Retail Sector

US Retail organization, including luxury retail

• Information Risk and Resilience Programs

Advancing capability on maturity scale - Information Security Policy/Standards, Risk Register/Issue Management, metrics, and dashboards for KRI reporting, Third Party Risk program, Cloud security, Vulnerability Management, PCI-DSS Compliance, IT General Controls (ITGC) Audits, Training and Awareness including phishing campaigns, GRC Tool evaluation and implementation. Business Continuity Planning, Documentation, Testing, Crisis Management, Cyber Resilience, Incident Response

 

Energy Sector

US Power Authority

• Business Resiliency and Enterprise Risk Management (ERM)

Business Resiliency program implementation - Business Continuity Planning, Documentation and Testing, Third Party/Supplier Resilience, Cyber Resilience. ERM function enhancement - Risk Appetite, Emerging Risks, Reputation Resilience, GRC tool evaluation and implementation.

 

Financial Industry

US Financial Institutions

• Oversight and Control

Oversight and Control framework - RCSA (Risk Control Self Assessment), Business Resiliency, SOX program, IS/IT Risk Control environment. Third party vendor relationships involving RFX, competitive bidding, contract negotiation and contract implementation. Supplier risk management metric development. Information Management supporting business needs and legal requirements - Data quality assurance  and consistent treatment of information assets and records, control design, testing and issue management.

​

• PMO, KYC/AML Consent Order Response

Governance, Operating Model, Global Rollout of KYC application

 

• Risk and Control  

Risk and Control for functions supporting Executives and the Business, with a global presence in North America, LATAM, EMEA and

APAC. Program Management including RCSA, KRI, Control testing, incident management, policy development, Information Security, Continuity of Business, Vendor management, Records Management, Fraud Risk Management, Application implementation, Training and Awareness, audit support and regulatory interactions.

 

• Operations Risk Control

Operations Risk and Control initiatives for Private Bank Global Operations in North America, Europe and Asia. Policy development, RCSA, SOX testing, issue management, corrective action monitoring, KRI and metric identification and reporting, dashboards, heat maps, New Product approval process, Pricing Controls, Information Security, Continuity of Business, Records Management, Change Management, Reengineering/right shoring, Third Party Risk, Training and Awareness, SOX program audit support and regulatory interactions. 

 

• Information Security and Business Continuity

Business Continuity Consulting for the Global Corporate Investment Bank (GCIB). The BC/DR Program portfolio included a recovery site implementation, Risk Assessment, BC/DR Planning, Life Safety, Emergency and Crisis Management, metric reporting, BCP Cost Analysis, application implementation and regulatory interactions.

 

European Financial Institution

• Finance and Controlling Division Projects

Evaluation, implementation and on-going support of financial systems solutions and operational risk mitigation strategies including implementing and managing BC/DR solutions, UAT for SAP/R3 implementation, Global General Ledger Control, data integrity and quality improvement initiatives and implementing a video conferencing solution. 

 

Industry Projects:

• Carnegie Mellon University/SEI-CERT: Enterprise Security Governance Research Project, 2014

• FSTC/Financial Roundtable: Information security, risk management and vendor management working groups, 2004 to 2006

• Securities Industry Financial Market Association: Working groups within Operations & Technology, Finance and Compliance

 

Best Practices and Certifications:

• PM: Waterfall, Agile, Six Sigma, Lean, SDLC, ITIL, COSO, COBIT, CMM, CMMI

• CBCP (Business Continuity), CRISC (Risk and Information System Controls), HSEEP (Emergency Management), CDPSE (Data Privacy), SCR (Sustainability and Climate Risk)