| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Charlotte, NCTelephone: PHONE NUMBER AVAILABLE Email: EMAIL AVAILABLESUMMARY: Well versed in business controls and internal control work engagements with over 15 years of experience focusing on targeted reviews for Financial Services Industry Clients i.e. Banks, Broker Dealer, Private Equities and Venture Capital. Assists clients in designing compliance risk programs and provides high performance improvement plans resulting from issues management. Provides high quality professional experience on a day to day while executing internal business engagements and projects. Leads project management teams to analyze and evaluate processes and controls. Analyzes business operational and financial risks and designs and or influences mitigating controls and escalate on appropriate high-risk issues to senior management. Partners with executives to achieve strategic plan initiatives for full range of engagements that supports the overall business management function.PROFESSIONAL EXPERIENCETRUIST, Charlotte, NCProgram/Technology Risk Issues Management Manager February 2023-July 2023 Provided independent risk oversight (i.e. LOD2) for Truist Technology and related consult to Truist Business Units through the effective identification, mitigation, monitoring and reporting of technology risk and other related risks (e.g., operational, compliance) within Enterprise Technology. Served as a subject matter expert and steward of the Technology Risk Framework to identify, report and mitigate technology risks. Strengthened and sustain proactive risk culture through conducting effective risk focused management and partnership routines with technology teams and internal partners. Interface with senior leaders and key partners Reviewed and challenged outcomes of first-line-of-defense risk program execution. Monitored legal, regulatory, compliance and audit matters for assigned Enterprise Technology oversight area(s) and ensures timely action. Led complex projects that have broad technology and enterprise level impact with implications and/or resource requirements beyond risk management. Provide informal leadership to others and serves as a resource on complex solutions. Worked closely with project sponsor, cross-functional teams, and assigned project managers to develop the scope, deliverables, required resources, work plan, budget, and timing for new initiatives. Managed program and project teams for optimal return on investment, and coordinate and delegate cross- project initiatives. Identified key requirements for cross-functional teams and external vendors. Developed and managed budget for projects and be accountable for delivering against established business goals/objectives Worked with other program managers to identify risks and opportunities across multiple projects within the department Analyzed, evaluated, and overcame program risks, and produce program reports for managers and stakeholders. Governance, Risk and Compliance Manager January 2023-February 2023 Created, documented, and implemented governance routines, where necessary Analyzed and developed processes and procedures Led and participated in cross-functional and/or enterprise technology risk management initiatives Created and implemented workflow tracking to better manage deliverables Applied in-depth understanding of technology governance, risk and compliance to provide thought leadership and guidance to CT&O stakeholders Responsible for CT&O regulatory exam management and issue management activities (including request tracking, coordination and drafting of responses, and issue analysis) Sorenson Communications October 2021-January 2023Lead Information Security Analyst Managed and configured enterprise GRC tool administratively. Served us a primary point of contact for Third Party Risk Management, assessment requests, vendor evaluations and remediation oversight. Tracked enterprise compliance across several security frameworks. Developed and delivered operational and executive reports / metrics to track and report on security initiatives, processes, and risks. Aided the development of security processes and procedures and managed security controls. Engaged in the development of security and privacy awareness training. Performed information security assessments, compliance gap analyses, and risk assessments. Developed written information technology and security policies and procedures. Worked directly with clients to provide advisory services and guidance that will reduce organizational risk, improve their overall security posture, and achieve compliance. Prepared reports and other deliverables that contained strategy, technical analysis, findings, and recommendations. Provided approved responses to client inquiries and maintained library of records, documentation, and responses. Ensured key security controls are identified, implemented, tested, and remediated as required. Deloitte & Touche LLP, Chicago, IL June 2021-October 2021 Lead Information Technology Audit Consultant Reviews and assesses completed internal audit work performed by banking client internal audit department for adherence with companys policies and quality assurance standards. Ensures risks associated with business and technology audits are effectively identified, measured, monitoring, controlled and there is appropriate oversight to mitigate risks to an acceptable level. Regularly provides feedback and recommendations to executive audit management on how to improve audit execution and implement industry best practices.TRUIST, Charlotte, NC June 2020- April 2021Lead Information Security Analyst-Business Application Risk Assessor Conducts business application and/or ecosystem level risk assessments for the assigned application portfolio, based on required risk-based assignment frequency. Gaps found in reviews are communicated to control/application owner and other stakeholders. Reports issues found in reviews and documented and entered into the issues management system of record. Provides security assessment results to application owners, control owners and other stakeholders to encourage resolution of gaps. Assists with the interpretation and analysis of security assessment results upon completion of each security assessment and/or as requested to assist with post-assessment questions, to assess the vulnerability and risk to the system and to the customer or other connected systems. Delivers review results to the reporting and analytics team for report generation. Monitors the application environment for defined events which trigger interim assessments. Conducts separate authentication assessments for client-facing areas as required by information security standards. Assists with review of applications especially application sunsetting/ retirement (end of life) and ensuring the application follows appropriate protocols for end of life. TIAA-CREF, Charlotte, NC August 2019-June 2020Senior Information Security Analyst (Cybersecurity IT Risk Management)Conducted regular security compliance activities to document, test the security program, including but not limited to entitlement reviews, quarterly collection of control evidence, support of client, internal and third- party audits and assessments, identification of gaps observed, and entering and tracking in system of record.Led discussions with technology partners to provide effective challenge on data protection and best encryption practices processesTrained technology partners on encryption risk management and provided guidance on industry best practices.Facilitated with the resolution of various issue managements with regards to data protection and encryption standards.Assisted in developing Information Security Plans and Policies - plan and carry out an organization's information security strategy.Performed the execution of technology, cybersecurity and information security risk assessment/testing methodologies evaluating the design adequacy of control and efficiency of internal controls; and identifying issues resulting from internal and or external compliance examinations.Developed a set of security standards and best practices for the organization and recommend security enhancements to management as needed. Develop strategies to respond to and recover from a security breach.Investigated security incidents - support incident response activities to minimize the impact in accordance with policy and standard operating procedures requirements including internal reporting, lessons learned, root cause analysis and recommendations to leadershipPrepared and documents standard operating procedures, policies and protocols as relevant to both IT and/or SecurityDeveloped technical solutions and new security solutions to help mitigate security vulnerabilities and automate repeatable tasksSupported the IT Risk Assessment program with streamlining and improving service delivery to IT Owners and to Cybersecurity overall.Evaluated the technical design and controls against risk factors, applicable standards and regulatory requirements.Performed assessments on vendors and third parties utilizing company methodology to appropriately assess controls relating to information security risk management, privacy and security policies and governance, user access controls of systems and applications and encryption controls.Performed in-depth information security related assessments on vendors utilizing shared assessment gathering methodology (SIG based questionnaires.Reviewed vendor controls and documents the assessments for risks and provides sound recommendation to address vendor control deficiencies, finding and overall issues with the vendor.Supported IT Risk assessment execution across various technologies and platforms (e.g. applications, infrastructure, projects) and information technology (IT) security principles and methods (e.g., firewall rules, network segmentation, asset management, authentication best practices, etc.Supported and assist in educating workforce on information security training and awareness campaigns, program communications, and Application Risk Assessment program metrics reportingPartnered with IT application owners to identify control gaps, and improve processes (e.g. collection & analysis methods, automation, etc.)Conducted IT risk and control mapping to ensure it ties to existing standards to relevant regulatory/compliance/ frameworks such GDPR, NIST 800-53, SOC1, SOC2, ISO 27001, ISO 27017, ISO 27018Drafted and maintain documentation as it relates to authoritative source management processes and proactively track the development, maintenance, and changes to information security policies, procedures, processes and standards as applicable.Provided global, federal and/or state information security regulatory compliance support Information Security or Technology compliance role with experience focusing on information security, preferably in the finance industryWells Fargo Corporation, Charlotte, NC March 2017- August 2019 IT Senior Lead Auditor (Supervisory Role /Auditor In-Charge)Identified and assessed key IT and data related risks and controls are within the business processes and developed effective test plans for engagements.Led very large audits in size in complexity. When leading audits, applied leadership and project management skills to identify project tasks, assigned to audit staff and ensured that projects are executed according to budgets and schedules.Demonstrated strong subject matter knowledge in critical areas of technology infrastructure, information security, and technology service processes.Adhered to policies and standards relevant to regulatory/compliance/ frameworks such GDPR, NIST 800-53, SOC1, SOC2.Participated in the evaluation of information technology policies, standards, procedures, and guidelines for multiple platforms and technology processes.Identified and assesses key risks and controls and developed effective test plans for engagements with limited guidance and documented work in accordance with professional and corporate quality standards.Developed and applied leadership and project management skills by identifying project tasks and assigned staff to audit work and ensured that projects are executed according to budgets and schedulesProvided performance feedback and coaching to less experienced auditors and coached junior staff regarding required knowledge and skillsExercised superior judgment when evaluating the business impact and significance of audit findings, identified mitigating controls and other factors and assessed whether residual risks are consistent with risk tolerance and prudent with the companys risk management effortsDemonstrated professional skepticism, presented audit results in an objective and unbiased manner, wrote audit opinions reflecting relevant facts that led to logical conclusions, escalated significant risks and loss exposures to appropriate levels of management, drafted final audit reports, and presented technical information clearly and succinctly to a wide variety of audiences.With the coordination of engagement managers, developed audit reports and recommendations to improve control processes to executive management that clearly presented audit results while considering the business contextDeveloped valuable and trusted relationships with internal business partners by executing efficient audit work and offering suggestions to enhance risk management based on an enterprise-wide view of technology risk managementBank of America Corporation, Charlotte, NC October 2014-March 2017 Vice President, Senior Auditor Supervisor (In-Charge Role) Focus Area: Global Markets, Global Wealth & Investments, Compliance, TechnologyLed the testing of Compliance Consent Order risk assessments and monitor and test coverage plans and related metrics.Led and supervised the testing and execution of trade surveillance reports for all regulatory issues i.e. Consent Order purposes.Responsible for validating Global Markets Compliance surveillances and training and coaching of teammates on the surveillances.Ensured compliance with laws and regulations and controls by examining underlying supporting evidence supplied by business or compliance.Engaged with audit senior leadership to present emerging risks around regulatory issues i.e. MRA/MRIA and/or discuss areas that audit influenced the business partners to mitigate an inherent risk.Influenced business partners to balance their business strategy with appropriate controls.Implemented audit strategy by defining audit scope, audit program & audit test procedures in area of responsibility and supervise senior and junior auditors on their assigned areas.Executed assigned audit activities and supervise audit team including coaches/train team members in the execution of the audit.Corresponded with business partners to influence in the development of remediation action plans that effectively manage and balance associated risks for both internal and regulatory compliance.Led analysis of control deficiencies as well as expansion and refinement of documentation for more complex control deficiencies to drive actionable business impact; influence management on sufficiency of correctives actions, recommends audit rating.Tested the IT data quality of input and output controls and file transfer controls utilized with specific key business elements in reporting for BASELII, Basel III FFIEC, GDPR capital RWA requirement for regulatory purposes.Supervised the remediation of global sensitive MRAs impacting Americas, LATAM, APAC, EMEA within global markets and global wealth investment.Interfaced with regulatory bodies both domestically (OCC, FRB) and internationally and participate in regulatory review as well as assist senior management during regulatory reviews.Assessed IT key risks indicators and scorecards and influence management teams in setting appropriate risk metrics.Grant Thornton, LLP McLean, VA November 2013-October 2014 Experienced Audit Associate (In-Charge Role)Tested key client internal controls to attest that controls were operatively effective for auditors to rely on client data files.Supervised, trained, and mentored associates and interns on audit processed and assessed performance of staff for engagement reviews; performed in-charge role as needed.Researched and analyzed financial statements and audit issues utilizing electronic databases, and employed audit software to review and compile financial information.Tested internal controls in accordance with ICFR or SOX-404 and other applicable policies and procedures to meet the testing objective.PricewaterhouseCoopers, LLP McLean, VA January 2013-November 2013 Experienced Audit Associate (Financial Services Industry/Private Equity)Tested key client internal controls to attest that controls were operatively effective for auditors to rely on client data files.Performed walkthroughs to gain understanding of client controls and processes.Reviewed the work of service organizations to ensure SOX compliance with SSAE16s.Performed financial statement tie-outs to validate client's financial results.Analyzed financial statements to identify key financial trends and anomalies in financial data Navigant Consulting, Washington, DC June 2012 -Dec2012 Valuation & Financial Risk Management Consultant (Independent Contractor)Developed and modified project deliverables for consent orders to ensure compliance with Comptroller of the Currency.Executed audit procedures by analyzing and deciphering loan files for proprietary mortgage lenders.Reviewed federal and state government guidance on bankruptcy laws, foreclosure and Home Affordable Modification Program (HAMP) that stemmed from the foreclosure crisis.Attested and provided assurance to national banks in the verification of lending practices, risk analysis and internal audits.KPMG LLP, McLean, VA January 2012 - April 2012International Tax Consultant (Internship)Prepared and reviewed US individual income tax returns for inbound and outbound international assignees and international assignment cost projection calculations as required.Prepared tax extension calculations for both federal and states agencies.Conducted in-depth tax research related to expatriate and foreign national employees for clients.Prepared tax returns, tax equalization calculations and other miscellaneous tax forms for expatriates.Reviewed U.S. payroll reporting, withholding for wages paid to expatriate employees for accuracy including annual compensation statements.Reviewed and analyzed billable hours appropriately and charged respective clients. Vital Voices Global Partnership, Washington, DC January 2011-May 2011 Senior Accountant (Independent Contractor)Collaborated with staff and prepared quarterly expense budget forecasts to determine adequate cash flow to meet all departmental programs according to the allocated budget.Managed and audited grant contributions internally and ensured internal compliance with controls and according standards.Managed and validated budget schedules for quarterly statement analyses.Reviewed vendor contract agreements for internal compliance and prepared files for year-end audits. PREVIOUS ACCOUNTING EXPERIENCE May 2006- December 2010 American Public Power Association Akin Gump Strauss Hauer & Feld LLP Town & Country Mortgage and FinancialEDUCATIONRobert H. Smith School of Business, University of Maryland, College Park, MD August 2011 -December 2012 Master of Science in Business, (MSB) Focus Area: Accounting and Internal Auditing, GPA 3.8 Temple University of Pennsylvania, Philadelphia, PA Bachelors in Business Administration, (BBA) Focus Area: Finance GPA 3.4 Graduated May 2006 CISA and CISSP Candidate.ADDITIONAL INFORMATION & SKILLSKnowledge of compliance requirements GDPR, NIST 800-53, other NIST 800 Series, FISMA, FedRAMP, HITRUST, PCI, DSS, SOC1, SOC2, ISO 27001, ISO 27017, ISO 27018, ISO 22301, and/or other regulatory standards applied to the finance industry.Knowledge of NIST Cyber Security Framework, PCI, GLBA, SOX, CIS Benchmarks, other regulations related to Personally Identifiable Information (PII) and regulatory compliance requirementsKnowledge of common networking services and protocols (TCP/IP, SSH, FTP, DNS, DHCP, SMTP, SSL, etc.)Knowledge of common security technologies (IDS, Firewall, SIEM, SERVICE NOW, CMDB, ARCHER, SIG(third-party risk assessment tool) etc.)Bank of America Corporation-Silver and Bronze Awards March 2015 to December 2015Bank of America Corporation- Bronze Awards June 2016, September 2016Vice President of Marketing and Membership Development for Financial Management Association 2005-2006.University of Maryland College Park, 4.0 Awards for Outstanding Academic Achievement.Microsoft Office Suite, Advanced Level, Microsoft Outlook, Adobe AcrobatAccounting Software; Great Plains, Lawson, QuickBooks, SAP, Masterpiece, and Timberline.Member of the Institute of Internal Auditors (IIA) 2011-Present.Member of Information Systems Audit and Control Association (ISACA) 2012 -Present. |
