Experience

Electronic Payment Network and Processor. Assisted with the development of a processor (similar to partner) management security due diligence program and conducted IT risk assessments and audits over the payment processors and related sponsors. The program was designed to enable the network to expand available electronic payment service services to processors and help the network manage various risks associated with the introduction of new payment processor services. The project reported to the Vice President and Executive Director of the Network with updates to senior business executives.

$15 Billion Commercial Bank. Conducted a technology risk assessment and assisted in the development and monitoring of a subsequent remediation plan to enable the bank’s recently-hired CIO to prioritize issues and compliance strategies to enable the bank to fully comply with the FFIEC IT Examination Handbooks and evolving regulatory expectations such as GLBA and privacy compliance, as well as IT vendor management. Project reported directly to the corporate CIO and Executive Vice President.

Global Fortune 150 Acquirer. On behalf of this international conglomerate, directed the information technology due diligence performed for the acquisition of a Fortune 300 specialty finance and leasing firm. Project report included in a multi-disciplinary report that was presented to the acquirer’s CFO.

Top 5 New York-based Real Estate Company. At the request of the Board of Directors, directed a study to assess and evaluate investments to the company’s IT infrastructure and service delivery capabilities. Working with executive management, investment initiatives were evaluated against current and planed business strategies. Project reported to the CFO and the Board of Directors.

$3 Billion Community Bank. We currently serve as the co-sourced IT auditor for this community bank. Recent projects have included information and network security, IT data center relocation, SOX compliance and strategic IT process and security risk assessment. Project reports to bank’s Vice President of Internal Auditing.

$1 Billion Community Bank. We currently serve as the outsourced IT auditor for this community bank. Recent projects have included payment processor and network compliance, network security, internet banking, IT vendor management and business continuity planning. In addition to providing critical IT audit services, we also advise the audit department on advanced audit techniques and general enterprise risk management issues. Project reports to the bank’s Senior Vice President of Internal Auditing.

$1 Billion Community Bank. Under the direction of the bank’s auditor, we conducted a payment systems compliance audit that included determining compliance with FFIEC, bank regulatory, NACHA, payment network and payment processor requirements. The scope included review of PIN, debit card, EFT and encryption control processes.

US Branch of Global European Bank. Under strict deadlines, directed a swat team that prepared the bank for an impending bank IT regulatory compliance exam. The project included identifying areas needed to comply with regulatory guidelines (e.g., information security, business continuity and IT vendor management), developing policies and procedures for all IT areas, training IT management on key regulatory issues and communicating relevant strategies to senior management. Project reported to the COO.

North East Payment Network and Payment Processor. At the request of the Board of Directors, directed an availability and scalability review over the payment network’s ability to maintain high-availability of service delivery to its payment processor and financial institution clients and to enhance compliance with federal banking regulations. Project reported to the President and to the CIO.

Real Estate Division of Fortune 5 Insurance Company. Managed a systems acquisition and implementation review of a new mortgage origination and servicing system for the division. Involvement emphasized system design, testing and conversion. Project reported to the General Auditor.

$175 Billion North American Financial Services Company. Benchmarked the bank’s security, privacy and customer confidentiality practices against similar-sized global diversified financial service companies. The scope of the project emphasized the use of technology to enforce executive management expectations of bank personnel (including senior management) with various executive management security, privacy and regulatory compliance directives and policies. Project reported to the Chairman of the Senior Executive Risk Management Committee (composed of the Bank’s Executive Vice Presidents).

$3 Billion Regional Bank. Directed the performance of Internet banking and network security reviews. In addition to considering best practices, the reviews focused on regulatory compliance including compliance with related FFIEC IT Handbooks. Projects reported to the CIO and the Audit Committee.

$17 Billion Super Regional Bank. Provide ongoing IT risk consulting retainer services to enhance overall IT risk management and bank regulatory compliance skills of key IT executives. Contributions include system development lifecycle, vendor management, ebanking, security and business continuity planning.

$3 Billion Savings Bank. Developed a risk-based IT vendor management program to help the bank, which relies almost entirely on third party service providers for key functions such as core processing and managed information security services, comply with regulatory requirements and evolving corporate governance needs. Project reported directly to the Vice President of Information Systems.

$500 Million Commercial Bank. Assisted the bank in developing user requirements and reconfirming system selection for the replacement of this niche bank’s core processing system. Additionally, provided “technology coaching” support to the Bank’s CEO. Project reported to the CEO.

Recently Merged New York Branch of Global European Bank. Directed the performance of a risk assessment and business impact analysis to justify required investments in a new Business Continuity Plan. Project reported jointly to the CIO and the Director of Operations.

$3 Billion Community Bank. Performed a technology risk assessment that enabled the CIO to prioritize actions required to enhance the overall security of the bank and its compliance with recently issued GLBA, privacy and other bank regulatory requirements.

Internet Banking Division of Money Center Bank. Led the quality assurance function for the development of a Business Continuity Plan for the Internet Banking Division of the largest US Bank. Project reported to the Division Executive.

$80 Million Credit Union. Provide ongoing IT retainer services to the head of IT of this community chartered credit union. Primary contributions included the performance of an IT risk assessment, establishment of baseline security policy and practices and the direction over business continuity plan development. Developed and monitored program to achieve compliance with key NCUA regulatory requirements.

Fortune 300 Global Specialty Finance Company. Provided executive coaching support relating to managing IT risks to the CIO and his direct reports. Project reported to the CIO.

US Branch of $80 Billion Canadian Bank. Led an information and network security assessment over the branch’s network and internet security infrastructure. Leveraged automated security tools and well as bank regulatory guidance to help prioritize IT security improvements. Project reported to Head of Internal Audit.

$130 Billion Australian Bank. Directed a post-merger integration analysis relating to the performance of the bank’s outsourced information technology provider (Fortune 100 systems integrator). The project focused on the provider’s effectiveness and efficiency in working with the bank to integrate technology as part of the merger. The project also considered the bank’s role in facilitating the vendor’s performance. Project reported to corporate CIO.

Global Bank Trustee and Custodian. Directed the technology-related investigation of a multi-million dollar fraud as part of a multidisciplinary investigative team. Technology techniques included assessing the effectiveness of the bank’s IT security and risk management practices in facilitating the fraud and providing data mining capabilities for the entire investigative team. Project reported to Corporate Counsel.

$15 Billion Super-Regional Bank. Redesigned the IT security policies for this super-regional bank to reflect its decentralized management style and diverse IT platforms as a result of numerous acquisitions. The redesigned policies enabled the bank to significantly enhance its compliance with various bank regulatory privacy, security and GLBA requirements. Project reported jointly to the Senior Vice President of Information Services and the General Auditor.

$250 Million Credit Union. Assisted the credit union in selecting a new core system. Primary focus included evaluating various vendor system features and determining the impact of implementation on credit union operations and system of internal controls, including compliance with NCUA regulatory requirements. Project reported to the New Core System Selection Committee.

Northeast “Super Center” Grocer. Conducted a payments network mandated TG-3 review (PIN Audit Compliance). Project reported to the Chief Financial Officer.

Contact us at 516-933-3662 or email us to find out more about how we can help your organization with our IT audit and security services.