David A. Email & Phone Number

Washington, DC, US

Atlanta, Georgia, US

• Lead security risk assessments for third-party vendors, identifying vulnerabilities and non-compliance, and evaluating vendor-provided security attestations such as SOC Reports, ISO 27001, PCI DSS to ensure adherence.
• Collaborate with cross-functional teams and Subject Matter Experts (SMEs) to evaluate risks associated with vendors' operations, information security, financial activities, and regulatory compliance.
• Leverage Exiger to conduct comprehensive OFAC screenings and adverse media evaluations on third-party vendors, identifying potential reputational risks and delivering in-depth insights to ensure senior leadership.
• Led the comprehensive audit of critical vendor risk assessments, enhancing risk prediction accuracy by 25% and refining vendor interactions.
• Implemented a NAICS-based naming convention, resulting in a 40% reduction in vendor categorization errors.
• Perform continuous monitoring and oversight of the vendor's performance to ensure they meet their contractual obligations and comply with applicable laws and regulations.

New York, New York, US

• Led a team of Third-Party Risk Analysts, focusing on the consistent provision of high-quality risk assessment services.
• Oversaw the due diligence process for onboarding and risk recertification, and conducted continual monitoring of established third-party relationships, including the administration of assessment questionnaires to.
• Partnered with internal stakeholders to negotiate and supervise vendor contracts, ensuring the organization's interests were protected and vendors adhered to our requirements and standards.
• Consolidated varied vendor questionnaires into tiered Due Diligence Questionnaires (DDQs), reducing response times by 35% and refining vendor feedback quality.
• Utilized GRC Tool to ensure secure and timely communication of assessment findings and questionnaire deployments, tracking vendor progress on remediation effectively.
• Employed the Rapid Ratings tool to assess vendors' financial health, gauge credit risks and report insights to keep stakeholders informed of potential financial risk in the vendor chain.

Basking Ridge, NJ, US

• Developed robust compliance controls, risk frameworks, and strategic programs, synchronizing with regulatory needs.
• Integrated organizational security controls with NIST 800-53 & ISO27001 frameworks, identifying and addressing potential vulnerabilities.
• Participated in incident response activities, assisted in data privacy and security initiatives, ensuring compliance with data protection laws, and collaborating with IT and security teams.
• Developed and periodically reviewed IT/Cyber policies, standards, and processes and aligning with evolving compliance and certification requirements.
• Conducted workshops, demystifying complex security and compliance concepts for varied stakeholders.
• Prepared and presented reports on compliance activities, key risk indicators, and the overall effectiveness of the GRC program to senior management and stakeholders.

Boston, MA, US

• Provided subject matter expertise on IT infrastructure technologies, covering operating systems, databases, secure network devices, and cloud systems.
• Conducted tests on IT general controls (ITGC) and application controls, ensuring alignment with both SOX compliance and System and Organization Controls (SOC) Reporting standards across all scoped entities.
• Oversaw the annual preparations for the ISO 27001 surveillance audit, ensuring readiness and compliance.
• Executed detailed process walkthroughs and mapping to identify system vulnerabilities, aiding in the reduction of internal operational failures.
• Undertook comprehensive IT audits, assessing DLP policies and evaluating the robustness of DLP tools to safeguard sensitive data.
• Managed the complete audit process from planning and thorough fieldwork to comprehensive reporting, subsequent follow-up actions and provided actionable insights to executive leadership and management.

• Performed risk assessments on all systems and applications, including those related to security, availability, reliability, and capability
• Conducted audits of the company’s information technology infrastructure for compliance with policies and procedures
• Developed audit plans based on findings from previous engagement and current business risk to determine appropriate scope of each engagement
• Resolved issues and risks pertaining to audits and recommending necessary actions to the management
• Carried out detailed walkthroughs and process mapping to identify significant risks and weakness in systems and processes and help mitigate the risk of failures from internal operations
• Participated in regulatory and compliance assessment of Mobile and Online Banking features and functionality, including transactional testing

Cybersecurity Analytics

Master Of Business Administration (M.B.A.), Mba

Bachelor'S Degree, Statistics