- Led a team of 6 controls and compliance professionals who supported the IT audits- Analyzed IT controls impact for SOX applications that have logically separated​ from AIG to Corebridge- Designed and implemented an approach for application migration to help IT adhere to their control requirements throughout physical separation and reduce risk to the SOX and SOC environment.- Integrated 10 offshore consultants into the operating model as a strategic partner to support audit fulfillment.- Identified, evaluated, and monitored technology risks and control gaps as part of the first line of defense for 125 SOX applications and 30 SOC 1 applications- Developed relationships with key stakeholders including IT leadership, Internal and External Audit, Financial Controls, and other functions to understand business functions, strategies, implementation plans, and the associated technology risk- Partnered with IT management to develop management action plans and remediate identified control deficiencies across a wide variety of IT functions, systems, and applications- Provided technology risk insight and System Development Lifecycle (SDLC) expertise to IT functions throughout strategic and tactical change initiatives- Performed controls assessments for the migration of applications to the AWS cloud- Prepared the Retirement Services business to release a SOC 2 report in 2023- Strengthened the DevOps (GitHub/Jenkins) controls to prevent segregation of duties

- Supported audit activities, IT general controls, and IT dependencies for 137 SOX applications and 18 SOC 1 applications- Incorporated controls assessments into high priority projects and programs such as AWS and Snowflake migrations- Performed monitoring tasks to ensure the health of key IT controls related to privileged access logging, timely termination of users, user access certifications, accuracy and completeness of application and infrastructure inventories- Acted as a coordinator for audit issues, risk acceptances, regulatory risks, and other risk and controls assessments- Worked with IT teams to better educate and promote awareness of fundamental IT general controls execution expectations- Promoted transparency in reporting gaps to management and stakeholders to help quantify and report risks and identify corrective actions by process owners- Developed strong relationships with key stakeholders (Internal/External Audit, Financial Controls, Enterprise Risk Management), senior IT management, and other key leaders

- Managed security, risk and control related activities and projects for multiple business units within the Corporate function (including HR, Finance, Legal, Treasury) as well as Investments (Global Capital Markets, Enterprise Risk Management, Global Real Estate)- Reduced information security weaknesses and attack footprint across the environment by analyzing and facilitating remediation activities associated with infrastructure and database vulnerabilities using such security tools as Qualys, Tanium, and Imperva- Engaged application owners and collaboratively resolved application vulnerabilities using AppScan, WhiteHat, and Veracode- Executed Application Risk Reviews to analyze security, controls, compliance, and legal aspects of new application releases and major enhancements to existing applications - Established Key Performance Indicators for the business units to assess changes in the levels of risk exposure in such areas as vulnerabilities, end-of-life systems, user re-certification, security assessments for 3rd party applications, support desk tickets, and high impact outages- Identified technology issues and advised in development of risk treatment in conjunction with control/process owners to address control gaps and oversee execution for the annual Risk and Controls Self-Assessment (RCSA)- Enabled consistent operational risk event capture, tracking, and reporting and performed detailed evaluations and trend analysis to identify common themes and prevent future re-occurrence- Performed as a key member of the Data Security Team that monitored sensitive data sent to external parties using McAfee and Symantec Data Loss Prevention solutions; assisted with the roll-out and management of the Proofpoint email encryption tool; and developed alternative solutions in place of using Removable Devices- Removed thousands of business and IT users who had permanent local administrator access and other privileged access to their workstations and servers

- Managed a team of four full-time SAP systems professionals responsible for controls, compliance, and first-level support- Designed a four-year roadmap of compliance and controls activities to align with Bloomberg’s corporate initiatives- Implemented the GRC Access Risk Analysis 10.0 component to detect, remediate, and monitor segregation of duties conflicts- Developed and deployed a critical access ruleset in GRC to monitor sensitive financial data in the SAP ECC system- Aligned with business process owners across Accounting (GL, AP, AR, Revenue, Tax), Supply Chain (Logistics, Warehouse, Mailroom), Operations, and Contracts to assess potential risks and exposures within key business processes- Discussed and implemented remediations through security role updates in SAP and mitigation controls within GRC- Constructed a strategy to implement the GRC Automated Request Management components to provision user access- Reviewed Bloomberg’s privileged access process and designed a strategy using the GRC Superuser Privilege Management component - Introduced a two-year vision for GRC Process Controls that includes updating existing business process flows, adding key control points (both manual and automated), and aligning to a Risk and Controls Matrix- Integrated control points into over 100 SAP projects to understand changes to roles, new custom transactions, and processes- Worked with the Compliance Data & Controls Office to validate and update the roles/authorizations within the Bloomberg Terminal- Liaised with the PWC external auditing team to perform IT General Controls audits- Coordinated a Source–to-Pay audit with Deloitte to understand risks within the Accounts Payment and Procurement processes- Supported the Center of Excellence by performing first response troubleshooting for SAP inquires from all business sectors

- Liaised with auditing bodies (external, internal, SOX Compliance, Fed Readiness) across all SAP instances- Developed business case, strategize, and budget for the upgrade of GRC Access Controls 5.3 to Version 10.0- Enhanced the GRC segregation of duties ruleset as new implementations take shape across Spain, Portugal, Italy and the Netherlands- Standardized user provisioning process across all SAP environments by enhancing SAP GRC workflow approval functionality- Developed a strategy to migrate the Life & Retirement system from Security Weaver to GRC Access Controls- Protected Personally Identifiable Information (PII) information by deploying the TDMS application across all Non-Production systems- Managed the Guardium tool to perform database monitoring across all Production environments- Improved completeness and accuracy of the SAP user access re-certifications using the Sailpoint application- Provided compliance expertise for an initiative that allows executives the ability to view sensitive HR data within the BI environment

- Managed a team of ten SAP Security Analysts through domestic and international (Japan, Latin America, UK, Nordic) deployments- Designed the SAP Security Strategy and Architecture for AIG’s Global SAP Implementation- Integrated the Corporate IDM with Netweaver IDM to provide automated provisioning and de-provisioning for user access control- Designed, configured, deployed GRC Access Controls; Superuser Privilege Mgmt, Compliant User Provisioning, Risk and Remediation- Built a custom GRC ruleset used to identify, review, and mitigate Segregation of Duties conflicts- Created an automated approval workflow for user access requests using the GRC Compliant User Provisioning tool- Configured the GRC Firefighter in ECC and BI for emergency access requests and privileged tasks- Deployed the Self-Service Password Reset functionality of GRC for the project team members across over fifty SAP clients- Introduced a role integration strategy for SAP role design and configuration across the AIG landscape- Gathered requirements, designed, and built security master/child roles for the following SAP modules: FI-CO, GL, AP, FA, BI- Created derived roles to secure on the following organizational values: Profit Center, Cost Center, Company Code- Designed security roles for the implementation of Solution Manager’s Service Desk and Change Request Management Tools- Created customized Java security roles in the Web AS environment using the User Management Engine- Worked closely with the Corporate Security Team to ensure compliance with organizational policies and standards- Acted as a liaison between the Corporate Compliance Team, Internal and External Audit, and Project Mgmt as required- Performed troubleshooting and analysis of user roles/authorizations utilizing SAP utility transaction tools

- Implemented the security model for operation in all systems- Designed, built, and tested roles for ECC related cross-functional application modules (FI, CO, MM, PP, SD, QM, PM) using SAP ASAP Methodology- Significant SAP experience in generating activity groups using Profile Generator (PFCG, SU01, SU10)
- Experienced in SAP security analysis of system logs, parameters utilizing various SAP tools (ST01)- Performed troubleshooting and analysis of user roles/authorizations utilizing SAP utility transactions tools (SUIM)- Led the installation of the Virsa Firefighter tool to allow emergency access to the Project Team members in Production
- Provided system administration, functional guidance and technical support for all SAP environments
- Worked closely with internal/external auditors to provide them with an in-depth analysis of our security roles in accordance with Sarbanes Oxley compliance- Provided performance monitoring, troubleshooting, and support for daily operations- Extensive work with a complex Transport Management System configuration for an R/3 landscape- Installed and implemented Gentran Integration Suite for all interactive transactions- Built and configured all SAP Console and SAP Router servers

- Maintained, installed, and configured all Intel/HP servers and IBM Blade servers in a Windows 2000/2003 environment- Installed Mimesweeper and Ironport servers as a spam solution and configured rules and filters- Configured backup jobs for all sites using Data Protector and Veritas Backup Exec- Provided support for all directory permissions and assisted in daily DNS modifications in Active Directory 2000- Installed and granted permissions in a MS Exchange Server 5.5, 2000, and 2003 environment- Utilized Compaq Insight Manager and IP Monitoring as a solution to monitor all servers- Provided enterprise wide anti-virus administration using Symantec

- Installed, configured, and troubleshot Windows 98, NT 4.0, 2000, and XP machines- Provided LAN/WAN, server, telecommunications, and help desk support to eight Barr Labs locations- Updated/installed software including BIOS, Windows 2000, all Office applications and specific Barr software- Installed hard drives, memory, SCSI cards, network cards, scanners, printers, and other hardware- Assisted in the company migration from an NT 4.0 to a Windows 2000 environment- Contributed in the corporate headquarters move from Blauvelt, NY to Woodcliff Lake, NJ- Primary backup and file restoration responsibilities for headquarters and two remote sites- Developed and distributed software packages and images for new pcs through Altiris

- Designed, built, enhanced functionality and managed web pages (Rail Europe Lycos, RE Public, RE Agent, Travelocity.com, MySwitzerland.com, Hostelpass.com, Eurogroups.com)
- Maintained Search Engine Optimization (GoTo.com, FindWhat.com, Kanoodle.com)
- Provided support for the Rail Europe Database, Euronet (proprietary booking system)
- Created page design and layout using Dreamweaver and Photoshop
- Developed Flash applications for specific projects

- Created Pace University Cooperative Education/Career Services Web Page (www.pace.edu/coopcs)
- Designed and updated web pages using HTML, FrontPage 2000, HomeSite, Paint Shop Pro, and ImageReady
- Created reports, queried for information, and manipulated numerous Access Databases
- Provided technical support to the entire staff