- Operating as a consultancy in Enterprise Risk Management (ERM), Governance, Risk & Compliance (GRC), IT Risk Management, Third Party Risk Management, Vendor Risk Assessment, Data Governance, IT Security Management, Cybersecurity, Information Security Management, Operational Risk Management (ORM), IT Audit, IT Regulatory Compliance, Privacy Governance, Sourcing, Contract Management, Disaster Recovery, Business Continuity Planning, Network and Security Operations, Facilities Security, Policy and Procedure

- Responsible for creating and assessing current state and project initiatives related to the implementation and effectiveness of the Information Risk Management framework- Manage the daily execution and coordination of the Information Risk function within the Information Governance Program- Responsible for portions of the program related to reporting, testing, development of new tools and methodologies, leading special projects, as well as program implementation as it applies to product management, technology, business lines or the overall Bank - Lead the analysis, planning, coordination and execution of the understanding, mapping and gap analysis of the current and target control flows for information risk ensuring comprehensive information lifecycle management within the context of an internal control framework from record (create the data) to report (consume the data) - Document current state and propose the target state control processes for data transformation, transmission, consumption, quality/exception management and creation. This includes warehouse and application API flows for business as usual uses and as special projects including the most complex transitions and re-platforming - Utilize an extensive blend of business and technology background as well as testing and monitoring in the 2nd or 3rd line- Lead the interaction with stakeholders and business data owners to determine and optimize how they collect, store, secure, and curate data to ensure that data is properly managed and the risk versus reward trade-off is properly communicated and controls are put in place to effectively remediate as necessary- Responsible for supporting and refining the Data Governance Program standards and processes to promote data accountability, validate compliance, and track data governance effectiveness through scorecards and status reports

- Function as the GRC platform administrator; overall responsibilities include establishing data quality processes, integrity checks, data governance and user access controls, as well as providing change management support by generating and maintaining all related documentation- Support the build out of the GRC platform in facilitation of the enterprise-wide risk identification, assessment, taxonomy, quantification, remediation, and reporting processes.- Partner with Information Security and Information Technology management to ensure one source of truth related to processes, software, systems, etc. across diverse platforms.- Drive the report development and production process, incorporating Risk Committee presentation requirements (Board and Management) and departmental needs, inclusive of summarizing risk analyses, performance trends and projections- Support a framework of effective policies and procedures through the development of rigorous data analytics that create better understanding of Enterprise Risk Management and facilitate risk-informed decision making- Enhance reporting and monitoring and improve efficiencies in the Risk Group to meet changing management and regulatory requirements- Perform all necessary functions in support of Enterprise Risk Management

• Develop and execute the IT/Vendor Risk Management (VRM) global enterprise programs in a manner consistent with the company’s agile approach and a bias toward speed and security• Develop the VRM framework through collaboration with Sourcing, Legal, Finance, Cyber Security, and all Business Units to drive efficiency in managing the third party portfolio• Execute the Vendor Risk Management Program, including business exposure analysis, risk assessment, periodic monitoring, remediation planning, and off-boarding for both third party vendors and franchises

- Responsible for defining strategies necessary to further mature and evolve the Third Party Risk Management process and tools while expanding the program to promote greater uniformity, transparency, and awareness across various risk disciplines and business areas. - Provide oversight/direction to teams of individuals involved in risk and control and demonstrate a solid background in third party risk due diligence as well as a broad knowledge of technology controls to ensure inclusion of cyber and internal security risk considerations.- Provide leadership, management, and collaboration initiatives related to strategy and evolution of third party risk management program scope and activities. - Lead and manage the strategic development and improvement of risk systems, methodologies and limits and manage high-impact and complex projects, working with the businesses to improve controls that would mitigate any deficiencies. Act as a third party risk analysis back-up for the performance of third party due diligence assessments during peaks and/or in support of staff.

- Work directly with senior management in multiple profit and support centers to provide leadership, guidance and analysis to aid the business in effectively identifying, prioritizing, and managing operational risk consistent with risk appetite and tolerance in the profit/support centers and enterprise-wide.- Provide oversight and supervision of the Operational Risk Management team members to ensure consistency in approach, implementation of the defined framework, and presentation of deliverables are reflective of the defined goals and objectives of the Operational Risk Management Services organization.- Provide integration between vendor risk and operational risk and be responsible for matrix managing a vendor management team to establish cohesion between Risk, Sourcing, and Legal.- Actively manage and facilitate the identification of inherent, control, and residual risk potential in business processes, applications, systems, third parties, etc. that can result in potential negative impact to the profit center and company.- Establish tactical and strategic plans to evolve current processes to ensure alignment with the operational risk framework defined throughout the enterprise

- Responsible for project administration, tracking, monitoring and response coordination on policy, operational risk assessments, internal audit, third party risk management, and regulatory compliance items.- Work directly with multiple profit centers to perform operational risk assessments of business processes (including workflow, vendor, and application dependencies), identify and evaluate inherent, controls/safeguards, and residual risk.- Partner with multiple profit centers to assist them in effectively managing their operational risks; thus facilitating identification of potential risks in business processes, applications, systems, third parties, etc. - Provide guidance to the business pertaining to risk mitigation alternatives that support business' risk appetite and tolerance.

- Responsible for acting as a risk analyst, manager, and leader to expand operational risk management methodologies and reporting processes and capabilities for the organization.- Perform operational and third party risk assessments in support of business operations (to include workflow, vendor, application, and associated dependencies and controls).- Promote oversight and governance in the Risk Office across business operational areas throughout the organization.- Partner with the business to assist in effectively managing their operational risks and assessing risks associated with third party relationships. - Contribute to the enhancement in tools and methodologies used to assess risk, establish guidelines and tools to facilitate continuous improvement in the related initiatives by performing business risk analysis and leadership to internal business partners- Review key operational risks and participate in security implementation projects, engaging with various teams to strengthen the operational risk posture of the organization and establish appropriate corporate operational risk and security controls

- Manage all aspects of third party and vendor risk assessments including verification and recertification- Responsible for analyzing third party and vendor security control frameworks, policies, procedures, standards and guidelines- Review all assessment documentation including previous attestation work (e.g. SOX, ISO, SSAE, etc.,), vulnerability assessment & penetration testing results, DR/BCP process documentation, architectural diagrams and other evidence- Analyze, implement and manage IT security and risk management frameworks as dictated by industry best practices (e.g. ISO, COBIT, COSO, etc.,)- Evaluate all third party adherence to standards including but not limited to Sarbanes-Oxley (SOX), GLBA, HIPAA and PCI-DSS - Administer the Shared Assessments Standard Information Gathering (SIG) Questionnaire and analyze all third party responses, documentation and evidence to determine whether reasonable security and risk controls are in place- Participate as a member of the Security Review Board to determine the appropriate assessment strategy for each third party/vendor- Prepare reports for management providing a high level summary of assessments completed and any recommendations for remediation and risk acceptance guidance.

- Startup venture in the media and entertainment industry

- Build on the framework established for IT security based on industry best practices and standards- Responsible for all aspects of IT security, IT audit and IT risk analysis for corporate IT infrastructure applications, facilities and sensitive data- Design, implement, maintain and monitor all domains of the corporate security infrastructure- Plan and coordinate all business resumption and disaster recovery initiatives- Manage all IT policies, procedures, standards and guidelines- Manage all pertinent vendor relationships- Manage facility related projects and initiatives- Report to the CIO and provide direct assistance

- Establish, enhance and manage all corporate information technology and physical security initiatives- Responsible for all IT audit related administration including but not limited to SOX, HIPAA, PCI-DSS- Establish Business Resumption/Disaster Recovery processes including planning, documentation, annual testing and subsequent issue remediation - Develop and implement IT policies, procedures, standards and guidelines based on industry best practices

- Provide management and the Board of Trustees with an objective and independent analysis of the operations of the bank including an evaluation of the internal control structure and measures in place to ensure the safeguarding of assets- Assist audit management in the effective completion of the audit plan and evaluation of various processes and controls- Assist management by performing an independent and unbiased evaluation of the controls, systems and procedures of areas under review- Perform routine information system audits involving the testing of data, interviewing of management/department staff and an examination of the environment of areas under review- Ensure a high level of productivity among audit staff through careful supervision including training, guidance, coaching, and providing recommendations when necessary- Participate in the decision making process with regard to audits in progress- Prepare narratives and develop audit programs- Utilize my understanding of information systems internal control concepts and demonstrate the ability to apply them in information systems and application audits- Prepare audit reports for areas being reviewed which express an opinion on the effectiveness of the control environment through the review of all fieldwork performed

- Oversee the functioning of all networks and resources- Manage the security and daily operations of servers, networks and internal systems- Responsible for the review and submission of reports related to system security and efficiency- Coordinate and manage technical projects- Provide technical support to staff and the end user community- Assist in the management of all technical resources- Assist and support the Information Systems Officer

- Assist in the control and function of all networks- Assist the Network Administrator and the Information Systems Officer in the daily operation of all computer systems and networks- Assist in analyzing the efficiency of the bank's technical resources- Make recommendations to management on the use and availability of technical resources- Ensure the physical and logical security of all networks by providing prompt attention to and resolution of issues pertaining to connectivity, the review and verification of network security logs and investigation of security related incidents