privacy
• BCP, DRP, Crisis Management
• Management and Mentoring of Staff
• Management of Global Teams
• CAAT’s
• Data Privacy and Information Security Reviews
• GDPR
• RSA Archer
• Share point
• Execution, Management, and Reporting
• Audit Planning & Budgeting
• Client Relationship Management
• End to end Program & Project Management
• Process Improvement
• ISO 27001
• Business Development

PROFESSIONAL EXPERIENCE

Confidential, New York, NY

Governance & Regulatory Compliance Team Leader

Responsibilities:

• Responsible for execution, delivery, and oversight of all IT Risk and Regulatory and Compliance deliverables and monitoring.
• Utilizing the FFIEC, NIST, Cobit, COSO and ISO Frameworks to evaluate risks and create RCSA’s.
• Development and delivery of all IT RCSA’s including Information/Cyber Security, Human Resources, IT Operations, Vendor/Third Party Management, BCP/DRP, IT Governance, SDLC/Change Management and e-banking.
• Relationship ownership and development with the CTO, IT organization CTO direct reports, as well as the CISO.
• Review of all IT related policies and procedures as well as necessary subsequent updates.
• Clearance of all RCSA’s and policy changes with the CTO and the Board of Directors.
• Testing the identified controls in each RCSA for the IT organization to ensure dat they are in place, and operating TEMPeffectively (long term IT Audit background extremely beneficial here).
• Working with IT Development Teams and Production Support to test and remediate new and existing controls following changes.
• Testing controls idenfitied in RCSA development process.
• Creating action plans and assigning accountability for IT controls gap and risk mitigation.
• Assisting in the implementation and/or delivery of action plans.
• Meeting with various Regulators to walk through RCSA’s and our First and Second Line of Defense Testing. Providing both Regularors and Internal Audit with evidence and doc.
• Creating Enterprise Risk Management Rollup Report and presenting tot he Board of Directors and the Audit Committee.

Confidential, New York, NY

Bank Officer, IT Strategic Risk and Governance

Responsibilities:

• Team Management oversight as well as all execution and delivery of all IT GRC related areas under the State Street Technology Organization.
• Responsible for all IT Regulatory Compliance initiatives including SOC, SOX, FloD from the Federal Reserve, and GLBA.
• Led internal SOC initiative for the CIO Organization including the responsiblity for obtaining, executing and submitting all responses to Ernst & Young SOC requests.
• Responsible for all direct communication and relationship management with Ernst & Young.
• Led the internal IT SOX program for AIS.
• Responsible for the execution and delivery of all SOX responses to the internal SOX Group.
• Represented AIS from an IT Strategic Risk perspective during the 2016 Federal Reserve Review.
• Management oversight of all IT audits executed by State Street Global Corporate Audit over all AIS and IFS business lines.
• Scheduled, participated and drove the agenda for all IT Audit related meetings.
• Represented the CIO from and IT Risk perspective on the Senior Management Committee responsible for the review, acceptance or pushback of all IT audit related findings/observations.
• Responsible for real time tracking and ensuring the successful implementation and completion of all IT audit action plans.
• Driving the IT Audit Management Self Identified Issues program prior to the initiation of all IT audits.
• All IT Audit related Management reporting to the AIS CIO as well as up to the State Street CIO.
• Led the internal SOC IT program for AIS.
• Responsible for maintaining all relationships and direct communication with the State Street Audit Committee, Audit Management, as well as teams executing IT audits.
• Responsible for the development of all action plans and the assigning of ownership related to all agreed upon findings.
• Worked closely with IT Management as well as Global Corporate Audit on the completion and delivery of all IT Fed requests.
• Represented AIS on the IT GRC committee.
• Responsible for the execution and delivery of the 2016 AIS IT Risk Assessment.
• IT Risk Oversight of the AIS IT Data Masking Project.
• IT Risk Oversight of the AIS AML Data Feeds Project.
• Executed Clean Desk review to ensure compliance with State Street Corporate Information Security Policy.

Confidential, New York, NY

Director of IT Risk

Responsibilities:

• Oversight of all Financial Services and Healthcare clients focused IT GRC, IT Audit, IT Consulting, IT Project Management, and IT Governance related engagements from execution through delivery.
• Development and Implementation of documented policies and procedures including Systems Development Lifecycle (UAT through Regression testing), BCP, Change Management and IT Governance structure.
• Work directly with C-level Management down through PMO’s and IT resources to assess IT Control Environments.
• Development, Execution, and Oversight of Risk and Control Self Assessments Across multiple technology and diverse business lines.
• Development and improvement of IT related controls as well as design and implementation of mitigating controls.
• Industry focuses include Financial Services, Insurance, Healthcare, Retail, Entertainment and Media.
• Responsible for generating new business based on Pyramid’s offshoring service offerings including IT Staff Augmentation and IT Offshoring Services. Dedicated IT testing Centers of Excellence located in India.
• Responsible for related, IT Governance Approach, Reporting Requirements
• Responsible for expanding Pyramid’s business to the Northeast by identifying and generating new sources of revenue
• End to End revamping of Pyramid website and responsible for content management
• Management of multiple global and domestic teams including 30 IT Consultants, Developers, Auditors and IT Contractors
• Responsible for all relationship building and networking with C-level and management level executives.
• Oversight and all engagement management including monitoring and ensuring on time, on budget, and on scope delivery.
• Development and delivery of all sales related pitches and related documentation.
• Final review of all potential candidate submissions and associated qualifications.
• Completion and Delivery of all responses to extensive Request for Proposals.

Confidential, New York, NY

Vice President

Responsibilities:

• Vice President aligned to the Development Unit of the Institutional Client Group (Institutional Equities). Responsible for end to end management of large, global FSI related application engagements, integrated business and technology teams, and on scope, on time, on budget delivery.
• Accountability and ownership of key, senior client relationships. Responsible for assessing business/technology risks as they relate to Banking Applications from an integrated IT and Business perspective. (reconciliations and tie into P&L). Develop risk based recommendations and solutions to protect information assets. Evaluate enterprise wide strategic programs against business value proposition, and issue formal final reports to internal and external management.
• Global responsibility for coverage of the Institutional Client Group Information Risk Management organization including driving all work related to IT Risk and Control Assessments.
• Global responsibility for enhancing the SDLC program of coverage to ensure value in execution and delivery.
• Specialized reviews over high risk arenas including data management, and IT Governance Risk and Compliance.
• Development of Integrated IT/Business Risk Assessments and annual plan supporting ICG and Application Data Management.

Confidential, New York, NY

Executive Director of FSI IT Business Development

Responsibilities:

• Lead the Technology Risk, outsourced IT Audit and Compliance group and its client portfolio. Business Development, Sales and Engagement Management of IT Internal Audit Assistance and all IT related Information Risk Management and Control engagements.
• Serve as contracted Director/Manager for all IT Audit, Information Risk Management, Sarbanes Oxley Compliance, IT General Controls and Information Security related engagements. Management of both eDelta and client resources. Key focus on IT Risk Management, Enterprise Risk Management Assessments, Change Management and SDLC process improvement clients within the FSI.
• Overall management responsibilities include identification of opportunities, Client Relationship Management, executing proposals in written and verbal format to C-Suite management, and ensuring on time, on budget and on-scope successful delivery. Additionally, facilitated the creation and execution of audit plans, risk and controls matrices, work papers and final reports, management and execution of Gramm-Leach-Bliley Act (GLBA) Compliance testing.
• Ensure efficient integration of IT and Business executers.

Confidential, New York, NY

Manager

Responsibilities:

• Led IT Risk/IT Audit side of integration of Lehman Brothers into Barclays which included merging of the Equities, Wealth Management, and Corporate Finance lines of business. Responsible for management of large integrated team of cross PwC resources. Also responsible for participating and managing all Senior and C-Level meetings as well as reporting of complex issues. Main objective being to aid in the final decision making process as to wat Lehman Banking Applications would be utilized vs. wat was already in place at Barclays.
• Management, execution and delivery of ERM, Change Management and SDLC focused reviews. Process Improvement and Control Optimization of global testing environments at multiple large Financial Services firms. Sarbanes Oxley 404 readiness and sustainability reviews, IT general controls and infrastructure assessments, pre and post implementation reviews, project management assurance services, and third party assurance and opinion services including SAS 70 Type 1 and 2.
• Led integrated walkthroughs with Internal Audit, Front Office, Middle Office, and Back Office Operations in order to compile end-to-end Process Narratives and Risk and Control Matrices. Monitored Alignment between PCAOB Audit Standard 5 (AS5) and the SEC's interpretive guidance to ensure proper application. Participated on an internal team to provide guidance on integration of financial statement reporting and the transition to IFRS.

Confidential, New York, NY

Senior Manager

Responsibilities:

• Directed project management, execution, sales, and oversight of technology related Internal Audit, IT Consulting, Sarbanes Oxley and Financial Services/Banking related client engagements. Process re-engineering, IT operational improvement and formalization of defect tracking/reporting processes. Oversaw application of the COBIT, COSO frameworks as well as the ISACA, IIA and PCAOB standards.
• Business Development and end to end Sales process & Management of multiple large engagement teams comprised of multi-level resources, as well as identification and pursuit of new client sales opportunities. Creation and execution of client proposals to C-level executives and led roundtables focusing on technology related topics for C level executives.

Confidential, New York, NY

Vice President

Responsibilities:

• Responsible for oversight and execution of the re-engineering of the global end-to-end testing process. Managed global testing team with complex geographic structure, including resources located in New York, London, England and Glasgow, Scotland. The process re-engineering and operational improvement included the identification of inefficiencies, understanding the root cause of these in-efficiencies, creating a road map to remediate the overall process, and implementing agreed upon solutions.
• Compilation of detailed, comprehensive reports and presentations to Business, Technology, and Operations Management/Responsible for coordination and management of the end to end global testing process including Quality Assurance (QA), Systems Integration Testing (SIT), User Acceptance Testing (UAT), and Regression Testing.
• Main functionality of PB Banking Applications was client onboarding and supporting accurate reconciliations leading to an approvable P&L.