Alichia Wicker, Mba Email and Phone Number

Responsible for developing strong relationships and maintaining consistent interaction with leadership and team members to develop a deep understanding of the business unit, risks, and projects.•Assist with defining the strategic direction of the IT Operational Risk Management (ORM) program, including aligning with the company’s strategic direction. • Partner with the first line of defense teams such as Information Risk and Resiliency (Identity and Access Management, Business Continuity, Cybersecurity, and Physical Security), Application Development, Enterprise Technology, Infrastructure, and Networking teams to drive and support ORM including identification of risks, developing remediation strategies (e.g., corrective actions), issue management, policy management, and advising where risk controls are needed.Collaborate with process owners and subject matter experts to design and implement controls, leveraging technology and data analytics to enhance risk mitigation.• Monitor the progress of remediation efforts, utilizing data-driven insights to validate the effectiveness of controls and facilitate continual improvement.• Foster the professional growth and development of a high-performing team, creating an environment that encourages collaboration, and continuous learning. • Forge relationships with IT, Audit, and Compliance, to cultivate a strong risk partnership.

Leads risk management initiatives to effectively identify, assess, mitigate, and monitor operational risk. Analyzes the IT environment to detect critical deficiencies and recommend solutions to ensure risk mitigation. · Partners with key stakeholders in the business to identify, assess, aggregate and document risks and controls, including risks associated with new or modified products, services, distribution channels, regulations, and third-party operations using advanced knowledge.· Communicates results of risk assessments to governance committees, business process owners, and various levels of leadership. · Collaborates with management to determine the adequacy and effectiveness of controls and develop action plans to remediate deficiencies and gaps identified in the internal control environment. · Identify and analyze internal controls for improvements that increase the efficiency and effectiveness of the overall control environment. · Responsible for building, developing, and maintaining effective relationships with key stakeholders in other risk disciplines such as Audit, Compliance, Information Risk & Resiliency, Legal, and IT. · Provide analytics relative to the trends of operational risks across the enterprise.· Risk champion for new products, services, and system implementation to ensure key risks are identified and implemented.

Lead auditor, define audit scopes, formulate audit plans, schedule milestones, and execute compliance, configuration, and IT tests of internal controls. Provide IT audit support for business reviews while conducting IT compliance, regulatory, and process audits. · Meet with business stakeholders to identify areas of concern regarding risk. Collaborate with IT process owners and staff to identify recommendations for improvement in process optimization, internal controls, risk, and compliance. Manage the full project life cycle for various IT audits. · Conduct risk assessments for audit areas to identify key controls and applicable frameworks. · Perform extensive data analysis to identify trends and leverage findings to provide input to strategy development efforts. · Communicate IT audit findings to IT and senior business management. Analyze and review remediation plans and test evidence to ensure correct remediation. · Develop positive relationships based on trust and excellent execution to collaborate with cross-functional personnel to envision, design, and implement process improvement initiatives. · Former Sarbanes-Oxley (SOX) Project Leader, responsible for coordinating with management and external auditors to perform SOX testing and ensured that the company was in compliance. · Identified the need for a more robust security awareness program and ensured that all employees were trained. · Introduced the need to make employees aware of spear phishing, phone-based attacks, and clean desk. · Detected the requirement for a more robust vendor security assessment program to ensure due diligence, legal compliance, and follow up to remediation and revisit.

Served as an enterprise resource for regulatory and contractual compliance initiatives. Formulated and executed IT operational, regulatory compliance, and security audits to assess business risks and determine if adequate IT controls were operating effectively to mitigate the risks. · Conducted assessments of systems associated with financial statements to ensure compliance with SOX Act. · Evaluated systems processing and the transmittal and storing of credit card data to guarantee compliance with the Payment Card Industry Data Security Standard (PCI DSS). · Assessed critical processes and controls to ensure operational compliance. · Conducted third-party assessment reviews, including analyzing vendor-supplied reports of Statement on Standards for Attestation Engagements (SSAE 16) for appropriateness, completeness, and applicability. Identified third party risks, and the business either accepted the risk or required the vendor to mitigate. Documented risks that were acceptable to the business.

For clients, developed the IT audit scope, prepared narratives, and performed initial walk-through to document process and controls, using a risk-based approach to develop and test controls, and the remediation of deficiencies. Client engagements included ING, TraceSecurity, Ricoh, and TrustNet, Inc. · Designed and executed test plans based on management action plans for the remediation of IT risk identified during the compliance assessment. Followed up critical findings weekly and retested; high impact findings were followed up monthly, and tests were performed again; medium impact issues were retested quarterly, and low findings required inquiry and inspection semi-annually. · Performed highly accurate and revealing risk assessments by creating detailed controls that mapped Federal Financial Institutions Examination Council (FFIEC), Control Objectives for Information and related Technology (COBIT) and National Institute of Standards and Technology (NIST) controls, to minimize risk and the impact of information security vulnerabilities and threats. · Served as a SOX auditor and consultant, performing full lifecycle projects. · Conducted Statement of Auditing Standards No. 70 (SAS 70) Type II audit to verify that specified controls were designed appropriately, placed in operation, and operating effectively over time.

Performed IT audits and focused on conducting risk assessments, and reviewed regulatory requirements such as SOX, FFIEC, and SAS 70 requirements. Utilized Control Objectives for Information and related Technology (COBIT), the Gramm–Leach–Bliley Act (GLBA), Committee of Sponsoring Organizations of the Treadway Commission (COSO), Information Technology Infrastructure Library (ITIL), and internal controls design and evaluation methods.

Planned and conducted complex audits of technology systems and operating procedures at all levels of the organization determined by risk severity and regulatory requirements. • Prepared access control review to reduce the risk associated with information technology applications by ensuring that appropriate controls were implemented and functioning properly. • Conducted SOX compliance testing and SAS70s reviews.• Prepared system control reviews to validate the completeness and accuracy of the security controls for IT applications and infrastructure components.

Provided Network and IT Security support for 120 bed facility with multiple technologies such as Meditech and 3M Coding Software, selected to serve as Project Manager in Active Directory conversion due to background and experience with PCs, allowing for smooth conversion resulting in zero downtime and reduce the need for using costly outside vendors and services. Created training material and conducted monthly mandatory PC and Security Awareness training for new employees.

Provided Network and Desktop support for 25,000+ employees for SunTrust Bank.