- Conducted physical security and environmental control reviews at client facilities, verifying compliance with established requirements and identifying potential vulnerabilities. Evaluated existing TPRM programs and deliver insightful recommendations to strengthen control environments, promoting enterprise-wide risk mitigation.- Led and completed comprehensive onsite/remote cyber security assessments for critical third parties of Fortune 500 clients, ensuring robust information security… Show more - Conducted physical security and environmental control reviews at client facilities, verifying compliance with established requirements and identifying potential vulnerabilities. Evaluated existing TPRM programs and deliver insightful recommendations to strengthen control environments, promoting enterprise-wide risk mitigation.- Led and completed comprehensive onsite/remote cyber security assessments for critical third parties of Fortune 500 clients, ensuring robust information security posture.- Delivered actionable recommendations that led to improved client control environments, demonstrably mitigating third-party risks.- Mapped third-party risk models to standardized frameworks like NIST and ISO, ensuring alignment with regulatory requirements like FFIEC, FRB, OCC, and HIPAA. Identified control gaps and recommended remediation activities.- Developed and implemented a consistent, repeatable assessment process, unifying internal teams and ensuring efficient risk identification and management. Show less

- Identified and addressed security vulnerabilities early in the vendor vetting process, avoiding potential issues down the line. Delivered high-quality risk assessments within demanding timelines, contributing to proactive risk management. Guided clients through complex compliance requirements (CCPA, GDPR), demonstrating dedication to data protection. - Successfully assessed and matured numerous IT security programs against the NIST Cybersecurity Framework.- Identified and mitigated… Show more - Identified and addressed security vulnerabilities early in the vendor vetting process, avoiding potential issues down the line. Delivered high-quality risk assessments within demanding timelines, contributing to proactive risk management. Guided clients through complex compliance requirements (CCPA, GDPR), demonstrating dedication to data protection. - Successfully assessed and matured numerous IT security programs against the NIST Cybersecurity Framework.- Identified and mitigated control weaknesses in potential and existing vendor relationships using ISO 27001/27002 standards.- Delivered 50 Business Impact Assessments within tight deadlines, supporting risk mitigation efforts.Led the contract review and remediation workstream, ensuring readiness for the California Consumer Privacy Act.- Hosted workshops, created data flow diagrams, and conducted Data Protection Impact Assessments, paving the way for regulatory compliance.- Streamlined data mapping and Data Protection Impact Assessments, fostering a culture of data privacy awareness. Show less

• Implemented the integration of the Fair Lending/Consumer Practices framework into the overall Consumer Practices Compliance Program at Ally Financial. This role required a deep understanding of consumer practices and compliance methodologies, as well as the ability to create and implement effective strategies.

- Directed the establishment and enforcement of the Third-Party Risk Management Program. Developed and implemented governance programs, encompassing policies, procedures, and controls, to effectively manage third-party risk. Regularly interacted with regulatory and internal/external audit teams, addressing identified issues with appropriate action plans.- Established standards across the enterprise for third-party management, including risk assessment, due diligence, ongoing monitoring, and… Show more - Directed the establishment and enforcement of the Third-Party Risk Management Program. Developed and implemented governance programs, encompassing policies, procedures, and controls, to effectively manage third-party risk. Regularly interacted with regulatory and internal/external audit teams, addressing identified issues with appropriate action plans.- Established standards across the enterprise for third-party management, including risk assessment, due diligence, ongoing monitoring, and termination.- Developed a skilled and high-performing third-party risk team, focusing on talent identification, development, and retention.- Streamlined third-party risk management processes across the organization, enhancing efficiency and effectiveness.- Successfully navigated regulatory scrutiny, achieving a "satisfactory" rating for the Third-Party Risk Management Program during a regulatory audit. Show less

- Developed the audit scope and associated test steps based on the high inherent risk areas.- Documented the process flow of the business unit by flowcharting critical functions in order to identify risks and controls.- Administered the Risk Assessment process with input from the business unit Senior Management. - Prepared and distributed Audit Drafts and Final Reports. - Developed recommendations to business units for corrective action plans for the resolution of improving… Show more - Developed the audit scope and associated test steps based on the high inherent risk areas.- Documented the process flow of the business unit by flowcharting critical functions in order to identify risks and controls.- Administered the Risk Assessment process with input from the business unit Senior Management. - Prepared and distributed Audit Drafts and Final Reports. - Developed recommendations to business units for corrective action plans for the resolution of improving internal controls. - Reported audit issues and recommendations.- Proactively followed-up with department management on audit findings to ensure resolution/implementation dates are met.- Lead auditor for two years on the largest audit.- Supervised colleagues during larger audits. - Mentor for new hires. Show less

- Managed the Vendor Third Party Review process nationwide. - Managed a team of internal subject matter experts from Brand & Marketing, Business Continuity, Finance, Information Security, Insurance, Legal/Contract Administration, Privacy, and Technology Performance.- Established a standardized approach to collect data, analyze, and managed third party risk across the organization.- Increased the efficiency of the Third Party Review Process by implementing process improvements to the… Show more - Managed the Vendor Third Party Review process nationwide. - Managed a team of internal subject matter experts from Brand & Marketing, Business Continuity, Finance, Information Security, Insurance, Legal/Contract Administration, Privacy, and Technology Performance.- Established a standardized approach to collect data, analyze, and managed third party risk across the organization.- Increased the efficiency of the Third Party Review Process by implementing process improvements to the existing risk scoring model that significantly reduced the time to complete a vendor review.- Developed tracking and reporting capabilities of vendor reviews by creating a Vendor Management database.- Ability to work in unfamiliar, unstructured situations and succeed. Show less