• Managed projects covering the governance, risk management and compliance of technology-driven processes within the organization.• Assisted 1st line management in identifying, assessing, monitoring, and controlling technology and security risks, and provide guidance on necessary mitigation measures.• Aligned technology-driven operational areas with the Enterprise Risk Management Framework• Spearheaded initiatives to increase awareness of the bank's risk management policies and practices• Performed IT General Controls testing to support 2nd and 3rd line with the organization wide risk management activities and audits, with a focus on technology and security risk areas.• Oversaw the development and upkeep of technology and security polices, standards and procedures. • Assessed audits of corporate security policies and procedures to ensure alignment and adherence to regulatory requirements and best practices.• Directed Information Technology audits to assess effectiveness of controls for technology related process and risk areas across the organization.

• Managed and led more than four projects simultaneously including engagement strategy budget planning, internal coordination among cross-functional teams on joint initiatives, and oversight of team personnel.• Led a 15-member team to successfully develop and deploy a consumer data protection program addressing security vulnerabilities, logging, and monitoring at a multi-national organization.• Directed Information Technology and SOX Audits to assess controls in Application Systems, End User Computing, and Segregation of Duties (SoD). Drafted deliverables of strategic Information Security roadmap designs and implementations, and Business-As-Usual (BAU) transition processes.• Led various external IT audit engagements in support of Internal Controls over Financial Reporting (ICFR) or Internal Controls over Financial Reporting (ICOC) for private and public companies in the Banking, Telecommunication, and Entertainment industries.• Performed IT General Controls testing over logical access, backup and recovery, change management, and incident management. • Assessed external service organizations through the review of SOC 1 or SOC 2 reports. Provided recommendations and guidelines to management taking into account the Complementary User Entity Controls from the SOC1 reports.• Led a Gramm-Leach-Bliley Act (GLBA) compliance and risk assessment for a global commercial banking institution and implemented best practices to enhance the maturity of the GLBA Program.• Resolved User Access Security concerns by implementing an Identity and Access Management project to identify and mitigate weaknesses and strengthen controls. Designed and executed a 2-year tactical remediation plan to address systemic Identity and Access Management vulnerabilities at a Fortune 500 company.• Overall saw the performance of five counselees and guided three promotions across the practice ranging from Interns to Senior Associates

• Assisted in-depth vulnerability assessment of significant web-applications using IBM Rational Appscan and Nessus application to identify, validate, test, list, analyze, prioritize, report, and recommend solutions to vulnerabilities present in the web-applications used by the organization’s internal and external users.• Conducted physical and network security assessments to identify vulnerabilities and implement countermeasures for large business corporations.

• Led engagements that focused on Sarbanes-Oxley (SOX) and Statement on Standards for Attestation Engagements No. 16 (SSAE 16) compliance audit for large entertainment and media corporations.

• Managed system reliability, security, data backup and recovery, and mapping of networked drives and print servers• Analyzed and identified potential security risk within the bank’s IT infrastructure