• Responsible for ensuring completion of comprehensive risk assessments, documentation, risk mitigation guidance, and related reporting for key enterprise initiatives across various platforms/environments (i.e., Cloud, etc.), including efforts including external partners and/or clients.• Ensuring thorough review/credible challenge of identified risks, issue mitigation/remediation, monitoring, and reporting• A thought leader seeking to maximize opportunities within regulations to create a high- performing balance sheet.• Collaborate with Training and Development to increase the financial acumen of the organization• Risk assessment and management of Artificial Intelligence, Machine Learning and Robotics Process Automation solutions• Senior management responsible for risk assessment and guidance regarding the enterprise Change Management process, SLOD risk assessment reviews, guidance, and related decisioning.Information Technology Risk• Monitor and report on technology, information security, information management emerging and key risks impacting and/or potentially impacting the enterprise, from a SLOD perspective• Provide senior management and related committees with SLOD Technology, Information Security/Information Management risk perspective and/or profile updates on a periodic basis

Responsible for the development and maturing of the Information Technology Risk Management program bydeveloping and enhancing Information Security Policies and Standards.Lead security projects to ensure security controls are applied appropriately in the Datacenter andCloud environments.Performs Product and Vendor Security assessments for IT and SaaS solutions across the bank to confirm,enhance, and monitor Information Security adherence.Provides independent oversight and challenge of all enterprise risk management activities, ensuring that risksare sufficiently mitigated.Ensures maturation of the banks IT risk management program in line with industry best practice, legal,contractual, and regulatory requirements including but not limited to GLBA, FDIC, FFIEC, SOX, etc.Manages a team of professionals who oversee all aspects of IT Risk across the bank.Performs IT Cloud governance and strategy, IT Cloud operations, Information Security, oversight of change andconfiguration management, overall enterprise information technology governance, risk, and compliance (GRC)management, and regular reporting to the bank's governance committeesParticipates in the planning and implementation of information technology controls for all material IT Projectsproducts, and services.Provides executive management and the Board with the aggregate Information Technology risk profile for theenterprise.

Provide strategic consultation to business, technology, and risk leadership regarding long and short range information security risk/requirements and Issue Management. Serving as Trusted Advisor to the business unit(s) providing oversight and input on product implementation, regulatory compliance, control testing, and Risk-Issue management/mitigation. Facilitate all internal and external Information Security Audit and regulatory examiner engagements, including but not limited to State (NYDFS), Federal, SOX, Vendor, and CFPB questionnaires. Manage the monitoring, tracking, identifying, and reviewing of operational risk related to Information Security across all business, technology, and Third Party Management entities. Drive a collaborative environment that ensures timely communication and strong cooperation between Information Security and the lines of business including but not limited to Legal, Risk, and Compliance Teams. Drive, develop, and maintain Information Security Risk culture within the business including reporting and analysis such as KRI’s/KPI’s, manage scorecards, and deliver executive presentations. Lead Identification, detection, protection, response, and recovery as it pertains to Information Security across all business and technology groups including 1st and 2nd lines of defense. Escalate concerns and issues to senior leadership and the Board as appropriate. Evaluate the appropriateness of policy exceptions to drive Risk-Issue resolution.

Manage, build, and mentor team of security professionals to drive efficiencies across Governance, Risk, and Compliance (GRC) as well as IT Risk and Controls for first line of defense (1LoD). Perform security assessments across new and existing products and services. Assit in implementation and evaluation of data centralization and intelligence tool (Giggso) for AI/ML Monitoring and Triaging. Implemented/Deployed Archer GRC SaaS tool and managed administrators to evolve the GRC program across the organization through automated controls. Manage and prioritized Risk-Issue tracking and drove remediation efforts. Own development and attestation of all Information Security Policies and Standards, KPI’s, and KRI’s. Develop and implement RCSA (Risk Control Self-Assessment) for continuous security reviews. Develop Sarbanes Oxley (SOX) program including the build out of Information Technology General Controls (ITGC’s). Lead development of comprehensive and sustainable IAM (Identity & Access Management) governance program. Build and manage Third Party Risk Management Program, reviewing and validating SOC1 and SOC 2 reports. Facilitate all internal and external Information Security audit engagements and regulatory examinations. Consult with IT teams across all business units and technology groups to drive security awareness, training, and improve security posture. Develop, monitor, and analyze budgetary and operational performance of department resources including but not limited to negotiating contracts for GRC tooling & support staff.

Provided first-line of defense independent oversight and guidance regarding business products, services, and processes through NIST and ISO 27001 framework. Drove cloud vulnerability remediation and performed executive reporting to ensure adherence with SLA’s. Leveraged AI/ML to assess and automate cloud security measures. Manage and prioritize Risk-Issue tracking and drive remediation efforts. Developed and Evaluated Key Risk Indicators (KRI’s) and Key Performance Indicators (KPI’s) to advise senior management and influence process change. Facilitate and Lead audit engagement, deliverables, and drove remediation activities to closure. Enhanced Identity and Access Management program to reduce unauthorized user access. Serves as a trusted adviser for IT and develop Cloud security requirements against new and existing products and services. Assess and implement controls to ensure accountability and identify process GAP’s.

Developed team to provide governance and oversight across Shared Technology for Risk, Compliance, Vulnerability management, Identity and Access Management (IAM), Business Continuity Planning (BCP), Disaster Recovery (DR), & internal/external Audit engagement and deliverables. • GRC Trusted Security Advisor providing consultation to senior leaders, Product Managers, & Business Risk Officers.• Manage Disaster Recovery Operations to validate resiliency & high availability. Document interdependencies & continually improve testing and reporting processes via exercise evaluations• Performs proactive risk assessments & governance across Network Services. Assess compensating control effectiveness & drive risk remediation activities to completion. • Developed & conducted security awareness training for product owners and technical SME’s.• Managed Internal/External Audit’s decreasing findings approximately 66% year over year.• Leveraged NIST and ISO framework to manage and assess risk and compliance activities.• Performed continuous deep dive analysis of Vulnerability & Compliance scans & drives continuous improvements for burndown strategy across Network Services.• Performed Identity & Access Mgmt control testing to ensure alignment with security standards. • Worked in matrixed IT environment to develop security solutions for vulnerable devices within IT. • Ensured adherence to regulatory and legal hold orders. • Performed continuous Operational improvements to ensure high service availability while utilizing ITIL framework for incident, problem & change management.• Facilitate Sr. Leadership, Vendor, and LOB governance meetings. Created, and revised numerous SOW and SLA agreements to ensure alignment with corporate goals. Developed and performed periodic evaluations of KPI’s to ensure operational resource efficiency.

Designed and Implemented launch of VoIP services to new markets ($5+million project). Allocated resources to ensure on-time project delivery and under budget, while advising and influencing internal resources within matrix environment. Drove change, incident, problem, and release management.• Collaborated with cross-functional teams to develop Work Breakdown Structure, engagement model, and workflow. Maintained design documentation and oversight of multiple concurrent projects. • Provided direct vendor oversight to ensure critical path was in-line with project timelines and system implementation, upgrades, & maintenance performed to specification.• Implemented QoS on converged IP network while leveraging analytical measures to ensure sustainable quality product and reduce voice quality issues by ~30%. • Facilitated swift resolution of customer issues to preserve customer loyalty while maintaining VoIP, SIP, and PRI service uptime ~99.96%.• Provided training and support for all VoIP sales initiatives within region and assisted in driving IT National Backbone project to completion while managing Granite, Drum, and Remedy databases.

Implementation Engineer and Quality Auditor (1999-2006)Designed and implemented large scale TDM, Class 5, Contact Center ACD, & VoIP switch Datacenter network hardware installation and decommissioning projects, managing projects in excess of ~$30 million. Implemented re-purposing of network equipment for ~40% project cost savings. •Provided directional vendor oversight and supplier management for project installations to ensure on-time project completions. •Performed pre and post site surveys to produce Technical Design Documents for national Data Centers •Performed capacity reviews and projections for organic and customer growth across network. •Performed quality audits for all network installations; reduced install defects by 85%.•Collaborated with cross functional teams to ensure on-time delivery (maintained at ~98%) for customer agreements/Service Delivery.

Lead NOC Technician – Switch Control CenterSupervised national TDM, Class 5, VoIP, & SS7 switch network with 10 direct reports; implemented and improved proactive monitoring and troubleshooting processes to increase efficiency and system uptime.• Drove ITIL incident, change, release, and problem management for national switch network• Led effort for building European NOC through hiring, training, and developing new associates while managing workload during initial launch. • Developed and implemented cross training on various switching systems to increase technical resource efficiency and implemented enhanced proactive monitoring. • Developed repeatable and sustainable processes to quickly isolate re-occurring issues and mitigate customer impact, reducing customer downtime by ~30%

Maintained statewide TDM networks change and release management including developing and implementing preventative maintenance processes and procedures resulting in ~30% decrease network incidents.• Implemented hardware and software installations for all network components. • Provisioned new customer activations and maintained capacity reporting

Received National Defense Distinguished Service Medal while serving during Persian Gulf War, Sea Service Deployment Ribbon, and Good Conduct Medal during my tenure.