• Conducted Compliance Testing projects and added value to the department by independently identifying moderate and high-risk issues and working with the business to create and validate action plans to remediate regulatory risk. • Performed risk assessments to evaluate compliance against regulatory requirements. As part of a cyber and information systems risk assessment, mapped over 500 regulatory requirements to technology risk controls.• Developed a Privacy Testing program and performed testing on high-risk areas as determined by regulatory requirements and requested by the Chief Privacy Officer.• Managed a process to review and vet new initiatives on behalf of the Compliance department in order to provide risk ratings and rationalizations.• Partnered with Legal and the Information Technology to advise responsible personnel whether Regulation Systems Compliance and Integrity (SCI) issues were out of Compliance with the Securities and Exchange Act.• Led projects requiring review of work product and coaching of new staff to learn the skills needed to perform testing reviews. • Researched and conducted a one-hour training session on blockchain technology for second- and third-line departments.

• Performed internal audits on (but not limited to) the following:- Privacy (Data Loss Prevention Application): Lead an audit that tested the effectiveness of the Symantec Data Loss Prevention (DLP) tool. To complete this audit, I was able to leverage prior experience, having used this tool in a previous position, to determine risks and controls for testing.- Application data integrity controls: Lead an audit that tested the data integrity controls for the Principle and Interest (P&I) processing applications. During the audit I reviewed application code to identify the control which checks for completeness of inbound data. - Cyber Security Interdiction Center (CSIC): Lead an audit that tested the response processes to possible cyber-attack events. This audit was reviewed by the Federal Regulators which resulted in no findings, and who determined that DTCC has an effective framework to respond to cyber-security events.• Developed the technical specifications for, and trained audit management on, a resource allocation tool used to evenly disburse employee workload throughout the department. • Lead a project to develop a recurring incident management tabletop exercise for the Settlement Application development team.• Continuously liaised with technology risk coordinators and relevant stakeholders to aid in action plan closure.• Developed reports that will continuously monitor the health of the Enterprise Infrastructure and be presented to audit senior management.

Performed Data loss prevention (DLP) scans on local servers and reviewed the results using database queries to determine the locations of sensitive data to remediate.Performed a sensitive data review of sensitive folders on a shared drive at a national REIT firm, and its five additional branches. Executed gap assessments based on the ISO 27002 standard, which spans across multiple security domains, and analyzed results to report security deficiencies in technology business processes. Performed diverse set of risk assessment audits consisting of client controls reviews to meet SOX 404, PCI-DSS v2.0 or HIPAA/HITECH/HITRUST compliance. Conducted a large-scale change management audit for a retail services company in which over 50 change management controls were tested for 20 applications and 5 infrastructures.Created and revised existing policies and procedures for a large retail chain for them to maintain compliance for updated PCI requirements.Performed PCI v2.0 section 9 physical security audits, including (but not limited to) the following control areas: inspection of video cameras and/or access control mechanisms, data backup/storage, media destruction, wireless access points, and visitor access procedures.

• Supported all areas of Information Security and Privacy, including Incident Response, Risk Management, physical/data security, and Networking and Infrastructure Management in their projects and daily activities• Performed risk assessments for more than fifty of the firm’s third-party vendors in order to provide proper recommendations and solutions to upper level management in a detailed security assessment report concerning the risks and security deficiencies of the vendor • Advised construction of a data warehouse by defining business objectives to create a database of all third-party vendors who have completed risk assessments for easy ordering use by the entire firm• Utilized different forms of computer forensics such as EnCase by acquiring system images, performing records scans, testing and analyzing data and reporting all findings in compliance with Legal and HR departments to mitigate damage to the firm• Processed threat and vulnerability reports on the department’s issue tracking Sharepoint site to determine the projects and budget for the next fiscal year • Using a data loss prevention system, discovered, monitored, and protected confidential data across endpoint and network systems to demonstrate compliance while protecting the firm’s customers, brand, and intellectual property• Conducted and analyzed a Business Impact Analysis of more than two hundred third-party vendors to identify events that could impact continuance and have a financial, human, and public impact on the company • Identified, documented, and removed over six hundred business users with access to production databases containing personal identifiable information in conjunction with access and database administrators• Created and standardized forms and templates for internal use in security documents and emails, remaining consistent with the company’s brand standard