This role is an unpaid volunteer position as an International Economic Analyst.• Researching the economic and financial landscapes of specific countries, with a focus on those facing economic and political challenges.• This entails delving into various sources such as news outlets, online forums, and conducting one-on-one interviews to gather comprehensive insights.• Analyze gathered information to understand the prevalent financial adversities in different regions.• Contributing insights to shape the initiatives of the foundation aimed at promoting global financial literacy and stability.

Collaborates with the CISO to develop and implement a comprehensive Third-Party Risk Management (TPRM) program, ensuring the security and compliance of vendor relationships within a financial industry environment. • Led the creation of policies, procedures, standards, and information security risk assessment questionnaires tailored to business needs.• Conducts security risk assessments and due diligence evaluations for third-party vendors, including Atria’s Broker/Dealer subsidiaries, ensuring that cloud-based and external vendor applications meet the organization’s security standards. • Acts independently to solve challenges and escalate risks when necessary.• Assists with the implementation and management of Tenable for vulnerability management. • Administrator of Proofpoint, manages email security, threat intelligence, data loss prevention (DLP), and phishing email simulations. • Contributes security awareness training for internal employees, reinforcing best practices for cloud and network security.• Works closely with various stakeholders to identify and support business information security requirements. • Plays a key role in liaising with internal teams, third-party vendors, and the CISO to ensure that security risks are addressed proactively. • Mentors and trains colleagues on conducting third-party risk assessments with a focus on information security.• Leverages tools like Zendesk and Jira Software to orchestrate tasks and manage IT-related projects to completion, ensuring that security initiatives and third-party evaluations are successfully delivered on time.• Identifies security requirements and ensures that business processes complies with relevant policies, standards, and regulations. ** More information will come as job duties are assigned.

• Established and executed the department’s information security policies, procedures, guidelines, data encryption policies, business continuity plans, disaster recovery (BCP/DR), and methodologies that complied with the industry’s best practices.• Administrator in Tenable.sc/io to analyze, mitigate and report on asset management and internet of things (IoT) vulnerabilities and threats.• Analyzed and reported on detected threats, network security events, incident responses by utilizing CrowdStrike Falcon Endpoint Detection and Response (EDR) solution for security violations.• Monitored and conducted log analysis via Third-Party’s Security Operations Centers (SOCs) Security Information and Event Management (SIEM) to identify security anomalies and remediate.• Utilized LookingGlass to perform investigations and website takedowns.• Administrated IAM of HQ and remote sites for physical security systems, and access, including badge readers, alarms, visitor logs, and CCTV.• Deployed DLP tools to monitor and prevent the unauthorized transfer of sensitive data, significantly reducing data leakage incidents.• Supported internal and external audits and reviews such as FRB exams, User Access Review (UAR) and IT asset-related evidence and FIDICA testing.• Managed the cybersecurity awareness program including user security, simulations for email-based phishing and social engineering threats based on emerging security events.• Investigated phishing emails with Proofpoint email security tool, observed behaviors of malicious links, hashes, and attachments in sandboxes, and manual phishing analysis with MX Toolbox.• Working knowledge of Information Security frameworks and privacy laws (e.g., ISO 27001, FFIEC, NIST RMF, GLBA, CCPA, & GDPR) and interpreting applicable laws and regulations.

Assisted the CISO with the creation and maintenance of policies and procedures related to risk governance, risk identification and monitoring, risk measurement, and risk control and mitigation.• Improved the Bank’s Vendor Management Program through continuous risk assessments, controls testing and Vendor reviews. • Partnered with key stakeholders in the business to identify, assess, aggregate, and document risks and controls through the onboarding of new vendors.• Assessed new vendors to determine risks associated with new or modified products, services, distribution channels, regulations, and third-party (Vendor Management) operations.• Performed contract reviews of third-party vendors by assessing System and Organization Controls (SOC) 1 Type 1, (SOC) 1 Type 2, (SOC) 2 Type 2, and (SOC) 3 reports to ensure compliance with security requirements using Complimentary Entity User Controls (CEUCs).• Partnered with the Compliance/Bank Security Act (BSA) Department to conduct Bank Security Act – Anti-Money Laundering – Office of Foreign Asset Control (BSA-AML-OFAC) Risk Assessments on a quarterly basis.

Applied financial compliance rules, regulations, and guidelines provided by Morgan Stanley and Financial Industry Regulatory Authority, Inc. (FINRA) • Analyzed basics of financial markets, economic data, and investment strategies.• Investigated available investment opportunities to fit into various financial plans.• Sourced prospects from a variety of social media using tools such as Facebook and LinkedIn.

Acted as liaison between end-users, technical analysts, information technology developers, and executive management teams in communicating the analysis, design, configuration, testing, and maintenance of service management.• Translated business operations into system deployments and business process changes.• Identified operational policies to map to procedures amongst the business. • Performed scoping for projects and ensured contingency plans were employed.• Worked with IT developers to ensure solutions met the needs of the business.

• Developed, managed, and maintained corporate compliance policies and procedures to ensure the Company abides by applicable regulations (FDCPA, FCRA, ECOA, UDAAP, TCPA, GLBA, and SCRA) by translating compliance and legal requirements into business requirements; • Supported business lines with preparation, coordination, and execution for regulatory examinations, specifically CFPB, bank audits, and regulatory action items through meeting attendance, information gathering, and issue follow-up with senior management and business partners to ensure Company is ready for an onsite examination; • Intimately familiar with the CFPB Examination Manual and CFPB Examination Manual for Debt Collection as well as Examination procedures for larger participants;• Worked with management to establish an appropriate compliance culture throughout the Company including, direct on-going consulting with stakeholders, reviewing and assessing documents, business practices, and procedures against compliance requirements;• Designed, planned, and conducted risk assessments around specific regulations and related processes. Performed compliance testing in SCRA and ECOA, work in conjunction with Risk Audit teams to validate compliance risks, audit, testing, reporting, and remediation; and• Reviewed business policies and procedures for compliance implications and developed a second line of defense call monitoring program for the Compliance department.

• Identified gaps risks for existing processes and performed root cause analysis and solicited for remediation;• Led and managed mid-sized teams working on ad hoc business projects;• Served as a liaison and point of contact between Loan Officers, Processors and Underwriters;• Extracted data from SAP Crystal Reports database into MS Excel to manipulate information for reports; and• Analyzed financial statements, production reports, tax returns and credit documentation for accuracy and compliance for investor guidelines.