CitiTechnology Information Security Officer
May. 2014 - Feb. 2015Tampa/St. Petersburg, Florida Area• Information Security policies, standards and regulations and compliance (Sarbanes Oxley, OCC, FFIEC, Operational Risk, Cross-border Data Privacy, GLBA, etc.). • Conducted Application Security Assessments on an annual basis. • Liaise with Business Information Security Officers and application development and Senior Level Management
• Assisted in identifying and reducing IS risk to acceptable levels. • Monitored risk mitigation process and risk oversight. • Monitored the execution of vulnerability scanning, mitigation or remediation within policy mandated guidelines across the entire department. • Provided Security Risk expertise to application development teams
• Investigated persistent access controls for appropriateness
• Application On-boarding • Issue creation, tracking and management
• Experience using Archer GRC