• Lead Vulnerability and Penetration tests with Cybersecurity engineers to assess security system issues.• Review and evaluate new security threats due to non-compliance with Cyber regulations and review assessments.• Provide reporting on FFIEC regulatory risks and close any gaps from previous reviews. • Provide support in managing Identity Management administration on multiple platforms.• Collaborate and effectively communicate with Technology Operational Resilience (TOR) though presentations and written communications regarding Business Continuity Weakness and strengths.• Provide Internal Audit support during BC/DR exercises and compile issue reports at lesson learned meetings.• Provide metric reports on open Audit and regulatory issues to be discussed with stakeholders.• Lead & schedule quarterly tabletop meetings to compile business & customer requirements.• Review and provide support in creating & updating Business Impact Analysis (BIA) to ensure all critical path (Tier 1) applications are included in the test plans for high risk profile Business units.• Work closely with the business to ensure all BIA (Business Impact Analysis) and customer (Citrix) access are updated.• Provide subject matter expertise to the Business Continuity (BC) Third Party Management Risk Team.• Review Third-Party SOC reports to ensure all the right controls are in place by industry standards and Regulatory requirements regarding concentration on the FED SR23-4 (FDIC & OCC requirements) and NY CRR 500 guidelines.• Perform Business Continuity Third Party due diligence reviews on existing and new Third Party contracts and provide updates into RSA GRC Archer tool by adding tasks to open risks.

Senior GRC Risk Manager/IAM Senior Analyst assigned to SOX application certifications, Business continuity support, and Third Party risk assessment reviews.• Perform GRC activities and oversee all manual High Risk and SOX application Certifications outside of SailPoint on 100+ applications to ensure ‘maker – checker’ activities exist and are done to avoid regulatory fines.• Provide Metrics to the leadership committee on quarterly basis.• Cybersecurity SME supporting strategic vision for the implementation of new software products to ensure they are in line with Industry Best Practices.• Ensure Privileged Access Management (PAM) is provided the correct cloud permissions to least privileged personnel through automated and manual certifications.• Ensure all IT Audit / SOX ITGC requirements are mapped and included in Control testing. • Completed and ran weekly metrics for Business stakeholders on all open audit issues to track and close findings by the required due dates to avoid regulatory fines.• Lead Business Continuity and Disaster Recovery tests by compiling results and chairing the post-test meetings.• Provide subject matter expertise IT infrastructure in problem management and internal/external audit remediation activities.• Lead Disaster Recovery tests and track all issues to be discussed at the post test (lesson learned) meetings.• Support the Information Security teams to develop tabletop simulation tests and compile feedback.• Worked closely with IT Audit and ensure the BCP & IAM program is in compliance with BC-ISO requirements.• Schedule BC/DR Tests for Application specific teams.• Schedule quarterly tabletop meetings to compile business requirements and issues.• Provide regulatory requirements and laws that include compliance with credit card processing (PCI), SOX, SAS70, GDPR, ISO 27001 with advisory level vision on all technology being used at Investors Bank/Citizens Bank.• Support & test IT DR/BC plans to ensure continuity of business.

Senior Risk Analyst, GRC Third Party Risk Management assigned to Third Party Risk Assessments.• Collaborates and works closely with Business teams involved in the 3rd Party Risk Program lifecycle Services such as the Segment/collection of data, Defining the Scope and Inherent Risk, Reviewing evidence and ensuring compliance with USAA standards and procedures, Assess the industry best practice functions and focus on ineffective controls, Reporting and Monitoring.• Directly engaged with other external entities (FS-ISAC) to include regulatory agencies on a wide range of Third-Party Risk Cybersecurity matters by representing USAA SME (Subject Matter Expert). • Provide subject matter expertise to the Third-Party Management Risk Team and provide guidance when implementing new GRC tool (Salesforce) to ensure all regulatory and internal policy standards and procedures are incorporated into system through automation.• Executes and review 3rd party contracts to ensure inherent and residual risk are within USAA guidelines. • Reviewed the cyber related attestations by third parties reviewing their SOC1, SOC2, ISO 27001 and reported observations for further review and tracking.• Supported Salesforce screens and use case changes to ensure all are working as designed for all Third-Party Risk Management functions.• Managed and led the enhancement to extend Third Party Risk Management program by partnering with the Business Resource Owners and 3rd Party Risk Management (3PRM) teams.• Lead and contributed to assessments of the cyber security risk of Third-Party vendors with an appropriate level of detail.

• Collaborates and works closely with IAM teams involved in Infrastructure Program mgt lifecycle Services such as Hosting Operations, Cloud Hosting/Engineering, Data Center/Server Room Operations, Network Services, Virtual Operations, Storage, Disaster Recovery, Backup & Recovery, and Cybersecurity. This ensures compliance with controls are aligned with IT audit and Regulatory design.• Cybersecurity SME supporting strategic vision for the implementation of new software products to ensure they are in line with Industry Best Practices.• Ensure Privileged Access Management (PAM) is provided the correct cloud permissions to least privileged personnel through Salespoint annual certifications.• Provide Cloud Identity & Access Management (IAM) to support IAM functions in Microsoft Azure and AWS environment(s) to support least privileged accounts are protected.• Directly engaged with other external entities (FS-ISAC) to include regulatory agencies on a wide range of cyber security matters representing the Corporate Information Security Office.• Provide subject matter expertise IT infrastructure in problem management and internal/external audit remediation activities.• Oversees & executes qualification and Quality Management (QM) activities IT infrastructure capabilities to ensure data integrity before being release to production environment.• Provide regulatory requirements and laws including PCI, SOX, SAS70, GDPR, with advisory level vision for how technology will be used at BNYM.• Provide support knowledge in all Company operating systems and computer environments (Windows, UNIX, and Mainframe) to ensure third party risk is within company risk appetite.• Ensure all IT Audit / SOX ITGC requirements are mapped and included in Control testing.• Support the IAM Privileged Access Management process and secure the BNYM critical applications.• Support SSO and MFA access for intranet and external internet SaaS solutions.If more details are required, please notify me.

• Certified Business Continuity Professional (CBCP) by DRII• Certified Information Security Manager (CISM) by ISACA• Cybersecurity Fundamentals SME• Certified Third Party Risk Professional (CTPRP) by The Shared Assessment Group.• Supported Archer Business Continuity tests to ensure offsite functionality designed to incorporate ICS protocol during business disruptions and developed a central command assisting the Business, Information Technology and external vendors during incidents which caused business disruptions. • Supported Archer screen and use case changes for Third Party Risk Management.• Managed and led the enhancement to extend Third Party Risk Management program by partnering with the Business and Information Technology (IT).• Lead and contributed to assessments of the cyber security risk of Third Party vendors with an appropriate level of detail.• Interfaced with senior executives, legal, technology risk management, business teams, application management, and Third Party program management on cyber security issues.• Identified controls to address gaps in third party vendor relationships and adjusted the master service agreement to incorporate additional controls.• Defined and created relevant metrics and reports to outline the strengths and weaknesses of the TPG program.• Reviewed the cyber related attestations by third parties reviewing their SOC1, SOC2, ISO 27001 and reported observations for further review and tracking.• Lead Business Continuity and Disaster Recovery tests by compiling results and chairing the post-test meetings.• Provided lessons learned reports and discussed and implemented enhancement for different incident scenarios.• Developed Corporate Security Policies, Standards and Procedures to provide cross-platformIf more details are required, please notify me.

• Certified Business Continuity Professional (CBCP) by DRII• Leadership and oversight of Business Continuity for O&T Merger & Acquisitions (M&A) team.• Performed and maintained independent reviews on Business Continuity and Disaster Recovery Plans for M&A.• Led, coordinated, and facilitated review and updates for all Business Impact Analysis, Corporate O&T M&A.• Project manager for the performance of entitlement reviews for all divested and integrated M&A deals as well as risk profiles for Morgan Stanley Smith Barney access entitlements.• Program manager for all internal risk reviews (RCSA) for the divested and integrated deals, access rights to company applications for MSSB JV personnel, and maintained customer, vendor, and user relationships.• Project manager assigned to Risk assessment of M&A deals for Corporate O&T which includes the MBI/BI issues related to divestitures and integration, as well as over 25,000+ divested & joint venture employees.• Monitored MSSB information security to reduce information security risks and reported on identified areas of risk.• Created a metrics reporting system to facilitate effective management reporting on unauthorized access and permissions to facilitate security awareness and control; designed a Business Continuity program to measure completed requirements and plans and M&A risks.• Implemented the Enterprise Entitlement Review System (EERS) for divested and integrated M&A deals.• Provided guidance and counseled end users to mitigate entitlement issues regarding access and database error messages.• Lead weekly checkpoint meetings for MSSB, Wipro deals, Primerica and deals that required entitlement management.• Liaison for all MBI/BI business concerns related to divested companies.• Project manager for all Crisis Management issues located at a Citi remote site.If additional details are available, please contact me.