PROFESSIONAL EXPERIENCE:

Confidential

Senior Partner - Technology Risk

Responsibilities:

• Perform risk assessments of the client’s current security model and deploy threat intelligence tools (SIEM) such as Splunk (ES) and DataVantage.
• Conduct a top down review of the client’s current security policy to ensure it is in compliance with updated federal regulations (FFIEC) and industry standard best practices.
• Perform risk assessments of the client’s backend infrastructure that supports the business and implement remediation strategies for identified deficiencies.
• Structure reports of user behavior analytics and security events to allow management to baseline security anomalies verses real world events.
• Review the design effectiveness of third party tools that are designed to feed data to exiting GRC platforms such as Archer and MetricStream.

Confidential, New Britain, CT

Consultant - Internal Auditor

Responsibilities:

• Conduct Sarbanes-Oxley 404 IT documentation and testing for various domestic and international business units.
• Review design effectiveness of information technology controls and coordinate testing with process owners.
• Document control deficiencies and remediation plans with management.
• Conduct weekly status meetings with the company’s external auditors to facilitate communication of test results.
• Identify improvements within the company’s SOX testing approach to ensure alignment with the COSO framework.

Confidential, Middletown, CT

Consultant - Technology Risk Analyst

Responsibilities:

• Conducted a review of the Information Security Program at the Bank, including Active Directory, Perimeter Security and the NPI Data Integrity Control Framework.
• Performed a security assessment of third party service providers to ensure information technology controls are in place and operating effectively; including end user tools and spreadsheets.
• Reviewed the design effectiveness of the bank’s use of third party Security Incident / Event Monitoring (SIEM) tools to ensure they are configured correctly.
• Reviewed all third party vendor SSAE-16 reports to ensure exceptions were appropriately resolved and continuously tracked within the bank’s database.
• Review all internal technology audit findings and recommend corrective action to Liberty Banks Infrastructure Security Committee.
• Performed a security assessment of the bank’s EMV debit chip card implementation, including all hardware and software components.

Confidential, Newark, NJ

Manager - Technology Risk

Responsibilities:

• Conduct Information Technology Risk Assessments of major U.S. business units, new products and strategies to ensure appropriate controls are implemented.
• Identify, research, evaluate, and resolve risk issues impacting the Confidential Investment Management business unit including Sarbanes Oxley, Model Risk and Comprehensive Capital Analysis Reviews (CCAR).
• Apply operational risk management techniques including, but not limited to: Risk and Control Self-Assessment, Scenario Analysis and Loss Event Reporting and Privacy.
• Promote and build effective risk management culture throughout organization and provide training to members of the Risk Management team on use of RSA Archer GRC platform.
• Test information technology controls based upon applicable regulatory, internal audit, accounting and IT standards (ISACA, IIA, GAAP & COSO).
• Update risk and controls test results within the GRC tool for each business unit.

Confidential, Uncasville, CT

Consultant - Technology Risk

Responsibilities:

• Performed a top down assessment of the casino’s information technology audit plan and resources required to support expansion of domestic operations.
• Document metrics and prepare deliverables required to further augment management’s reporting on controls over financial reporting.

Confidential, Wilton, CT

Consultant - Technology Risk

Responsibilities:

• Conducted the firms IT Risk Assessment process for its domestic and international data centers and communicated the results directly to the firms Internal & External Auditors (Big 4 Public Accounting Firms)
• Planned and performed integrated and information technology controls reviews including; embedded derivative model validation controls, automated application controls, end user tools and spreadsheet controls.
• Document and update the firms Model Risk Management framework to ensure compliance with Federal Reserve Board guidance (SR 11-7).
• Detailed knowledge and audit experience working with the following platforms, SAP, MVS, UNIX, AS/400, Cisco and Windows. Significant expertise in auditing wireless telecommunication protocols / devices.
• Conducted reviews of firm’s disaster recovery planning and implementation methodologies.
• Documented and updated detailed IT audit plans to ensure the firms SIFI reporting requirements are consolidated within the existing audit schedule.
• Consulted with Confidential ’s Enterprise Management Team to ensure corporate objectives and guidance are implemented at the business unit level.

Confidential, New York, NY

Technology Risk Engagement Manager

Responsibilities:

• Prepared detailed scoping statements for Sarbanes-Oxley engagements utilizing the CobIT 4.0 framework.
• Prepared risk assessments to assist clients with preparing detailed IT audit plans.
• Consulted with various corporate audit committees on strategies to reduce Sarbanes Oxley cost.
• Prepared internal management report to address security incidents at companies throughout the United States, including several financial institutions, technology manufactures and health care providers.
• Conduct Sarbanes-Oxley 404 IT documentation and testing for the firm’s clients and presented results to external auditors.

Confidential, New York, NY

Manger

Responsibilities:

• Coordinate initial client meetings to establish a framework for compliance with SOX Section 404 compliance.
• Review client questionnaires to determine readiness for certification.
• Perform risk assessment to identify the client’s information assets that directly impact financial reporting based upon ISACA standards.
• Manage staff responsible for the general controls review of the client’s financial reporting and information systems infrastructure.
• Prepare documentation including narratives and flowcharts that identify the risk and controls with both the financial and information systems environments.
• Review and design testing of documented controls on a risk control matrix for each process identified during the risk assessment process. Document control gaps and perform required analysis. Perform remediation testing of identified control gaps.
• Conduct meetings with business and process owners to discuss the testing approach and requirements for documentation to meet compliance with Section 404.
• Coordinate meetings with the Chief Financial Officer and External Auditors to discuss Section 404 compliance issues.
• Conduct training with Internal Audit Staff responsible for Section 404 compliance testing.

Confidential, New York, NY

Financial Systems Engineer

Responsibilities:

• Served as technology liaison to the corporate internal audit group for technology base reviews of the financial business units, including the domestic trading group.
• Conduct annual IT business assurance and performance reviews with internal audit staff members.
• Assist external auditors with annual information technology engagements and generate all operational performance reports.
• Conduct enterprise wide security reviews of all financial applications before implementation and prepare vulnerability analysis.
• Review implementation methodologies for all financial applications such as PeopleSoft and Siebel with third party vendors.
• Perform performance reviews of the trading floor infrastructure and recommend corrective action to change management coordinator.
• Review transaction based website infrastructure and report findings to the internal audit group.
• Prepare business re-engineering recommendations for consolidating New York, Denver and Charlotte financial systems.

Network Systems Engineer

Confidential

Responsibilities:

• Conduct annual IT business conference to plan corporate technology objectives and prepare IT budget for New York Home Office.
• Prepared network design documents and configurations for planned rollouts.
• Documented time and action plans for rollouts including electrical requirements.
• Ordered all Cisco hardware for installations (6500 switch platform).
• Configured all VLANS required to support the Ethernet rollout.
• Designed redundant VTP server connectivity for disaster recovery team.
• Created trap-monitoring platform by incorporating Cisco Works into Concord’s Live Health.
• Perform installation of firewall applications and modified filters based upon security reviews. Generated monthly security reports to reduce risk to corporate computer resources and investigate potential security breaches.
• Deployed distributed Sniffer probes to mission critical user segments to detect service level issues.
• Coordinated study to determine floor-wiring (Cat 5 and Fiber) requirements from LAN closets to user areas. Installed wireless access point and configured router ports to control access.

Network Engineer

Confidential

Responsibilities:

• Processing all Service Request Forms for end of day batch processing on the AS/400 platform.
• Monitor all server connections for exceptions and failures through the Tivoli Enterprise Management console.
• Prepare end of day performance and transaction reports for management.
• Open call center tickets for outstanding network or telecom problems reported by users.
• Prepare turnover reports highlighting all completed task the prior evening and outstanding Service Request task for the first shift staff.
• Run all batch processing jobs on the AS/400 for the insurance line of business.
• Perform systems testing of all new accounting systems.

Senior Microcomputer Systems Specialist

Confidential

Responsibilities:

• Install all microcomputer hardware and software associated with implementing the company’s network strategy.
• Develop comprehensive migration plan for converting Novell 3.12 file servers to Novell 4.1 NDS.
• Install and configure Remote Dial-in access using Shiva LAN-Rover equipment.
• Prepared server farm design documents outlining Ethernet connectivity to Nortel BCN routers.
• Installed Cisco 3500 redundant router connections to eliminate connectivity failures to the corporate backbone.

Senior Accountant

Confidential

Responsibilities:

• Outlined the Accounting Divisions requirements as a member of the RA Loan Project team.
• Managed a team of 9 accountants to review and balance daily investment transactions for each fund.
• Installed PC wire transfer system to facilitate processing all investment closings.
• Established an information system that provides corporate wide accounting and premium performance information to the Treasury Division.
• Approved the daily balancing for all domestic investment accounts used to calculate the company’s net asset values.