Configuration and implementation of RSAM, a Governance, Risk, and Compliance tool to track data for vendor risk management, incident management, vulnerability management, policies, and exceptions.Part of Information Technology Governance, Risk and Compliance team responsible in building out the technology risk program with an emphasis on infrastructure risk.Creation and build out of a new application risk profile allowing for quantitative analysis of threats that each application may face.Implementation of a new Risk and Control Self-Assessment (RCSA) identifying business objectives and the appropriate controls needed to support these objectives.Using SharePoint 2013 and SharePoint Designer, created multiple workflows to track identified risk issues and remediation steps for complete end to end tracking. Reviewing all policies and standards identifying potential gaps and making recommendations for updates and\​or the creation of new policies and standards that supports the business and the overall business objective.Involved with SOC 1 and SOC 2 audits handling and gathering the supporting and required evidence for proper compliancy.Working on the creation of specific risk assessments that include network, infrastructure, and applications using a horizontal\​vertical approach.Work with multiple teams that include Information Security, Infrastructure, and core line of businesses to identify and remediate risk.Provide assistance for 200+ questionnaires that must be completed for onsite audits provided through our clients and business partners.Primary contact to handle all onsite audits and to discuss all technology related items that include infrastructure, information security, policies, standards, and procedures.Create and provide training to all business units on how to review inherent/residual risk and apply proper risk scoring methodologies for further review.

Technology Risk Manager responsible in supporting the bank's technology risk management program providing protection for customer assets totaling 37 billion, having a direct emphasis on infrastructure risk.Assisting and performing control testing and compliance verification of Sarbanes Oxley and GLBA along with providing insight for continual improvement of our risk control self-assessment (RCSA) program.Responsible in supporting our transformation team with next generation of secure cloud computing and platform virtualization.Direct interaction with technical teams including application, information security, and networking to review, test, and document identified enterprise controls and adherence to Gramm-Leach-Bliley Act. (GLBA)Assisting in continual improvement of our Risk Control Self Assessment (RCSA) program by understanding business objectives, the associated risks, and how proper manageability of current controls mitigate the risk.Supporting build out of our risk register to record identified risks, severity levels, and action steps required for proper remediation.Analyzing current state of core network by working with information security and infrastructure teams performing gap analysis and remediation to achieve desired state.Active risk liaison to participate in information security incident table-top exercises and disaster recovery tests for our core data centers and several partners and vendors.

Technology Risk Analyst, worked on the infrastructure risk team supporting our information security and technology risk assessment program for BNY Mellon, the worlds largest multinational banking and financial services firm.Used horizonal\​vertical assessment methodologies to perform risk analysis and review of the application infrastruture encompassing physical\​virtualized environments and informaiton technology controls. Performed annual firewall rule base reviews on perimeter and other specifc firewalls conducting risk and business impacy analysis.Evaluated excpetion to policies, identifying overall risk exposure and the potential impact against the business.Managed core firewall management tool allowing for active world-wide monitoring of 400+ firewalls.Managed mobility project that included corporate and bring your own device to assess risk and develop strategies to protect corporate data, end user, and the device itself.Member of our corporate technology council (CTC) representing our team to assess and document all new technologies identifying risk concerns and impact new technologies could impose to the network.Risk reviewer for submitted firewall rule and website block/unblock requests performing technical, operational, and reputational risk analysis.Review, test, and document identified enterprise controls for adherence to Gramm-Leach-Bliley Act. (GLBA)

Senior Information Security Analyst providing HIPPA compliancy through active and passive security technologies and controls for UPMC, a 10 billion global nonprofit enterprise and nationally ranked among the best hospitals.Administered multiple vulnerability scanners enabling the creation of reports to be used for risk identification and impact analysis across the enterprise.Performed web vulnerability testing on externally facing applications using automated and manual processes.Risk reviewer for website block\unblock requests performing technical, operational, and reputational risk analysis.

Senior Information Systems Analyst providing technical system and security administration of multiple technologies and controls for UPMC, a 10 billion global nonprofit enterprise and nationally ranked among the best hospitals.Administered Windows Software Update Services (WSUS) and Systems Management Server (SMS) to centrally deploy and track critical system patches for 36,000 endpoints.Managed Active Directory that included the creation of organization units and group policies for proper manageability of 30,000+ objects.Used Microsoft' System Preparation Tool (sysprep) to create a highly customizable image that allowed for rapid deployment of new and reimaged asset that technicians could use for the enterprise.Direct interaction with Human Resources and Legal Teams to perform forensic analysis and evidence collection to be used for arbitration hearings.