Sr. Systems Analyst-Risk Management
Bank Of America Merrill Lynch
Total years of experience :19 years, 9 Months
• Assisting in the development and execution of a quality assurances testing program focused on identifying and reporting the adequacy of Information Technology Controls.
o Identification of key risks and corresponding controls.
o Review system artifacts and meet with technology management to conclude on effectiveness of IT controls.
o Identify root causes of potential control deficiencies.
o Partner with management in the development of remediation activities.
o Generate scorecard reporting to communicate QA results.
• Assist Technology Management in the execution of risk assessments.
o Provide guidance to ensure assessments are executed in a consistent manner.
o Review and validate appropriateness of supporting documentation and accuracy of assessment results.
o Identify key IT risks due to control gaps/deficiencies and assist Business and IT teams to prioritize remediation efforts including the facilitation of RCSAs (Risk and Control Self-Assessments), ACT Assessments & SOX.
o Generate scorecard reporting to communicate assessment results.
• Support the execution of a PMO quality assurance program
o Review project management office required artifacts to ensure adherence to firm standards.
o Provide recommendations to improve SDLC / PMO control routines.
o Generate scorecard reporting to communicate level of adherence to PMO standard.
Manage Information Security Risk program for Applications, Infrastructure, and Service Providers. Oversee program and ensure the registration, assignment, risk rating, reporting, escalation and completion of all security risk assessments of new and existing system and vendors and exception management.
Address reported risk events and potential risk areas, and ensure these are appropriately mitigated by working closely with IT Leads, Project Managers, team members, Senior IT Management, and Senior Business Management.
Security Polices and Standard’s and adhere to Information Security Risk Assessment requirements, and procedures.
Provide metrics on a regular basis on the status of assessments, risks, balance score card, health of security risk management program.
Understand and interpret related company policy and relevant regulations (COBIT, VAL IT, ITIL, FFIEC, NIST and ISO 27002, FRB, SOX), providing guidance to the Businesses and IT.
Finalize Application and Business Application Owners (BAO) and System Owners (SO) master list, including Account Provisioning; finalize questionnaire common responses (from various SOA groups or SME’s); prepare/update training and awareness materials and other communication templates.
Train BAOs and SOs on use of SRE Online tool and on SRE (system risk evaluation) methodology and concepts, including Exception; help coordinate, guide, and monitor, the conduct and completion of SRE reviews; follow-up on BAO’s and/or SOs on the completion of their SRE reviews.
Validate responses, exceptions; Liaise with the various technology groups, and branches on SRE review completions and issues. Generate management and operational reports relating to review progress and completion, exceptions, state of risk.
Design and implement a data quality management framework for information security metrics. Analyze the data to identify key issues, trends, and observations for the attention of management.
Produce the monthly reporting pack within specified deadlines. Ensure clear, concise and risk focused presentation.
Identify operating metrics that enable our constituents (including business partners and regulators) to understand information security program progress and information security risks by business throughout the Bank
Developing and Documenting Standard Operating Procedures and workflow
Design and implement IT/Operations process, policies and standards documents.
Coordinate with vendors for software, hardware purchases and development of website.
Design, plan and implement data center
Provide consulting and advisory services regarding IT Risk, Governance, Compliance, IT Controls, Audit, Operations, Information Security, Business Continuity, Disaster Recovery, infrastructure architecture and design.
Directed and coordinated management of multiple related projects towards strategic business and other organizational objectives. Eliminated established audit concerns, restoring company to compliance. Directed projects valued at more than $5M while leading skilled team of 3. Managed 3-4 IT infrastructure projects regularly, overseeing all aspects of resource allocation, systems engineering, and IT risk and disaster recovery solutions. Identified and evaluated risks during review and analysis of system development lifecycle (SDLC).Formed strong partnerships as subject matter expert (SME) with regional business risk management team as well as disparate IT departments to solidify business risk levels, infrastructure, hardware, software, and policies across company. Provided IT risk advisory services to clients and internal customers for audit and regulatory matters while supporting relevant discussions pertaining to potential risks with findings and developing responses to mitigate or eliminate risk to sensitive technologies. Proactively managed systems development, implementation and risk via the use of SDLC.
Directed the coordination of all implementation tasks involving third party vendors as well as provide consultation to clients on system implementation throughout the MEA region offices. Applied risk management, DR, and BCP concepts, including better measurement and management of risk and control, to improve consistency of system and practices to meet internal and external client needs in MEA region, assessing multiple situational projects and developing strategic paths forward to exceed goals and stay within budgets. Developed and standardized IT risk and infrastructure policies and procedures in Middle East & Africa, India, and Turkey regions regarding along with LAN and WAN infrastructure as well as remote connectivity. Oversaw Shared Data Center operations, ensuring cost-effective management of staff. Managed projects exceeding $15M with team of 2 associates. Trained and mentored team members, providing hands-on encouragement and management.
Led technical services group, overseeing network and system infrastructure, WAN, LAN, and other connectivity. Directed user service's group, administering technical support to end users for a variety of concerns. Created reporting tools to enhance productivity and accuracy in internal and external client status updates. Managed 4 indirect reports, each tasked with solving various complex IT issues as they arose.
Managed several independent projects with budgets approaching $1M while directing team of 6 associates to achieve client needs. Revised and designed IT infrastructure and security systems for clients, utilizing understanding of day-to-day operations gained from previous experiences. Partnered with HP and Microsoft as key players in field to procure software, hardware, and solutions for implementation.
Administered LAN/WAN development and deployment, including installation, maintenance, and local support for approximately 130 workstations and 10 servers. Developed and initiated backup procedures, restoring data as situations demanded. Operated with technology partners to evaluate, test, and negotiate the purchase of new IT products. Designed and Implemented new VOIP system within the office.