New York, New York, United States
Enterprise Risk Management professional with extensive Information Technology experience in policy and procedure development, business continuity and disaster recovery (BCP/DR), identity access management (IDAM). Speaks fluent regulatory to business. Enthusiastically collaborates and communicates with every level of the organization to bring the business in line with regulatory requirements.
Federal regulator assessing compliance with US Code of Federal Regulations (CFR) in high asset banks and fintech service providers. Evaluates sufficiency of Information Technology (IT) Audit, Business Continuity, Development and Acquisition, Management, Risk Management, Data Governance and Operations controls and practices in chartered institutions. Identifies control deficiencies and violations of law. Communicates with senior bank management to implement effective remediation plans for systemic deficiencies that are appropriate to the institution’s risk profile. Reviews remediation efforts of banks to resolve findings, providing ongoing supervision to ensure continuous compliance with regulatory requirements. Manages IT examinations, assigning tasks to team members, managing priorities of examination tasks as necessary, and acting as primary liaison between institution representatives and the examination team. Communicates both adverse and favorable conclusions, providing guidance on regulations including Gramm-Leach-Bliley and the codifying codes of federal regulation. Frequently examines institutions with complex cybersecurity challenges. Mentors personnel in all supervisory lines regarding IT related technical reviews. Developed baseline examination work programs to train examiners in community banks. Successfully completed rotation in Bank Information Technology Policy assisting in the design of the BIT newsletter and in new BIT examiner training program.
Senior officer managing approximately 30 direct reports with a total reporting line of 110 serving over five-thousand members. Developed and implemented solutions while supporting 84 individual chapters throughout a five-state region. Mentored regional and local chapter officers, as well as the managing committee members. Addressed weaknesses in overall governance, reducing risk, increasing volunteer opportunity, and encouraging transparency in the organizational structure. Built relationships with other senior volunteers in eastern US regions to ensure consistent guidance throughout national organization.
Managed Information Technology/Security compliance program of multiple client government lockbox environments. Coordinated compliance activities of diverse information security departments to support the Federal Information Security Management Act (FISMA) impacted environments. Mapped common control framework to NIST 800-53 requirements. Managed multiple projects across various departments ensuring compliance with regulatory requirements including certification and accreditation processes including Privacy Impact Analysis and System Security Plan development. Ensured systems were authorized to operate (ATO) per FISMA requirements. Designed and implemented compliant processes and procedures relying upon NIST framework. Documented practices for gathering compliance evidence to allow for concise, repeatable communication with internal and external audit teams and regulatory entities. Liaised with audit teams to reduce operational impact of audits. Accurately communicated risk mitigation measures to audit teams. Achieved “outstanding” rating for Cyber Security compliance with federal agency requirements within first 18 months in position by closing prior compliance issues. Partnered to remediate all prior issues and to proactively avoid future findings. Provided solutions to reporting challenges by designing cost effective methods to create comprehensive security reports reducing review time from five days to one day monthly. Interpreted and implemented SOX, SSAE 16, HIPAA, and PCI compliant policies and procedures to comply with customer requirements. Reviewed, analyzed, and monitored risk position and compliance activities internal to the business line. Planned and communicated security program. Partnered with contract staff to prepare certification and accreditation documentation for multiple lockbox sites. Mentored and evaluated operational compliance personnel to promote security awareness, business knowledge and professionalism.
Oversee Illinois district of non-profit educational organization. Specializing in relationship building within disparate groups, facilitating communication and group cohesion. Responsible for facilitating compliance with organizational charter and bylaws, monitoring group issues. Champion and support initiatives that in-turn support the educational mission of the organization.
Project Lead on regulatory compliance and strategic initiatives, including Annual User Verification (IAM), Sarbanes-Oxley, Critical Report Monitoring, and Information Management and Retention. Decreased labor hours by 50% over a four-year period while increasing number of discrete account reviews by 75% via process improvement measures. Managed data collection and sample testing for SOX (section 404) compliance.