Patrick Tedesco Email & Phone Number

New Jersey, United States

• Lead Vulnerability and Penetration tests with Cybersecurity engineers to assess security system issues.
• Review and evaluate new security threats due to non-compliance with Cyber regulations and review assessments.
• Provide reporting on FFIEC regulatory risks and close any gaps from previous reviews.
• Provide support in managing Identity Management administration on multiple platforms.
• Collaborate and effectively communicate with Technology Operational Resilience (TOR) though presentations and written communications regarding Business Continuity Weakness and strengths.
• Provide Internal Audit support during BC/DR exercises and compile issue reports at lesson learned meetings.

Edison, New Jersey, United States

• Senior GRC Risk Manager/IAM Senior Analyst assigned to SOX application certifications, Business continuity support, and Third Party risk assessment reviews.
• Perform GRC activities and oversee all manual High Risk and SOX application Certifications outside of SailPoint on 100+ applications to ensure ‘maker – checker’ activities exist and are done to avoid regulatory fines.
• Provide Metrics to the leadership committee on quarterly basis.
• Cybersecurity SME supporting strategic vision for the implementation of new software products to ensure they are in line with Industry Best Practices.
• Ensure Privileged Access Management (PAM) is provided the correct cloud permissions to least privileged personnel through automated and manual certifications.
• Ensure all IT Audit / SOX ITGC requirements are mapped and included in Control testing.

Texas, United States

• Senior Risk Analyst, GRC Third Party Risk Management assigned to Third Party Risk Assessments.
• Collaborates and works closely with Business teams involved in the 3rd Party Risk Program lifecycle Services such as the Segment/collection of data, Defining the Scope and Inherent Risk, Reviewing evidence and ensuring.
• Directly engaged with other external entities (FS-ISAC) to include regulatory agencies on a wide range of Third-Party Risk Cybersecurity matters by representing USAA SME (Subject Matter Expert).
• Provide subject matter expertise to the Third-Party Management Risk Team and provide guidance when implementing new GRC tool (Salesforce) to ensure all regulatory and internal policy standards and procedures are.
• Executes and review 3rd party contracts to ensure inherent and residual risk are within USAA guidelines.
• Reviewed the cyber related attestations by third parties reviewing their SOC1, SOC2, ISO 27001 and reported observations for further review and tracking.

Florham Park NJ

• Collaborates and works closely with IAM teams involved in Infrastructure Program mgt lifecycle Services such as Hosting Operations, Cloud Hosting/Engineering, Data Center/Server Room Operations, Network Services.
• Cybersecurity SME supporting strategic vision for the implementation of new software products to ensure they are in line with Industry Best Practices.
• Ensure Privileged Access Management (PAM) is provided the correct cloud permissions to least privileged personnel through Salespoint annual certifications.
• Provide Cloud Identity & Access Management (IAM) to support IAM functions in Microsoft Azure and AWS environment(s) to support least privileged accounts are protected.
• Directly engaged with other external entities (FS-ISAC) to include regulatory agencies on a wide range of cyber security matters representing the Corporate Information Security Office.
• Provide subject matter expertise IT infrastructure in problem management and internal/external audit remediation activities.

New York, United States

• Certified Business Continuity Professional (CBCP) by DRII
• Certified Information Security Manager (CISM) by ISACA
• Cybersecurity Fundamentals SME
• Certified Third Party Risk Professional (CTPRP) by The Shared Assessment Group.
• Supported Archer Business Continuity tests to ensure offsite functionality designed to incorporate ICS protocol during business disruptions and developed a central command assisting the Business, Information Technology.
• Supported Archer screen and use case changes for Third Party Risk Management.

New York, United States

• Certified Business Continuity Professional (CBCP) by DRII
• Leadership and oversight of Business Continuity for O&T Merger & Acquisitions (M&A) team.
• Performed and maintained independent reviews on Business Continuity and Disaster Recovery Plans for M&A.
• Led, coordinated, and facilitated review and updates for all Business Impact Analysis, Corporate O&T M&A.
• Project manager for the performance of entitlement reviews for all divested and integrated M&A deals as well as risk profiles for Morgan Stanley Smith Barney access entitlements.
• Program manager for all internal risk reviews (RCSA) for the divested and integrated deals, access rights to company applications for MSSB JV personnel, and maintained customer, vendor, and user relationships.