Andrea S. Brown, Cisa, Cism Email & Phone Number

Charlotte, North Carolina, US

Charlotte, North Carolina, US

• Actively participate in Corporate Cyber Security (CCS) initiatives for the merger of heritage BB&T and SunTrust financial institutions to Truist.
• Work with Commercial, Corporate, Payments and Wealth (CCPW) lines of business to ensure development and alignment of sound strategies for improving the overall security of the Bank.
• Play an active role to ensure cybersecurity awareness and alignment of the business strategy with the information security strategy, acting as an enabler for the business.
• Understand, translate, and balance business requirements with cybersecurity requirements while working to ensure a move forward strategy for the business.
• Ensure the technology is in compliance with Cyber Security standards and meets the specific business goals.

Research Triangle Park, NC, US

• Responsible for data and cyber security, and IT regulatory compliance for RTI’s global research-based business units supporting 3,000+ client projects. Managed a team of eleven security and compliance staff to attain a.
• Developed and maintained business aligned Security Program encompassing all business units and 6,000 employees operating in over 100 countries.
• Provided executive and board level updates on the current state of cybersecurity.
• Utilized the NIST Risk Management Framework as the foundation for security and governance documentation.
• Partnered with business leaders to implement security-based solutions addressing IT risk while promoting business-led innovation.
• Administered corporate-wide IT policies, procedures and standards; performed internal / external IT audit and risk assessments for financial systems, HIPAA and FISMA.

Glen Allen, Virginia, US

• Managed IT audit team of rotating cross-functional systems, database and security associates to fulfill annual IT risk audit requirements from corporate, business, and external sources. Maintained and reported.
• Maintained and revised IT general computing and application audit controls and testing requirements based on COBIT framework
• Safeguarded production use and access to consumer sensitive data pursuant to Gramm-Leach-Bliley Act (GLBA )
• Complied with Bank Security Act (BSA) and USA Patriot Act regulations providing customer specific data to the Office of Foreign Assets Control (OFAC)
• Executed annual IT Sarbanes-Oxley (SOX) audit requirements: IT SOX risk assessments and attestations, IT SOX general control and application control management testing, external IT SOX audit review by KPMG
• Led annual review of application risk profiles for external SOC2 audit

Glen Allen, Virginia, US

• Managed development and production support team of 5 developers including performance and budgetary planning. Maintained IT compliance with financial and regulatory guidelines in a technology landscape spanning custom.
• Achieved consistently low impact audit findings requiring minimal IT remediation effort by performing annual SOX audit pre-management testing of IT general and application controls on financial applications.
• Maintained IT general and application controls resulting from audit, business and regulatory reviews
• Project lead for $2.25M business-wide conversion of CA Financials to Oracle Financials e-Business Suite collaborating cross-functionally with IT teams including security, database, network and hardware infrastructure.
• Developed, maintained and supported 30+ USMI financials and servicing applications, providing 24/7 coverage and incident management
• Performed associate salary planning and performance management roles

US