Michelle Black Email and Phone Number

• Built and lead first line, global team of 33 professionals responsible for the governance, oversight, monitoring, identification, assessment, reporting and escalation of Auto, Home Lending, Personal Lending & Retail Services, and Card & Merchant Services third party (TP) portfolio risks and business adherence to TP Policy and Program requirements.• Partner and consult with businesses to identify, assess, and mitigate third party risks and issues, as well as identify opportunities for improving efficiency and effectiveness.• Report, present and escalate at various levels of the CL and enterprise organizations, including presentations to Line of Business (LOB) and Business Group Heads, Risk and Control Committees, and TPRM Subcommittee.• Lead and conduct monthly Community of Practices forum with 200+ key third party stakeholders in the business, TP Program, and Independent Risk Management (IRM) support partners to discuss program updates, best practices, and current and emerging risks.• Execute Operational Risk Program elements on behalf of CL for TP Risk including enterprise risk identification & assessment, risk & control self-assessment (RCSA), key risk indicators (KRI), and issues management requirements.

• Developed, implemented and manage team of 2nd line of defense third party risk management control testing, including methodology, procedures, test scripts, scheduling, remediation testing, and reporting for BAMS' multiple third party types.• Own and run third party administration, governance and oversight processes, including Third Party Risk Committee, Issue and Watch List Triggers, Third Party issues management logging, monitoring, and tracking, Executive, Regulator and Board reporting, and maintenance and change management of policy, program and procedures updates.• Respond to internal and external audit and regulator requests and exam management.• Own and execute Operational Risk Framework requirements related to Third Party Risk Management including Risk and Control Self Assessment, External Loss reviews, Key Risk Indicator development and reporting, and issues management. • Monitor applicable laws, rules and regulations and execute gap analyses against BAMS Third Party program.• Developed and provide Vendor Management program training to business associates with Vendor responsibilities.• Oversee and work with the internal lines of business to ensure all aspects of the framework attributable to Third Party Risk Management processes, governance and oversight are compliant with Office of the Comptroller of the Currency (OCC) and other governing rules, regulations, and policies.

• Developed and implemented test script and procedures for conducting independent critical spreadsheet reviews.• Managed a team of associates conducting independent reviews of critical spreadsheets used across the enterprise supporting functions including, but not limited to, Comprehensive Capital Analysis and Review (CCAR) and International Capital Adequacy Assessment Process (ICAAP) (i.e., stress testing), liquidity, pricing, etc., resulting in valuable recommendations to decrease operational risk associated with the tools.• Developed and implemented approach to identification of critical spreadsheets used by Consumer, Business Banking, Small Business Banking, and Wealth Management units within extremely short timeframe.

• Responsible for operational risk management program execution, including providing support and influence over Vendor Administration and Corporate Workplace within the Global Corporate Services enterprise control function.• Responsible for vendor risk management program/processes supporting entire CFO Division vendors.• Monitored, assessed, tested and challenged key operational program elements, including, but not limited to, Risk and Control Self-Assessments at the business unit and business entity levels, high risk processes and key controls (QA/QC program), operational losses, key risk indicators, and scenario analyses. • Identified, analyzed, reported, monitored, and provided remediation assistance for business emerging and current risks, challenges, and issues.• Reviewed, validated and approved internal operational losses for all Global Corporate Services businesses.• Developed risk-based testing frequency/scheduling model implemented across all CFO Operational Risk teams.

• Led a regulatory relations team for Corporate Audit managing relationships, requests and responses for key regulators including the Federal Reserve Bank (FRB), Office of the Comptroller of Currency (OCC), Federal Deposit Insurance Corporation (FDIC) and the Securities and Exchange Commission (SEC).• Develop and report audit related regulatory information to the Audit Committee of the Board of Directors.• Manage relationships and coordination with senior management of internal constituents including Global Risk Management, Compliance and Legal for regulatory matters.• Counsel, advise and report trends/themes to senior audit management and audit teams on regulatory interactions/communications.• Participated as a member of the Audit Committee of the Board Reporting team.• Analyzed, redesigned, implemented, and trained on Corporate Audit’s policies, procedures and technology reformation initiative.• Led and supervised teams of auditors to execute numerous audits, risk assessments, special projects and other activities in multiple areas including Global Markets products, regulatory required testing (i.e. Sarbanes-Oxley (SOX), Gramm-Leach-Bliley Act), and technology (infrastructure, information security and business continuity), displaying the ability to raise awareness of risks and influence actions of business partners.• Aligned with Corporate Information Security to develop initial Gramm-Leach-Bliley Act enterprise-wide risk assessments.

• Planned, supervised, and conducted general computer and application system risk assessments and audits encompassing operational and compliance reviews emphasizing security controls for state universities and agencies, including (but not limited to) the Department of Banking and Finance, Department of Health and Department of Management Services.• Provided security coordination and training for Offices of Inspector General, including performance of annual information security risk assessment.• Performed investigations and communicated results to senior management.

• Conducted financial audit engagements for clients in diverse industries including manufacturing, health care, financial services, and retail.• Assisted in preparation of initial public offering (IPO), 10K, 10Q, and draft financial statements for health-care corporations.• Evaluated financial applications software and procedures.• Validated internal financial controls