• Completed 34 RCSA (Risk and Control Self Assessment) review and challenges for lines of business and affiliates across City National Bank’s footprint ensuring risks, impacts, risk mitigations, and likelihoods were accurately identified.• Participate in annual Comprehensive Capital Analysis and Review (CCAR) risk identification, risk register creation, and RiskID review and challenge to meet regulatory requirements.• Provide credible challenge for annual risk evaluations including… Show more • Completed 34 RCSA (Risk and Control Self Assessment) review and challenges for lines of business and affiliates across City National Bank’s footprint ensuring risks, impacts, risk mitigations, and likelihoods were accurately identified.• Participate in annual Comprehensive Capital Analysis and Review (CCAR) risk identification, risk register creation, and RiskID review and challenge to meet regulatory requirements.• Provide credible challenge for annual risk evaluations including Gramm-Leach-Bliley Act (GLBA), New York Department of Financial Services (NYDFS), Society for Worldwide Interbank Financial Telecommunications (SWIFT), and FedLine.• Deliver review and challenge for annual risk maturity assessments including FFIEC CAT (Cybersecurity Assessment Tool) and National Institute of Standards and Technology Cybersecurity Framework (NIST-CSF).• Participated in evidence validation for Federal Reserve horizontal cybersecurity review.• Provide oversight of data classification and labeling to drive alignment with security policies through analytical review and awareness campaign to ensure compliance. Show less

• Lead team of risk professionals to provide independent oversight for bank’s cybersecurity and technology sectors.• Provide critical challenge for cyber security operations center (CSOC), vulnerability management, identity and access management (IAM), education and training governance, insider threat, and threat intelligence programs.• Review and deliver credible challenge for more than twenty key standards including IAM, privileged access management (PAM), application programming… Show more • Lead team of risk professionals to provide independent oversight for bank’s cybersecurity and technology sectors.• Provide critical challenge for cyber security operations center (CSOC), vulnerability management, identity and access management (IAM), education and training governance, insider threat, and threat intelligence programs.• Review and deliver credible challenge for more than twenty key standards including IAM, privileged access management (PAM), application programming interface (API), software development lifecycle, data protection, vulnerability management, and firewall.• Review and challenge Information Security policy during annual review.• Provide risk-focused review and feedback during annual Gramm-Leach-Bliley Act (GLBA) report preparation to reduce risk of regulatory sanctions.• Guide first-line of defense partners through Risk Control Self-Assessment (RCSA) exercises in critical processes including security programs, IAM, and vulnerability management. Ensure that all processes, risks, and controls are documented and defined while keeping stakeholders informed.• Assist first-line of defense in creating, reviewing, and retiring critical and non-critical Key Risk Indicators (KRI) and Key Performance Indicators (KPI) throughout the metric lifecycle. Validate metrics to ensure they effectively inform stakeholders of current and emerging risks.• Led targeted reviews of Information Security Risk Assessment (ISRA), GLBA, Secure Software Development Lifecycle (SSDLC), and IAM programs.• Validate a sampling of control tests quarterly to ensure internal controls are adequately designed and properly tested.• Provide strategic input to drive closure of government agency findings uncovered through regulatory exams.• Participate in root cause analysis of self-identified issues to ensure risk drivers are documented, addressed, and appropriate, timely remediation plans defined. Show less

• Managed cross-functional team of information security professionals across varied market segments including Branch and ATM Banking, HR, Small Business and Personal Lending, Business Payroll, Personal Insurance, Commercial Banking, Commercial Capital, Treasury Management, Wires, Trust Services, Wealth Management, and Education Finance.• Deliver risk governance while managing ongoing development and monitoring of the Information Security risk program at over 5K branches and 13K ATMs.•… Show more • Managed cross-functional team of information security professionals across varied market segments including Branch and ATM Banking, HR, Small Business and Personal Lending, Business Payroll, Personal Insurance, Commercial Banking, Commercial Capital, Treasury Management, Wires, Trust Services, Wealth Management, and Education Finance.• Deliver risk governance while managing ongoing development and monitoring of the Information Security risk program at over 5K branches and 13K ATMs.• Oversee key business initiatives in third-party risk management, access control management, data loss prevention, cyber-risk management, cybersecurity, digital properties, hardware deployments, application development, and test-and-learn opportunities.• Represented information security function on COVID-19 tiger team which was rapidly deployed to make quick, sound, risk-based decisions in the face of an uncertain, risk rich environment.• Drove reduction in ATM skimming losses from $1.47 MM/year to less than $17K/month by analyzing ATM attacks, developing physical and logical controls, partnering with vendors, and coordinating with project teams on timely implementation.• Led first line team that annually completed 250+ information security risk assessments and 80+ vendor security evaluations utilizing analytical, independent, risk focused skills.• Co-led team tasked with closing government agency order for customer complaint handling. Implemented centralized solution to receive, disposition, and report on individual complaints and themes.• Participated in Comprehensive Capital Analysis and Review (CCAR) stories including: system intrusion, insider threat, external theft, and technology availability/failure.• Created actionable, measurable reporting and metrics for key risk indicators (KRI): aging high risk plans without approval, action plans extended, action plans past due, high risks carried for longer than one year, and GLBA applications without a security plan. Show less

• Established new function (first-ever risk advisor) within Branch and ATM Banking and successfully overcame adversarial culture to position role as an ally and resource. Partnered with business units to find ways to mitigate and reduce risk, leverage controls, while staying within risk appetite.• Spearhead ethical hacking tests on internal systems to identify vulnerabilities, then partnered with technology groups to close identified gaps through deployment of mitigating controls.•… Show more • Established new function (first-ever risk advisor) within Branch and ATM Banking and successfully overcame adversarial culture to position role as an ally and resource. Partnered with business units to find ways to mitigate and reduce risk, leverage controls, while staying within risk appetite.• Spearhead ethical hacking tests on internal systems to identify vulnerabilities, then partnered with technology groups to close identified gaps through deployment of mitigating controls.• Drove reduction in both overall high risks and high-risk action plans through continuous engagement of technology, business, and risk management partners to ensure compliance with enterprise risk appetite.• Provide credible challenge to both internal business and technology partners as well as third-parties.• Managed vendor relationships to maintain security, limit information sharing, and protect customer data. Show less

• Delivered business reporting to inform senior business leaders of key HR metrics and goals. • Developed repeatable, reliable metrics presented in a succinct, clear report so that stakeholders could make informed, factual decisions.• Acted as project and content manager for the original Regional Banking HR website.• Developed reports for use region-wide in conjunction with region HR and Finance Managers, including key people indicators report that allowed business managers to see… Show more • Delivered business reporting to inform senior business leaders of key HR metrics and goals. • Developed repeatable, reliable metrics presented in a succinct, clear report so that stakeholders could make informed, factual decisions.• Acted as project and content manager for the original Regional Banking HR website.• Developed reports for use region-wide in conjunction with region HR and Finance Managers, including key people indicators report that allowed business managers to see macro trends in branch hiring for teller and banker jobs. Show less

• Developed reports for use region-wide in conjunction with region HR and Finance Managers, including key people indicators report that allowed business managers to see macro trends in branch hiring.• Partnered in the development and deployment of regional new hire onboarding process; presented up to 3 orientation classes per week.

• Advanced through various front-line roles, managing up to 18 team members and ensuring operational integrity and control of retail store.• Successfully passed more than eight (8) internal audits.