Business Unit Risk Manager EIS & IAMN

▪ Part of newly developed team tasked with the development, analysis, monitoring, & implementation of proactive measures that ensure technology risk is identified, documented, & treated appropriately.▪ Issue Management SME. Implement & update issue intake & management process. Train internal team & external stakeholders.▪ Create Tableau dashboards for monitoring & reporting of all active issues. Establish QA processes to perform periodic analysis, including escalation path for issues without or with past due action plans.▪ Participate in process improvement projects to overhaul issue & vulnerability management processes; including identification of current gaps/inefficiencies, automation opportunities, and design of formal, repeatable processes.▪ Conduct comprehensive analysis of existing issue content & segmented sections of issue treatment content to evaluate for validity, root cause, potential systemic impact, as well as identification of patterns used to develop standard repeatable fix content. ▪ Participate in the development of new risk management strategies & framework to align with business goals while protecting the confidentiality, integrity & availability of information systems & data; including participation in the design, UAT, & initial rollout as well subsequent enhancement iterations of IT Risk Central; a TIAA developed integrated break management solution.▪ Produce detailed, comprehensive reports/metrics on SLA Compliance, KPI, KRI, ARA & security standards; Present to CISO directly.▪ Produce interactive dashboards including various levels of visual analytics using Tableau▪ Develop SOP, RACI & FAQ documentation for targeted dispersal to appropriate audiences.Key Projects at TIAA include: Fix Content, Redesign IT Issue Management Framework, IT Risk Central, Standards /Policies Assessment, Customer Authentications & Fraud Monitoring standards, Archer Model Risk Inventory Assessment, Bank & Trust Enterprise standards compliance

Identify, assess, measure and monitor information technology risk by performing risk assessments; Includes both internal and vendor based solutions covering IT/IS Security, Business Continuity and compliance risk.• Conduct risk analysis of an identified issue or gap; Evaluate KRI to determine appropriate criticality using FAIR based assessment.• Coordinate and communicate with various internal groups including: Operations, Compliance, BISOs, LOB contacts, internal/external audit and Legal as applicable; to develop mitigation action plans to resolve identified issues. • Maintain comprehensive knowledge of trends and best practices in the Information Security and Business Continuity fields.• Perform analysis of current manual processes to identify steps to design automated solutions

Dual Master’s degree in National Security Studies. Concentrations in Information Assurance/Cyber Security and National Security. In addition to the two M.S degrees, Also been awarded the National Security Agency Certificate for Information Systems Security Officers (ISSO) - Standard 4014 (Entry)IT Security Projects & Coursework 2013-2014Completed the following as part of the Cyber Security Master’s program at New Jersey City University:• System design and security project, requiring the complete architecture and security schematics for an individual system. The project required the choice of a specific system; outlining of specific components which would comprise system architecture specifically the security controls required to protect the system (Firewall, VPN tunnel, IDS/IPS, anti-malware programs, encryption, authentication, etc.)• Drafted a complete security policy for a study organization which required identifying the type of business entity then determining the appropriate legal and regulatory compliance requirements. Outlined a security plan which addressed the security requirements and met legal and regulatory mandates. The entity chosen was a healthcare clearinghouse and as such, followed HIPAA rules. The plan was created using each of the 10 ISC2® CISSP domains.• Research project involving the forensic deconstruction of a DDoS attack; highlighting specific vulnerabilities like those found in DNS recursion, and NTP amplification; as well as exploring security solutions to address the threat.

• Receive, respond and process high volume customer queries and/or change requests• Operate and maintain automated database system• Produce weekly productivity reports to management• Beta test and trouble shoot VPN protocol to help develop secure remote access procedures

• Office manager for small business• Operate and maintain automated database system• Website maintenance• Accounts receivable/payable• Payroll• Staffing• Compiled, organized & analyzed company & industry data; in both spreadsheet & database form. • Produced & submitted productivity reports to senior management on a monthly & annual basis.• Inventory control; ordering, organizing & storage of parts & supplies. • Scheduled services, prepared estimates, billing and payments processing• Set up, pre-certified & negotiated Warranty Company & third party repairs.