• Direct a team responsible for all 1st line of defense Operational Risk activities within Information Technology. This includes development of an IT controls governance structure, IT policy and exceptions lifecycle, facilitating regulatory exams (OCC and FRB), Audit engagement and issue management, Sarbanes Oxley (SOX) compliance, and Risk Reporting including RCSA.• Brought significant value to the IT organization by Implementing an IT Control program improvement plan, delivering on an increase in COBIT maturity by 25%. This helped drive efficiency to the organization, enabling no significant head count increases while integrating multiple enterprise acquisitions.• Developed a regulatory framework which distilled 2,200 regulatory requirements to 220 key operational controls, including control and testing design. This enabled a streamlining of control validation and testing, saving technology teams the overhead of multiple overlapping audit requests.• Ensured regulatory controls for new designation as Systemically Important Financial Institution (SIFI), with acquisition of OneWest Bank, were in place or created plans for compliance. • Simplified the control framework while increasing compliance across the IT division. This included an increase from 40% to 75% of IT audits resulting in a satisfactory rating and a 27% reduction in issue count year over year.• Formalized the policy exception process, including formalizing mitigating control criteria and risk ranking. This enabled our leaders to understand the risks being accepted by non-compliance with policy while tracking our overall aggregation of risk.• Lead the Business Continuity and Disaster Recovery coordination for IT organization, including relationship management and accountability for SunGard DR provider solution and planning.

•Managed a team responsible for end-to-end controls for all Enterprise Capital Management Technology delivery, including Basel I, Basel II, Basel 2.5, and Basel III requirements. This includes general application controls, data/data quality controls, and audit/regulatory engagement.•Developed a control set and assessment based on the COBIT framework to measure compliance for all systems with Capital and Basel impact, including training and rollout of assessment.•Primary engagement point for ECMT on all internal audit as well as external regulatory bodies (Federal Reserve, Office of Comptroller of Currency, and Financial Services Authority).•Developed data requirements necessary for Basel II, including metadata and data lineage standards for all data used in Risk Weighted Asset (RWA) regulatory capital calculations.

•Managed an Operational Risk team with responsibilities including Regulatory Relations (OCC, FRB, FSA), audit exam and issue management, Information Security, Enterprise Resiliency, Privacy, Enterprise Compliance, and Corporate Operational Risk.•Accountable for executive risk reporting, including divisional Risk and Control Self Assessment and Key Risk Indicators.•Developed forward-looking quantitative risk metrics for compliance and risk.•Managed Operational Risk activities and deliverables in the Merrill Lynch transition, including on-site road shows to educate new associates on policies and to raise awareness through the self-identified risk program.•Developed a strategy for cross-border data movement to support the GRITT team’s expansion into Asia (India, Hong Kong, Singapore, Japan) and Europe (Dublin and London).

•Coordinated with Information Security Business Continuity, Compliance, and Risk Management on enterprise initiatives including Appropriate Application Access, Compliance Program Effectiveness Indicator, Line of Business Self Assessments, and the Application Risk and Control Assessment Tool.•Led a successful initiative to identify and remediate information security/access risks in the corporate data warehouse•Served as Certified Supplier Manager for multiple suppliers for Bank of America, which included completing all quarterly supplier-risk deliverables: business continuity assessments, insurance reviews, offshore assessments, and risk/performance scorecards.•Helped with financial management processes, including developing financial forecasting processes and taking direct responsibilities for invoices.

•Established and maintained a rationalization process for ISBC Standards and Baselines, to address business risk appetite, impact analysis, and regulatory/legal compliance.•Worked with incident response teams on regulatory research exercises into such regulatory and best-practice frameworks such as ISO 17799, Basel, GLBA, Sarbanes-Oxley, CobiT, etc.•Worked with a team to develop enterprise training security material, including e-mail, passwords, and phishing.•Developed technical controls to help ensure stable and secure desktop platforms for more than 200,000 MS Windows desktops, while maintaining compliance with applicable international, federal, and local regulations.•Using Six Sigma tools like FMEA and SIPOC, I earned Green Belt certification for my work on a Policy Rationalization project with savings of $1mm+. I was accountable for several DMAIC phases, and managed project deliverables, dependencies, and timelines.•Managed a project to develop infrastructure for Corporate ISBC policy, with an enterprise audience of 200,000+ users. This work included gathering business partner’s requirements, and training in the proprietary Archer Technologies platform.