• Oversee the 2LOD compliance management system of a $3B nationally chartered bank, including the compliance advisory and compliance testing activities of the Bank’s 9 fintech partnerships, 2 mortgage companies, credit card division, a wealth management group, and an affiliated insurance company• Serve as the primary Bank point of contact with all fintech partners and subpartners• Manage the overall compliance, operational, and reputational risk environment of all fintech relationships, including ongoing complaint monitoring, KPI/KRI collection and reporting, and negative press related to fintech partnerships• Supervise a team of 5 managers, 13 additional compliance staff, and 2 consultants performing testing, compliance advisory, risk control management, CRA, and HMDA filings• Serve as the 2LOD compliance SME on the Bank’s Fintech Management Committee and Product and Services Committee• Chair the Compliance Management Committee and report to the Board’s Enterprise Risk Committee• Direct the complaint management system of the Bank and review escalated and sensitive complaints referred by (or about) fintech partners• Oversee the HMDA program, including the successful submission of the required LARsAccomplishments and Notable Contributions• Designed and implemented the bank’s RCSA program inclusive of core bank and fintech lines• Spearheaded a project to purge the Bank’s fintech partners of inactive and high-risk accounts while remaining compliant with all applicable regulations around notification requirements• Redesigned, scaled, and staffed the entire compliance program at the Bank within 3 months• Implemented a compliance incident and marketing review ticketing system• Collaborated with CCOs of fintech partners to secure buy-in to utilize a shared collaboration tool for enhanced monitoring and oversight of the fintech’s policies, procedures, marketing materials, and complaints

• Designed, implemented, and operationalized the 2LOD testing program for the retail bank as well as oversight testing and monitoring of 9 fintech partners• Collaborated with external contacts to establish an ongoing cadence for KRI and KPI reporting including complaints, account volumes, transaction disputes, credit reporting disputes, and financial viability of fintech partners• Managed a team of 5, including a testing manager and compliance specialists• Finalized a compliance assessment for all 9 fintech partners• Designed and implemented ongoing complaint testing of the responses of the Bank’s fintech partners• Collected evidence for and responded to requests from external auditors and regulatorsAccomplishments and Notable Contributions• Designed, from scratch, an effective compliance oversight division, including the entire testing program and team, within Enterprise Compliance to manage the risks inherent to BaaS and lending fintech partners• Garnered the trust of the OCC in the design and execution of the 2LOD testing program for the fintech partners• Implemented post-implementation testing of a newly launched credit card• Wrote and published the first enterprise testing policy governing bank and fintech operations• Established ongoing testing and monitoring of legacy credit card accounts purchased by Blue Ridge Bank as part of a new credit card launch• Completed the first cycle of testing ahead of schedule with minimal staff• Appointed the Bank’s primary compliance liaison with the OCC in their full-scope exam of 2023• Advised on the design and implementation of the Bank’s first third-party risk assessment of the fintech partnerships

• Created and launched the Compliance, Risk, and Controls Testing Team (CRCT) for a fintech start-up in year 6 from scratch within 3 months of hire with policies, procedures, and standardized testing documentation• Delivered, on a rigorous schedule, risked-based control tests for both design and operational effectiveness, as a direct report to the CCO/CRO• Logged issues and findings and tracked remediation efforts from issue identification to validation• Developed and executed the annual CRCT testing plan with consideration to the firm’s Enterprise Risk Assessment (ERA) utilizing various functional areas’ Risk Control Self-Assessments (RCSA)• Coordinated with the firm’s Head of Financial Crimes Compliance and BSA/AML/OFAC Officer to independently test controls related to sanctions screening in real time due to ongoing heightened sanctions scrutiny• Collaborated cross-functionally with the Risk team and LOBs to document regulatory and operational risks and controls• Reported monthly to the Risk and Audit Committees of the Board of Directors • Partnered with contacts in the first and third lines of defense to ensure proper coverage of controls and timely remediation and validation of findings and issues• Interacted with state and federal regulators (Federal Reserve, OFAC, and OCC) regarding examinations and requests for informationAccomplishments and Notable Contributions• Implemented the first BSA/AML/OFAC testing program and scripts, which were performed on a weekly basis utilizing an automated screening application• Created all program documents, including policies, procedures, playbooks, and work instructions• Led the effort to rewrite and document all of the company’s BSA/AML/OFAC controls and evaluated the program against FFIEC exam guidelines• Collaborated with Enterprise Risk in the rollout of the company’s GRC system• Oversaw the validation and closure of 63 regulatory, audit, and internal findings, issues, and observations

• Managed a remote 8-person Enterprise Testing Team and 3 external consultants to conduct first line of defense substantive testing on delivery of benefits, features, and fees of all retail lending and retail deposits products• Partnered with leaders in the lending and deposits space to document the inventory of regulatory compliance and product risks to prioritize testing and control activities• Designed and implemented the Product Delivery Testing function to oversee data-driven testing of all lending and deposits products• Recommended changes and enhancements to controls to ensure compliance with lending and deposit regulations as well as customer facing disclosures• Planned and executed the annual substantive testing program in conjunction with Retail Lending and Deposits leadership• Designed testing strategies in accordance with the bank’s organizational risk management framework• Served as a resource for second line testing, legal and compliance testing, internal audit, and external examiners in their review of the first line of defense testing• Advised Retail Lending on risk assessments to identify product attributes, risk events, controls, residual risk, control gaps, and control designAccomplishments and Notable Contributions• Directed the execution of 59 tests covering 714 distinct product attributes in 2020• Reduced the testing completion rate from 77 days with 9 data pulls to 29 days and 3 data pulls• Implemented the bank’s first line of defense substantive testing strategy• Created the 1LOD Substantive Testing Methodology and Playbook• Successfully completed the 2019 and 2020 Lending and Deposits testing plans on schedule, even with 25% of the testing staff dedicated to assisting with Paycheck Protection Program• Led the 1LOD substantive product delivery testing program through an IA sustainability audit to resolve an OCC-issued MRA related to fee waivers

• Designed, developed, and executed testing plans, scripts, and templates to test operational controls• Collaborated with the Retail Digital Products, Retail ATM Banking, and Retail Deposit Operations lines of business and Risk Assessable Unit (RAU) to test and strengthen controls• Validated controls in accordance with testing cycles and tier classifications using appropriate sample sizes• Obtained buy-in from risk partners on remediation measures for inadequate controls • Performed walkthroughs of controls and product benefits• Reviewed testing work performed by other lines of business who lacked independence to sign off on their own testing• Communicated with senior leadership on potential control failures and issuesAccomplishments and Notable Contributions• Selected to assist other teams on special high-priority assignments testing Sarbanes-Oxley (SOX), HR, and OPS controls• Decreased time to completion of offshore testing by 50% by identifying errors and implementing corrective actions • Spearheaded the automation of uploads of control validation records to the electronic control management system (Archer) • Redesigned the bank’s periodic user access review controls and implemented standardized control language for use by all RAUs• Completed annual Retail control testing 2 months ahead of schedule• Frequently tasked with mentoring and coaching less seasoned testers

• Led the planning, execution, reporting, and remediation phases of compliance testing as part of the second line of defense of PHEAA’s Compliance Management System• Supervised a staff of 4 compliance testers and mentored less senior staff, including assigning work and reviewing workpapers for adherence to internal standards• Assessed inherent risk to the Agency and determine residual risk based on business unit controls• Oversaw updates to the firm’s regulatory risk and control inventory• Collaborated with other business units to identify and evaluate Agency risk and internal controls with respect to various state and federal requirements of student loan servicing• Analyzed and interpreted financial statutes and regulations including, but not limited to the SCRA, FCRA, GLBA, MLA, ECOA, UDAAP, FDCPA, and BSA/AML• Monitored changes to the regulatory environment to inform testing• Collaborated with IA and lines of business to increase compliance awareness and foster a culture of compliance• Documented findings, other compliance issues, and corrective action plans for discussion with senior leadership• Ensured adherence to the internal Enterprise Compliance Testing methodologyAccomplishments and Notable Contributions• Consistently oversaw double the number of tests as other testing teams, often with the highest levels of complexity• Served as the SME for Agency compliance with the Fair Credit Reporting Act (FCRA)• Absorbed an additional 4-person team and their testing workload, completing all quarterly tests on schedule• Served on the industry working group with representatives from all major student loan servicers that rewrote the guidelines on how student loans are reported to credit bureaus

• Performed periodic, fiscal year end, and project close financial tests and audits of project budget documents• Met with the organization’s Budget Analyst, Project Managers, functional team leads, and technical staff to analyze, improve, and document current division practices• Researched and interpreted established SLAs, SOWs, and the SAP Master Agreement to determine appropriate actions when consultants were not in compliance with terms and conditionsAccomplishments and Notable Contributions• Tested and streamlined the monthly, quarterly, and annual reporting process, reducing report generation time from 10 to 2 days• Documented the department’s business and audit processes for the first time and integrated them into the internal LMS

• Managed the 11-person team responsible for fielding, researching, and building out a case file for allegations of fraud in public assistance programs• Reviewed payment plans for compliance with federal and state debt collection regulations Accomplishments and Notable Contributions• Rewrote modules in the payment management system to comply with federal regulations governing debt collection• Designed user-acceptance, regression, and post-implementation testing scripts to enhance internal system functionality