Application Control (Grc) Specialist
Current* Provide application security governance for a portfolio of 27 applications that represent bank-wide authentication, with my org handing the consumer side (non-employee)* SME for Business Continuity exercises, firewall remediation, risk documentation, and our most complex application* I have created an onboarding program from scratch for new Application Security Control Specialists for my team, but have additionally made the video course tracks public for the entire technology organization• Oversee application and hardware lifecycles from onboarding through decommission, including RTO/RPO tiering, BIA, IAM & Federated SSO• Coordinate security assessments including Manual Ethical Hacking, Functional Security Assessments, and Source Code Scans o This often has the opportunity to help developers understand why their code is vulnerable and help security teams understand when the code was not• Oversee vulnerability remediation efforts for both risk acceptance and risk mitigation, including in facilitating as the translator between business and tech • Create, audit, and review technical and business recovery plans for Business Continuity programs • Prepare and participate in disaster and data recovery exercises, both within the Bank and with external third-party vendors • Additional audits include: o record systems to ensure any data kept is securely stored, and once there is no longer a legal or business purpose to retain them, ensure their destruction o Access Control Lists to ensure parity across systems and that separation of duties controls are met• This position satisfies all 8 of the CISSP domains