Gregory Rash Email & Phone Number

Marlborough, MA, US

Cambridge, MA, US

• Led the development and implementation of formalized Information Security and Risk Management programs focused on ensuring confidentiality, integrity, and availability of Mersana information assets, while ensuring.
• Facilitated the development of key policies and procedures governing IT operations, including data privacy, information security, data classification and handling, cybersecurity operations, acceptable use, and mobile.
• Enhanced the existing incident response plans and developed a universal Crisis Management plan.
• Defined and implemented solutions to support Data Loss Prevention and Third-Party Risk management.
• Established the framework to conduct Business Continuity and Disaster Recovery reviews with each business unit based upon their critical systems, processes, and third-party vendors.
• Refined the existing Enterprise Risk identification and assessment process to ensure alignment with Mersana’s Strategic Objectives. Enhanced Board reporting and leveraged results to drive Business Continuity and.

Cambridge, MA, US

• Responsible for all aspects of the IT Risk Management and Third-Party Risk Management programs at Biogen since inception, including risk governance, risk identification and assessment, risk monitoring and reporting.
• Designed, developed, and delivered periodic risk reporting and dashboards for consumption by the Audit Committee and Senior Management.
• Enhanced the existing Data Risk Classification methodology to include an objective standard for determining IT asset criticality across the dimensions of Information Security, Operational Continuity, and Regulatory.
• Developed and launched the Issue and Policy Exception Management processes to prioritize and drive remediation efforts across the entire IT portfolio.
• Served as the primary intermediary between IT, Privacy, Quality, and Internal Audit to ensure standardization and synchronization of policy, risk, and control requirements across disciplines and in line with regulatory.

Boston, Massachusetts, US

• Provided direction on all elements of the Compliance Oversight and Advisory Program across global jurisdictions and business lines to ensure principle-based governance and oversight of IT, Third Party Risk Management.
• Responsible for leveraging both internal and external resources to identify, vet, and operationalize a comprehensive inventory of regulatory obligations across global jurisdictions to facilitate a logical program for.
• Prepared, advised, and participated in annual assessments of identified risks and controls to provide review, challenge, and oversight of data-characterizations, data mappings, and historical data to inform overall.
• Led the development of Information Security Officer monitoring frameworks, including necessary build out of control programs and key risk indicators, to ensure the effective management of identified risks in the areas.

Boston, MA, US

• Developed and implemented a systematic, transparent, and repeatable Operational Risk program surveillance methodology to ensure that the Bank complies with established Board policies, operates within established risk.
• Provided governance and oversight for the strategic development, implementation, and overall execution of the Bank’s Operational Risk Management program for Technology and Operations.
• Designed and implemented an iterative review process that significantly enhanced the quality and accuracy of the Bank’s Risk and Control Self-Assessment program.
• Drafted the primary governance and oversight manual used by 2nd Line of Defense risk professionals to ensure a consistent, repeatable, and measurable implementation of the Bank’s Operational Risk Management framework.
• Participated in the Bank’s responses to risk and regulatory matters identified by the Office of the Comptroller of the Currency (OCC).

Westlake, Texas, US

• Led the implementation and continuous improvement of Schwab’s Corporate Operational Risk Management program at Windhaven Investment Management and ThomasPartners Investment Management, two registered investment.
• Responsible for all aspects of the Corporate Operational Risk Management program at Windhaven and ThomasPartners, including risk governance, risk identification and assessment, risk monitoring and reporting, risk.
• Trained and coached all levels within Windhaven and ThomasPartners to ensure their understanding of both basic Operational Risk concepts and the enhanced requirements of our corporate program.
• Executed a detailed process review of the Sell for Taxes process offered by Schwab’s Stock Plan Services division to identify the current risk environment, assess and evaluate process level risks, and recommend.
• Represented Corporate Operational Risk during the Federal Reserve’s examinations of both Windhaven and ThomasPartners. The responses required close coordination with executive management and Schwab’s Enterprise Risk.

Boston, Massachusetts, US

• Enhance corporate risk management programs by leading projects and initiatives aimed at identifying and examining operational and technology risks. Deliver written and oral presentations to senior management at the.
• Design and perform periodic business, technology, and security risk assessments, complete business process flow analyses, and develop new policies, procedures, and controls based upon the results. Present.
• Lead the development of vendor management and due diligence programs that minimize sourcing risk at both the RFP stage and throughout the vendor life cycle. All programs are based upon the COSO and COBIT frameworks and.
• Construct and execute monitoring programs to ensure the effectiveness of operational and information technology controls based upon ISO 27001. Present results and remediation plans to the Chief Operating Officer on a.
• Managed an internal Global Investment Performance Standards (GIPS) verification and performance review of the Private Portfolio Management area to ensure compliance prior to the performance of an external examination.
• Created and delivered an Operational Risk Management training program to hundreds of MFS employees.

GB

• Managed the service auditor examinations (SAS 70) of information technology controls and business process controls at fifteen locations for the leading global supplier of lottery operations support with annual revenues.
• Led the compliance review under Rule 38a-1 of the Investment Company Act of 1940 for a leading provider of investment company outsourcing services. The review focused on the compliance of mutual fund servicing in the.

New York, NY, US

• Led the diagnostic review of internal controls and managed the service auditor examination (SAS 70) for the prescription benefit management service of a Fortune 500 retail drugstore company with annual revenues of $37.
• Co-managed the service auditor examination (SAS 70) for the retirement services division of a Fortune 500 financial services company with over $32 billion in assets managed.
• Managed the SOX audit of company-level information technology controls and technology-related business process controls over financial reporting for four key divisions of a leading U.S. Defense Contractor with annual.
• Assisted KPMG resources in the development of instructional materials and delivered a portion of the first PeopleSoft course offered nationally to Risk Advisory Services practitioners.