| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidate Candidate's Name
IT Risk and Controls AnalystMob PHONE NUMBER AVAILABLE | Email EMAIL AVAILABLE
Summary: 8+ years of hands-on experience in the GRC domain within global banks. Proficient in SOX compliance testing, CCAR controls testing, and ITGC controls testing. Skilled in conducting RCSA reviews and Application Risk and Control Assessments. Expertise in navigating regulatory compliance requirements within the banking sector. Experienced Risk Assessment Analyst with expertise in cyber risk analysis and core risk assessment within industrial systems, specializing in CityFlo and IEC 62443 standards. Skilled in conducting risk assessments and cybersecurity architecture definition based on NIST CSF and IEC 62443 3-2, focusing on risk management for critical infrastructure. Proficient in using risk assessment tools such as Fence to ensure comprehensive threat analysis and cyber risk mitigation. Demonstrated ability to evaluate application risks and implement effective control measures. Track record of successfully managing technology risk in complex banking environments. Known for a practical and hands-on approach to risk management. Strong understanding of regulatory frameworks such as Basel III, GDPR, and PCI DSS, ensuring alignment of risk management practices with legal requirements. Experience in implementing risk mitigation strategies for emerging technologies such as cloud computing, IoT, and blockchain within banking environments. Proficiency in conducting gap analyses and remediation efforts to address deficiencies identified during risk assessments and audits. Background in embedded and industrial systems with familiarity in railway and aeronautics standards, ensuring security and regulatory compliance within complex systems. In-depth knowledge of cybersecurity frameworks including ISO 2700X, NIST, APTA, and IEC 62443, and adept at managing supplier requirements and third-party risk assessments. Skilled in communicating complex risk concepts to stakeholders at various levels of the organization, facilitating informed decision-making processes. Continuous commitment to professional development through participation in industry conferences, training programs, and certifications to stay abreast of evolving regulatory landscapes and emerging risk trends.Technical Skills:Risk Management ToolsServiceNow , GRC platforms , Fence,risk assessment and analysis toolsCompliance StandardsUnderstanding of regulatory frameworks (e.g., SOX,CCAR , GDPR, PCI DSS,IEC 62443, ISO 2700X, NIST CSF, APTA), compliance management systemsData Analysis ToolsExcel (for data analysis and reporting), data visualization tools (e.g., Tableau)Cybersecurity Domain
ConceptsAccess Management,Change Management,Technology DevelopmentTechnology Resiliency ,Data Protection and Asset ManagementAutomation
Developed data-driven assessments using the proprietary rule engine to automate risk evaluations and enhance efficiency in risk management processesDocumentation ToolsMicrosoft Office Suite (Word, Excel, PowerPoint, Visio)Education: Master's in computer science - University of Missouri-Kansas City, MO Bachelor's degree in technology - Jawaharlal Nehru Technological University, IndiaCertification: Microsoft Azure Associate certification Certified Information Systems Auditor (CISA)Professional Experience:BNSF Railway Senior Information Security Consultant Nov 2022 Present
Responsibilities: Managed various regulatory and internal compliance programs, including SOX, CCAR, and SOC1 reviews, as well as conducted application risk assessments and operational risk assessments (RCSA reviews). Evaluated both the design and operating effectiveness of control requirements, ensuring adherence to regulatory standards. Conducted comprehensive application risk assessments to identify and mitigate residual risks within applications. Conducted risk assessments based on IEC 62443 3-2 and NIST CSF standards, focusing on critical infrastructure and compliance with CityFlo project requirements. Collaborated with cross-functional teams to define cybersecurity architecture and allocate cybersecurity requirements across enterprise projects. Managed supplier requirements and conducted third-party risk analysis, ensuring compliance with security standards and risk management objectives. Executed RCSA testing and operational risk assessments across key domains such as access management, technology development, technology resiliency, and data protection. Oversaw issue management processes, from issue identification to defining action plans and recording results in firm-wide systems, ensuring timely resolution. Developed data-driven assessment solutions to automate control assessments where feasible, enhancing efficiency and accuracy. Provided training and support to analysts, ensuring a clear understanding of control requirements and troubleshooting any obstacles to meet project milestones. Leveraged Fence tool for comprehensive risk assessments and cyber risk analysis within enterprise frameworks. Applied Cybersecurity Assurance Levels to monitor and assess critical risks and ensure alignment with industry standards. Managed and supported key financial and internal applications, ensuring compliance with regulatory standards. Implemented automation strategies to develop Key Performance Indicators (KPIs) across control environments, improving monitoring and reporting capabilities. Collaborated across three lines of defense to ensure comprehensive risk management practices and regulatory compliance.Commerce Bank Senior Information Security Analyst Apr 2019 Dec 2021
Responsibilities: Conducted control assessments within SOX and CCAR Compliance programs to ensure regulatory compliance. Conducted internal audits to assess and evaluate the effectiveness of internal controls, risk management practices, and compliance with regulatory requirements. Performed design evaluation through walkthrough meetings with application owners to assess the effectiveness of controls. Executed operating effectiveness testing by selecting samples based on sampling guidance to validate control implementation. Identified key control gaps in financial applications, focusing on Access and job monitoring controls. Managed a module of applications independently as an Subject Matter Expert (SME) and senior analyst, overseeing end-to-end testing processes. Provided support to analysts to overcome obstacles and achieve target deliverables effectively. Conducted testing on hundreds of samples across IT General Controls (ITGC) of diverse financial applications. Implemented automation ideas to develop data-driven assessments, reducing manual efforts and improving result accuracy. Utilized data analytics techniques to identify trends and patterns in control testing results, facilitating targeted risk mitigation strategies. Provided subject matter expertise during internal and external audits, contributing to the successful completion of audit engagements.Deloitte Information Security Analyst June 2015 Mar 2019Responsibilities: Conducted design evaluation through walkthrough meetings with application owners to assess the effectiveness of control designs. Executed operating effectiveness testing by selecting samples based on sampling guidance to validate control performance. Identified key control gaps, documented findings, and reported them to management for remediation. Delivered daily status reports to both direct managers and client managers to ensure transparency and alignment. Proactively communicated roadblocks encountered during control evaluation, facilitating timely issue resolution by management. Focused primarily on Access control assessment, including access provisioning, de-provisioning, recertification, and privilege access management. Additionally, evaluated SDLC controls such as change management, backup, and job monitoring. Assisted in conducting risk assessments across various IT systems and processes to identify potential vulnerabilities and threats. Supported the development and implementation of risk mitigation strategies and controls to minimize the impact of identified risks. Participated in control testing activities to evaluate the effectiveness of implemented controls and ensure compliance with regulatory requirements. Contributed to the maintenance and enhancement of risk management frameworks and policies, staying abreast of industry best practices and regulatory changes. |
