SUMMARY:

• Senior Project/ Program Manager and Information Security/Risk Manager with Investment Banking and Risk/Regulatory, Cybersecurity, Compliance, Functional Engineering and Governance (GRC/SOC2) experience, working with Information Technology departments for large Confidential financial clients, assessing and providing strategic best practice solutions, improving data quality/security, documentation, and building consensus amongst various stakeholders.
• Transformational leader focused on driving enterprise - wide change, regulatory compliance, risk and controls with deep end-to-end IT Security experience leading global/cross functional teams to address board-level issues with c-suite sponsors.
• Program/Project Management/Analysis/ Matrix Management
• Project budgets, planning and forecasting, Definition of Scope and WBS
• Negotiation skills (Third Party Vendors/ providers, stakeholders) Slowly changing IT security Culture towards a more aware and responsive work force
• Vendor Management, Contract negotiations (SLA. SOW)
• Strong Management / Supervisory Skills for colocated resources, headcount (CS)
• Developed, train and implement new cybersecurity methodologies to increase awareness and reduce cyber risk incidents ( Mizuho, Soc Gen, S@P and Confidential )
• Functional Engeneering, Automation processes and orchestration
• Continuous Process Improvement re-engineering (BPM)
• Solutions provider and Strategic, Analytical and Proactive critical thinker
• Oversight, Risk management and compliance familiar with country specific regulations (DFS 23 NYCRR 500 - NYS Shield Act/ Confidential, DLP, SOC2 Compliance, FISMA)
• Review/Oversight systems and procedures in accordance to regulatory standards for efficiency, security and risk mitigation.
• Skilled monitoring of risk and issues ensuring adherence to the firm’s specific lines of defense (1LOD/2LOD/3LOD) + PCI/DSS Regulatory oversight ( DFS 500)
• Treasury and Payment systems implementation
• ISDA (Credit/Master Agreements /Ancillary docs rendering agreements void and Counterparty Confirmations)
• Data Governance (Sarbanes-Oxley, Basel ) and security
• Documentation, Presentations and Training Material
• Disaster Recovery /Business Continuity Management planning and oversight

SYSTEMS, TOOLS AND COMPLIANCE:

• Software development, Infrastructure, Data Governance
• JIRA, Clarity PPM, Microsoft, SharePoint, Visio, etc.
• SWITF messaging, FedWire, Chips
• SDLC, Waterfall, Agile/Scrum, ITIL, Change Management
• FFIEC/NIST compliant IT Cybersecurity & Risk Management specialist. (ISO 27001, ISO 31000) NIST Cybersecurity Framework abd DFS 500 CFR. FISMA)
• Strategic aliance with Technology Teams providing technical and development solutions in accordance to ISACA /COBIT5 or ITIL practices (BSA/KYC/AML)
• Processes, mapping and topology of interacting global systems (IT and Data Governance, ServiceNow)
• Solid understanding of Basel Capital Accord (Basel Committee on Banking Supervision (BCBS)/ MiFID (Markets in Financial Instruments Directive) and BIS Standards

PROFESSIONAL EXPERIENCE:

Confidential, New York

President

Responsibilities:

• I worked on new methodologies/Technologies to improve specific processes for the aerospace, Safety, and Physical Security industries.
• Developed new processes/methodologies for improving physical security operations
• Assessing/Auditing current risk framework and provide additional process improvement recommendations in order to properly implement new rules and increase "mission readiness"
• Vulnerability Management - setting up the framework for Standards, Policies and Operating Procedures
• On site IT Cyber-Security contracts and directed the transition of the Risk and Control functions for the Cybersecurity Target Operating Model

Confidential

Global Information Security SME

Responsibilities:

• Design and implemented Standardized Automated process for a real time Global Risk Dashboard capturing various audiences across Global Security, Technology and the Business (20 Countries and over 1 trillion in assets under management)
• Design and Implement Cyber Risk management and assessment processes and procedures.
• Enhance operation of the Information Security Risk Register
• Support the rollout and deployment of the cyber risk processes and tools, including GRC.
• Provide cyber risk management expertise in the continuous improvement of the Cyber Risk Framework

Confidential

Sr. Program Manager SM/PM

Responsibilities:

• Responsible for submitting the DFS 500 CFRR 500.23 Cybersecurity Data security regulation certification
• Implemented an Audit Trail system ( transactional and Security) able to reconstruct data and track security events ensuring adequate Lifecycle Information
• Implemented Varonis Data security platform to detect and protect sensitive data (PII)
• Manage entire IT regulatory portfolio and compliance with specific laws and international requirements (NYSDFS 500, DLP, Data Security, Encryption etc.) for 140 critical applications and systems
• Created and update physical deletion policies/procedures for hard data (disks) storage and destruction
• Implemented monitoring and control strategy in accordance with internal audit department
• Define Risk criteria and Data Classification/Endpoint Protection definitions, ownership and policies applicable across the enterprise for the 140 critical applications
• Defined project scope, goals and deliverables that support business goals
• Defined, creates and executes project plans for project, portfolio, and product prioritization and implementation using an Agile approach (i.e. Agile, Scrum, Waterfall, Iterative)
• Evaluated trade-offs between project size and complexity, cost, variance reporting and analysis, urgency, risk, and stakeholder value as well as vendor payments and invoicing
• Partnered with business sponsors to define Key Performance Indicators and High Level Requirements
• Coached /trained multiple project teams throughout project life-cycles
• Provides frequent on-site monitoring and enforcement of schedules, milestones, and vendors accountability
• Created risk mitigation strategies to anticipate, assess and resolve project risks as they were encountered
• Evaluated security technologies, purchased equipment in accordance to budgets, and operational demand;

Confidential

Vulnerabilities Remediation Process Lead

Responsibilities:

• Created Cybersecurity IT Risk Remediation It Governance protocols, Industry Standards Framework (Patch and Vulnerability Management) - Enterprise solution/ Scope of work and Target Operating Model and Policies, Processes and procedures to fulfil FRBNY MRI requirements.
• Delivered the IT Risk Technology book of work. Managed all ongoing regulatory committee Corrective Action plans. Resolved a broad base and complex issues driving enterprise-wide change, regulatory compliance, risk and controls. Deep end-to-end program management experience leading global/cross functional teams to address board-level issues with c-suite sponsors
• Re-engineered E2E centralized processes for the global vulnerability remediation program as it relates to infrastructure (servers, applications, networking) (over 20000 servers) Oversight for all offshore and on shore team of approx. 100 employees
• Provide a comprehensive firm wide PVM risk based standardized solution to the Threats and Vulnerabilities remediation program in accordance with NIST, ISO and COBIT 5.
• Comprehensive risk based PVM ready to integrate and automate Sys Config, App Config, Decommissioning, Third Party vulnerabilities remediation preparing the firm to automation.
• Design procedures to bring company to a higher level of maturity on the CFS/ NIST capability model.(level 3)

Confidential, New York

Project Manager Regulatory Oversight and Cybersecurity

Responsibilities:

• Provide Cybersecurity IT Risk assessment for Remediation and Industry Standards ( Vulnerabilities Management)
• Create & design new Vulnerability and Patch Management standard document in accordance to FFIEC, NIST and industry standards recommendations and practices.
• Developed Scope of work and Target Operating Model for the Vulnerability management and documenting the current practices and proposed new compliant procedures. (Risk acceptance criteria, new charter and signoff procedures by PVM committee)
• Identified and remediating gaps in the Vulnerability Program ( Workflow, Policies/Procedures and KPI/KRI)
• Ensured and provided guidance to reach and surpass FFIEC/CFS Baseline Maturity Levels.
• Managed Infrastructure System Hardening Standards implementation ( decommissioning, white/blacklisting, Config management)
• Incident Management process /Assess and implement new cyber coding verification methodology for in-house or vendor applications

Confidential, New York

IT Governance and Risk Analyst

Responsibilities:

• Evaluated and Remediate Infrastructure Vulnerability Finding for FRBNY examination
• Initiated product due diligence (Routers, Switches. Firewalls) discovery and Regulatory Compliance protocols and analysis including mapping FFIEC to actual tasks
• Adjusted Service Level Agreements (SLA) to operational requirements based on industry standards and contractual obligations
• Analyzed and create (KPI/KRI) (1LOD) metrics and made recommendations to Senior Management with vendor selection and SLAs to improve service outcomes or business decisions.
• Provided expertize in organizing corporate and data governance, cybersecurity and security protocols, process reengineering and improvement (ITIL/Continual Service Improvement/PDCA) based on the FFIEC/NIST/NYCRR500 specifications
• Ensured Operational Risk measures, validate Regulatory and Compliance principles for approval by organizational leaders (1LOD vs 2LOD Regulatory Risk Management)
• Updated review and implement policies and procedures to create effective Operational Risk framework and controls (KRI, Operational Risk incidents and mitigation, consolidated reporting)

Confidential

Senior PMO/PM

Responsibilities:

• Audit, monitor and report on internal/external project status by defining and documenting the business processes, compliance and quality of development across the firm
• Identified, justify, define and measure the process opportunities and benefits resulting from each Confidential implementation and issuing improvement and redesign initiative strategies
• Delivered of white papers and research on various regulatory and methodology topics (FFIEC IT/Cybersecurity/ COBIT/ITIL, BSA Success Criteria and KPIs)

Confidential, New York

Sr Project Manager

Responsibilities:

• Created and implemented a methodology/process to gather evidence for closure of specific conditional approvals. The method was reviewed and approved by the DB Global Head of Audit. Ninety-three specific conditions were closed, receiving approval from internal/external organizations such as the Managing Board, Operational Risk Committee, FRBNY, etc.
• Prepared Legal Entity Board presentations and notifications (US and LATAM) as well as other Regulatory notifications, regulatory approvals and requests for follow-up by supervisory committees
• Monitored Critical Applications’ risk assessment and mitigation (payment and treasury systems - SWIFT, ACH, Fed Wire based on BSA/AML/KYC rules) Info gathered by SIG /AUDIT methods “Standardized Information Gathering (Questionnaire)”
• Vendor Risk Management process coordination and provide assistance to Regional and global Control Functions to identify, assess, mitigate and monitor risks in regards to the vendor.
• Coordinated Working groups and perform necessary due diligence to identify risks/issues related with each departmental activity associated with several global work streams i.e. Business Continuity, Global Data Protection, Tax, Living Wills, Compliance, Global Regulatory Engagement, Cybersecurity Protocols (COBIT/ITIL, ISO27001, ISO3100, FFIEC/IT/ Basel/MiFID, ECB)

Confidential, New York

Project Manager - IT Governance and Strategy

Responsibilities:

• Managed the Central PMO Training, Development and Deployment program for the Core Banking Replacement.
• Created Training Policy document, including the strategy, mission, vision and project plans for the Business Readiness Program coordinating all activities between four major pillars
• Monitored and control end-to-end activities of regional PMO offices in Japan and US, business partners, branches and IT groups
• Coordinate activities, plans and implementation for report PM progress status, and dependencies of the US developed applications (over 27 applications)

Confidential, New Jersey

Program Manager - Internal Strategic Planning

Responsibilities:

• Research and documentation for Confidential Member Services on various topics regarding Risk, Audit and Compliance documentation
• Performed legal research and worked with a Confidential regarding governance, ethics and risk management in compliance with European financial companies
• Extensive research on Section 619 (Volcker rule) and the restrictions on activities for banking entities

Confidential, New York

Project Manager

Responsibilities:

• Developed and implement a strategic method to reorganize PMO for the Repo BoW global team in order to increase efficiency and deliver a better quality product to business partners
• Decommissioned a high cost legacy application and replaced it with a customized JIRA (value of $250K/Yearly)
• Release Management and CAB readiness coordination (Applied COBIT/ITIL/ISO27001 principles)
• Implemented new Issue Tracking software (an automated/standardized companywide tool based on Agile/JIRA/SDLC)

Confidential, New York

Lead Project Manager

Responsibilities:

• Developed Scope of Work (SoW) and budget definition for the onsite team
• Provided expertize for Global Cash Management product and establish requirements in accordance with Compliance and Regulatory supervision (AML, NACHA, ISO, BSA, OCC, SEC, AML/KYC, Encryption and Data Protection )
• Provided analysis towards a decision to go forward or cancel the initial project, based on discovered budget/profit ratios