SUMMARY

• Lead analyst in teh investigation of third party and operational security risk assessments; developed library of control questions and answers
• Advisory support on data privacy, PCI, HIPAA and regulatory restrictions
• Delivered enterprise reporting on teh health posture of teh firm, prioritized risks, monitored remediation efforts
• Exceeded requirements on 7 integrated regulatory and FDIC audits ahead of schedule and closed wif non - material risks; Ended years of non- compliance
• Standardized risk procedures and eliminated dysfunctional processes
• Influenced open communication between opposing teams led to faster closer times on significant risk issues
• Completed complex study profiling an 18-month risk inventory led to a new strategy of managing risk
• Designed an enterprise web based training module on corporate governance
• Reduced contract thresholds resulted in $400k annual cost savings
• Consistently lowered IT capital costs by 25% and increased buying power wif vendors
• Exposed redundant spend resulted in 30% residual cost savings
• Improved SLAs wif network carriers by 80%
• Performed confidential investigations and provided evidence in a court of law
• Maximized operational efficiencies by 40% as a by-product of leading 280 risk communication forums
• Third party risk assessments
• RCSA-Risk Control Self Assessments
• IT Risk identification and reduction
• IT Auditing, HITRUST, NIST, SOX, Basel II/III, ISO/IEC 27000, SSAE16, SIG
• Vendor management
• Reengineering and process redesign
• Business modeling and execution
• Risk framework and design of key risk controls for application and infrastructure operations
• Complex analytics on data and processes
• Archer 5.5 & 5.3
• Sustainable Planner
• Security Policies, Governance, Controls

PROFESSIONAL EXPERIENCE

Confidential, Parsippany, NJ

Information Security Analyst

Responsibilities:

• Develop strategies and plans dat enforce security requirements and address identified risks.
• Develop policies and procedures for teh operation of IT Security and risk management programs.
• Create and implement security controls.
• Develop RCSA and RCVA, gap reporting, and manage risk acceptance process.
• Develop Information Security Awareness Program and Tabletop Incident Response Exercise.
• Work wif IT department managers to identify, select, and implement technical controls.
• Investigate problematic activity.
• Design and execute vulnerability assessments, penetration tests, and audits.

Confidential, Roseland, NJ

Sr. Security Risk Consultant

Responsibilities:

• Created a information security risk reporting framework.
• Investigated and prepared executive reporting and provided visibility on critical and high risk programs.
• Identified lagging security initiatives and provided visibility where there was none.

Confidential, Jersey City, NJ

Sr. Operational Risk Manager

Responsibilities:

• Conducted Risk Control Self Assessments on core infrastructure domains.
• Provided recommendations on lowering risk levels to meet business risk appetite and risk tolerance.
• Designed scope and procedures for performing RCSAs.
• Created business model on acceptable risk treatment options, acceptance protocols, and escalation procedures.
• Reviewed BAU reporting on hundreds of operational risk controls, examined evidence, and provided recommendations.

Confidential, New York, NY

Third Party Risk Analyst

Responsibilities:

• Lead analyst in teh investigation of over 200 operational and third party security risk assessments.
• Advisory support across all enterprise units on data privacy, PCI, HIPAA, and regulatory restrictions.
• Designed third party strategy and implemented operational risk management policies, mapped policy and guidance documents to NAIC, HIPAA, GLBA, FTC, FFIEC, Cobit, ISO, ISF.
• Develop Archer and automated tools to formally capture third party security risk results and reporting.
• Train business lines on understanding their risk appetite/tolerance and lowering inherent risk exposure.

Confidential

Consultant

Responsibilities:

• Provided advisory support across corporate and business unit special projects
• Established and coordinated policies, procedures, and standards.
• Escalation representative between business unit relationship managers and data management teams.
• Evaluated needs, submit recommendations and establish efficient synergies dat build inter-department communications.
• Improved communication channels by 40% by increasing visibility and synergies between all AIG companies.
• Provide multi-tier status updates on programs and budget management.

Confidential

Consultant

Responsibilities:

• Managed an IT security global network program implementation included teh upgrade of over 500 firewall devices dat included significant IT security controls.
• Aligned global resources to project deliverables, tracked and reported on risks and dependencies.
• Managed budget plans for all programs and performed regular status updates.
• Monitored teh execution of strategies and conducted spot checks for implementation readiness.

Confidential, Weehawken, NJ

Associate Director

Responsibilities:

• Managed 280 risk communication forums for COO and CIO and cross business risk forums dat led to escalation on lagging regulatory risk remediation programs, identified areas wif mission critical resource constraints.
• Re-engineered IT processes for an organization of 10,000 for maximum efficiency by standardizing procedures and eliminating dysfunctional silos dat were operating independently.
• Completed a feasibility study profiling an 18-month risk inventory on an IT group of 10,000 employees which resulted in a monthly risk dashboard dat reported teh progress of risk remediation programs.
• Met teh requirements on 6 annual integrated regulatory audits and FDIC audit by managing people and auditors on risk issues from identifying scope to remediation and reporting.
• Recalibrated 600 enterprise SOX and best practice security risk control compliance standards dat relate to SOX, Basel and ISO 27000 series to a set of 125 harmonized application and infrastructure compliance controls and implemented teh set across all LOB.
• Collaborated on strategic issues affecting onshore and offshore businesses and provided expertise to board members and businesses resulting in CIO acceptance of risk issues.
• Led an executive risk review initiative dat maximized operational efficiency by 40%.
• Managed 100+ staff in multiple technology streams and functional counterparts including user services, mainframe, distributed services and networks by evaluating strategies and designing and implementing compliance policies; monitored TEMPeffectiveness of internal controls and processes.
• Delivered quarterly enterprise reporting on teh health posture of teh firm.
• Recalibrated 1,500 enterprise risks, standardized ratings, descriptions and business lines impacted led to enforcing techniques dat prioritized risks and monitored remediation efforts.
• Developed a secure file transfer protocol ending years of audits being out of compliance.
• Drove data analysis to understand risk liabilities and exposure to emerging threats which led to quarterly performance tests on key controls.
• Performed confidential investigations and special projects.

Divisional IT Coordinator

Confidential

Responsibilities:

• Performed business modeling and presented innovative IT processes for 3,500 employees dat led to an animated web based training module on corporate governance.
• Managed and facilitated 84 monthly executive panels dat approved global IT capital expenditures up to $1B.
• Developed a formal review process on IT capital expenditures led to an understanding of unnecessary spend on residual maintenance resulting in a cost savings up to 30%.
• Designed an automated tool for teh approval of IT capital expenditures dat ended years of untamed expense duplications and non-standard technology in teh environment.
• Managed global contracts up to $400M for clients in four IT disciplines including mainframe, networks, user services and distributed services dat led to an awareness of unmanaged vendor SLAs.
• Reduced IT capital expenditure by 30% by studying teh opponents’ sales techniques and leveraging knowledge against proposals submitted.
• Bridged cultural differences and influenced open communications between opposing teams dat led to critical knowledge sharing and acceptance of accountability which led to faster closer times on significant risk issues.

Manager of Network Installations & Network Contract Negotiator f

Confidential

Responsibilities:

• Managed network circuit team on 425 branches and home office voice and data installations.
• Managed network vendor relationships in North America on MAC requests, improved SLAs by 80% and led to faster to market production jobs by eliminated delays.
• Analyzed telephony logging and usage reports led to a strategic annual savings of $400K.
• Created a capital funding review process on IT initiatives up to $15M for CTO approval and eliminated cash losses by 20%.
• Managed vendor relationships for 425 branches led to increased buying power by 25%.