Business Information Security Lead
Freddie Mac
Total des années d'expérience :23 years, 3 Mois
Information Security Sr. Technology Lead
• Collaborated and Partnered with division head and technology team on promoting alignment w/ security strategy including Zero Trust, Cyber Resiliency, Penetration Testing and Vulnerability Management.
• Helped facilitate DevSecOps integration for Investment and Capital market business. Resulting in efficient and secure code delivery in production.
• Developed and maintained security directives compliance measurement for management reporting and drive value driven discussion.
• Developed and maintained strong business and technology relationships at all level, and became a trusted security partner to address business needs.
• Helped create business process aligned security training and awareness program resulting increased engagement from lines of business participation and drive risk-based security decisions.
• Lead Cyber security review of the corporation payment fraud system, providing key feedback to strengthen technical controls related to insider threat modeling.
Managed collaborative partnership with Information Technology group. Focusing on emerging and operational technology risk around people, process and technology and helped management make informed decision.
• Managed team of operational risk managers. Reviewed and provided feedback on their risk assessment.
• Collaborated regularly with Sr. Management and helped 1st LOD risk team to report operational event that
resulted in actual or potential financial losses above a specified threshold.
• Lead the team through risk and control identification and gap analysis for Information Technology
organization using global best practice guidelines (FFIEC, OCC, ITIL, ISO 27001/27002, NIST 800-53,
COBIT 5).
• Lead Control Optimization project for Technology Services, map controls to risk objectives and successfully
reduced more than 25% of operational controls, including SOX, by identifying automation opportunities,
ineffective, poorly designed, duplicate and unnecessary controls.
• Lead change readiness discussion with LOB officers to validate current human capital risk profile and
mitigating factors as part of the Human Capital Contingency Planning program.
• Responsible for conducting local and global integrated audit of Investment Bank. Performed assessment of existing risks, evaluated implemented controls and reported on identified deficiencies.
• Performed cross-functional audit on Basel II readiness for retail mortgage and global wealth management division focusing on data completeness and change management for the Basel II calculation.
• Reviewed and evaluated application security around the capital calculation model processes for Operational Risk, Retail and Commercial model.
• Worked jointly with IT security team to develop monitoring tool for toxic user entitlements within applications
as a result of Societe Generale rogue trader incident.
• Performed detail audit on emerging market credit card application processing unit in India and in UK
focusing on logical and functional access and application change management procedures.
• Evaluated and provided control gap feedback to application developer prior to going live allowing the
company to proactively manage risk.
• Managed compliance-related project for over 30 applications in the capital market division. Completing
project on time and meeting departmental budget.
• Led a team on designing and implementing role-based access control for financial applications within the
organization.
• Participated in the corporate access leadership group and assumed various lead roles to help remediate
material weakness in the access domain.
Sr. Technical Risk Specialist - Chief Admin Office
• Managed risk for the corporation’s financial management systems and general computer support services. Identified and evaluated organizational risk areas providing key input to the development of controls in information technology, standards, policies, procedures and guidelines.
• Designed remediation plan for infrastructure security issue including password encryption, Unix file lock down and secure file transmission.
• Designed SOX internal management test plan based on company policy and procedure.
• Performed pre-implementation and full-scope application reviews for sales and trading applications supporting
the Equities, Fixed Income and Commodities business units.
• Met with senior management to discuss the issues noted during the audits and to agree on the management
action plans.
• Coordinated with external auditors during the Sarbanes Oxley review of critical applications.
• Developed automation capability for global market data system and applications. Focus area included management of system to system relationship with various brokerage institutions and delivering of time sensitive critical market data 24/7.
• Responsible for managing and administering work flow management software. Troubleshoot application server crashes and system performance issues.
• Developed real time monitoring mechanism for 150+ processes across 3 production global plants, identify non-compliance and send automated notification to end users.
• Executed disaster recovery plan for critical applications during 9/11 and Northeast Blackout of 2003 allowing the firm to continue operations with minimal disruption.
• Managed monitoring and distribution of various data types and data formats from stock exchanges and delivered to downs stream application processes in a common and consistent format.