• Develop, review, and maintain tactical and strategic IAM initiatives aimed at reducing risk, enhancing usability, and improving operational effectiveness.• Create, maintenance and governance over IGA policies, standards, and procedures ensuring compliance with global regulations as well as NIST and FFIEC guidelines.• Serving as the IAM-IGA interface for internal and external audits, regulatory exams. • Work with internal stakeholders (enterprise control managers, Audit, Compliance, Technology Servies) to define requirements, prioritize initiatives, and ensure Engineering alignment with ISD-IAM objectives and regulatory requirements• Provide subject matter expert in identity governance, providing strategic consulting to global lines of business for risk remediation programs addressing control, audit or regulatory issues

Manage the Office of Document Governance (ODG) Metrics and Analytics function, driving the strategic development agenda across reporting, controls, automation and continuous improvement for Risk and Compliance policy management.• Spearheaded the collection and meticulous analysis of diverse qualitative and quantitative data, transforming findings into insightful key performance indicators (KPIs) for reporting to Line of Business (LOB), corporate functions, and senior management.• Orchestrated and managed firm-wide document governance initiatives, collaborating with global stakeholders to ensure adherence to the governance framework. Provided guidance and interpretation of requirements, ensuring seamless implementation.• Provide guidance and oversight in the creation of impactful firm-wide policy and procedural documents, business requirements, technical specifications, project artifacts, and internal communications.• Maintained a clear vision and direction for an agile development team and stakeholders supporting JPMC's internally developed policy and standard management application.• Led the planning of product release plans, setting expectations for the timely delivery of new functionalities.• Supported standard-setting and policy development, emphasizing the streamlining and synergizing of existing processes across multiple functional teams.• Reported on operational results, trends, risks, direction, issues, and key developments, crafting executive- and board-level communications based on the reported results.

Defined and implemented global Regulatory Change Management program to maintain Citi’s Enterprise Resilience (ER) Policy and Operational Resilience Standards, ensuring business continuity and recovery plans remain in compliance with FFIEC and other global regulatory bodies.• Driving complex, strategic Enterprise Resilience compliance programs through planning, forecasting and reporting ensuring teams meet their regulatory and risk management commitments• Directing the preparation and management of regulatory interactions for Enterprise Resilience.• Reviewing and assessing government regulations globally for requirements impacting Continuity of Business and Operational Resilience organization; Revising existing or writing new policies, standards or procedures as necessary.• Leading Enterprise Resilience steering committee to drive priorities, communicate program and project updates and socialize ER roadmaps across all lines of business.• Primary ER Change Management relationship manager with the internal Independent Compliance Risk Management group, managing an interactive model to assign, evaluate and disposition regulatory declarations across regional ER teams.• Executing gap analysis of new regulations against existing practices and managing any required corrective action plans established as required to remediate concern.• Manage the expectations of a broad and complex mix of audit stakeholders including technical, operational and regulatory subject matter experts, Compliance, Technology, Application and Product Owners to ensure appropriate controls are defined for any new requirements and implemented by the business to mitigate risk.• Supporting incident management/response across enterprise resiliency and providing consistent process monitoring, response, follow-up investigation, and determination of root cause. • Supervise, mentor and develop junior ER staff ensuring they are motivated, productive and working to their full potential.

Business management lead for the Identity Governance and Administration (IGA) service within GIAM. Responsible for all aspects of business management including budgetary oversight and operations, business resiliency and third-party vendor engagement. Using continuous process review and enhancement, metrics and cross program governance forums to drive the reduction of operating costs and control risks across the organization. • IGA subject matter expert, defining and incorporating service management strategies, procedures and practices for the global IGA organization.• Organizational oversight for the development and implementation of business processes and software products for the IGA service using agile methodologies. • Partnering with corporate architecture, technology and line of business clients to ensure interoperability of IAM internal and third-party solutions. Serve as both program and relationship manager to ensure successful transition of new and enhanced capabilities between the lines of business and IAM development and operations teams. • Administration of annual spending plan of $40 million in partnership with senior F&BM teams.• Engage in design review, implementation and management in all areas of IGA compliance: including firm policies and standards as well as federal and international regulations.• Evaluation, negotiation and implementation of software vendor contract agreements and associated performance metrics for core IGA functions.• Responsible for development, maintenance, communication and oversight of IGA business resiliency globally• Monthly coordination and oversight for executive level business reviews covering the whole of the IGA Deliver Service

Provided leadership and expertise to deliver medium to large scale IT programs in support of the Middle Office organization. Planned and administered both projects and overall programs to ensure the onboarding of new clients in to the middle office service structure within BNY Mellon. Functional areas for each program included software development, infrastructure system installation, business process engineering and process capabilities. Determined the appropriate standards to resolve all business process issues.• Oversight for a portfolio of programs and projects required to onboard new outsourcing clients globally across the BNY Mellon Middle Office provider business. • Established standardization of what were typically heavily customized workflows used in the client onboarding process in order to improve efficiencies and optimize global revenue growth across the Middle Office provider business. • Responsible for process improvement across the Middle Office service offering, specifically performing core business process and operational reviews and providing solutions for more efficient output and resource utilization.• Ownership of prioritization and end-to-end delivery of all Middle Office change.• Development and maintenance of strong collaborative relationships with all internal and external business and technology stakeholders to ensure the success of provided services.• Indirect management of a team of five project managers and business analysts.

Worked in conjunction with other technology specialists as an expert advisor to management concerning risks involving or affecting PNC infrastructure technology, particularly but no exclusively IT. Established risk management policies, procedures and guidelines to address recurring audit findings and ensured risks were appropriately measured and prioritized. By building strong interpersonal relationships, succeeded in informing, guiding and motivating managers and technologists to address risks with due care and attention to detail.• Executed oversight processes related to technology policy issues management, technology control issues management, and technology risk and control self-assessment issues management. • Developed and maintained operational procedures related to technology risk and control oversight processes.• Ensured compliance with operational and technology policies and procedures, technology internal control standards required by SOX, state and federal regulatory requirements.• Completed analysis of technology operations against the regulatory landscape, identifying risks and assessing the adequacy of internal controls. • Coordinated management review and approval activities with technology management and technology risk management. • Developed and implemented reporting in support of key performance and risk indicators.• Adept at explaining risks that are often complex and obscure to non-specialists unfamiliar with common industry standards.

Transitioned from a contractor to a full-time role as CAO. Drove the formation and execution of a new, global enterprise access management strategic plan at BNY Mellon including the standardization of strong Identity Administration, Privileged User Management, Access Certification program and overall EAM Governance. Throughout the implementation of the new strategy, addressed and resolved and issues or problems with departmental performance as it matured. To gain support for the new initiatives, promoted the EAM strategy through internal marketing efforts with each line of business. Managed and oversaw nearly all the financial, administrative, and communication efforts of the organization.• Accountable for administration of direct departmental annual budget of $7.3 million, all building facilities and staff HR management activities.• Ownership of all communications related to division programs and initiatives including marketing of departmental services domestic and globally to our corporate lines of business.• Engaged Global Business Partners and Corporate Senior Information Risk Officers to identify key risks in their respective areas and work to implement solutions in alignment with the EAM strategic roadmap.• Oversight for disaster recovery and record management processes and standards for the EAM department.• Defined strategy and procedures to standardize and streamline adoption of application resources into an enterprise access management toolset (OIM, SailPoint and other in-house developed tools).• Prepared submissions to domestic and international regulatory bodies during regular audits of overall identity management program.• Led cross-functional Information Risk Management teams to monitor internal and external audit activities, assuring compliance and if necessary, remediation of any issues.• Direct management of 15 full-time staff as well as indirect management of the EAM organization totaling 50 resources.

Working as a contractor for the Enterprise Access Management group for BNY Mellon, developed and managed projects to centralize provisioning operational functions following the Bank of New York, Mellon Bank merger. Towards the end of the engagement, began working with executive leadership to re-design the structure of the Enterprise Access Management division.• Developed clear and concise project plans for initiatives to transfer access provisioning from business lines to a centralized Information Technology Access Control (ITAC) group.• Centralization of resources into the common IAM framework allowed for headcount savings and provisioning automation that reduced annual costs by more than $1.1 million.• Oversight of initiatives involving both technical and non-technical staff.• Worked with senior IT Risk program to identify gaps in the current EAM program structure, then created action plans and programs to remediate any control deficiencies. • Created monthly KPI reporting processes for the monitoring of provisioning operations teams.

Contracted by IBM to work on a 3-year engagement to replace all legacy Compaq hardware with IBM’s On-Demand architecture. This role required detailed and accurate project management skillset to ensure minimal downtime that could impact critical patient care systems within the UPMC Health System’s hospital network.• Supported Enterprise Master Person Identifier (EMPI) application running on AIX/Oracle platform for UPMC Health System including on-call support.• Served as Application Migration Team Lead, a central point of contact between IBM technical staff and UPMC application owners / clinical staff.• Direct management of a five resources, consisting of Windows and UNIX system engineer consultants.• At the conclusion of the engagement, more than 1,000 applications had been transitioned from physical legacy machines to a more robust and dynamic virtual infrastructure.

Managed efforts to ensure Media Services group was in full compliance with current firm wide and federal regulations. Created and implemented technical and process solutions to solve client business issues associated with storage media management. As new clients engaged ACS services, identified project requirements by interviewing clients, analyzing operations and defining the project scope prior to onboarding into ACS facilities.• Developed Media Services processes for ISO, ITIL and Six Sigma efforts resulting in the completion of departmental requirements 2 months prior to corporate deadlines.• Standardized operating procedures for technical departmental functions resulting in a 70% increase in office efficiency as measured by the volume requests completed per month.• Implemented standards for problem root-cause analysis resulting in a 90% reduction in repeat errors related to storage media management.

UPMC Health System is the largest health system in the Pittsburgh Tri-State area. Examined the workings of Data Center Operations organization to offer solutions to problems and develop procedures for better decision-making. Created a set of processes and standards to better manage the rapid growth of hardware in corporate data center facilities.• Worked with Disaster Recovery team to ensure emergency readiness for mission critical systems. • Maintained documentation intranet web-site for reference by System Support and Operations groups containing overviews of all applications, support contacts and detailed procedures (startup/shutdown, monitoring, troubleshooting, etc.).