Management Information Security
Resume:
Sophia L Brooks
*** ******* ***, ****** ****, NJ 07307 646-***-**** ***************@*****.***
TECHNICAL SKILLS: Microsoft Office, (Pivot Tables, Lookups), Visio, Ariba, Archer, Clarity, Replicon, Innotas, SharePoint Collaboration System and Remedy Ticketing System
EDUCATION: SAINT PETER’S UNIVERSITY
MBA /School of Business Management
BERNARD BARUCH CITY COLLEGE
BA in Finance
PROFESSIONAL DEVELOPMENT:
Remedy AR Administrator
EXPERIENCE:
01/2017 to National Football League, New York, NY
Present IT Risk Manager (Consultant)
●Coordinate with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements
●Overall management of any related audit, regulatory and risk activities, which include liaising with our auditors
●Assess findings and ensured appropriate mitigation actions are in place
●Maintain deadlines on deliverables and communication on an ongoing basis with business partners and internal clients about contractual issues
●Perform Information Security onsite assessments at vendor locations when required
●Assess completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls; analyze the information to identify information security weaknesses or non-compliance with our Company and industry standards
●Produce detailed documentation of assessments and perform threat analysis of gaps identified
●Work closely with other IT operational risk teams on cross-divisional and regional aspects of internal, external, and regulatory audits
●Validate evidence from vendors before Remediation Plans are closed
●Escalate issues associated with vendors as needed to management
●Ensure consistent management of all proposal and that contracts are properly entered into organizational databases and securely maintained
09/2016 to NYC Major’s Office of Technology and Innovation, Brooklyn, NY
12/2016 IT Risk Manager (Consultant)
●Responsible for strengthening agencies internal controls and improving performance as it relates to IT Project Management in order to better assure the successful delivery of projects
●Provided Risk Awareness Training and Information by offering workshops and informational resources to help City agencies and offices understand best practices
●Facilitated Risk Control Self Assessments which involves a comprehensive questionnaire and discussion of findings and recommendation for new or early life cycle projects and to identify opportunities that will reduce time and cost as well as risk
●Monitored project risk and assist with remediation by creating individualized risk treatments with associated mitigation plans for select project risks while monitoring and analyzing the effectiveness of any subsequent steps taken
●Assisted the agencies in developing its’ Risk Register and remediation planning which provides a better means of tracking and responding to problems as they are identified or arise
●Established and Co-lead the MOTI Risk Management Program to create an effective risk management culture across the City’s agencies and offices by introducing disciplined risk mitigation processes and practices that prevent or reduce the impact of large project risk
●Worked with management to evaluate the adequacy, soundness, and efficiency of the Agencies’ information technology policies and procedures
05/2015 to BNP Paribas, Jersey City, NJ
09/2016 IT Senior Risk Analyst (Consultant)
●Identified and evaluated operational risks and internal controls to mitigate risks and related opportunities for internal control improvement
●Collaborated with federal regulatory and internal and external auditors to assess risk and controls
●Assisted in leading remediation for global initiatives across lines of business, ensuring that all deadlines and timelines are met
●Identified the weaknesses in a system network applications and assisted the different teams in creating action plans to correct and prevent security risk
●Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.
●Worked closely with other IT operational risk teams on cross-divisional and regional aspects of internal, external, and regulatory audits
●Conducted Risk Control Self Assessments, collaborated for reviews and worked with internal and external auditors to facilitate requests, reviewed, and tracked findings and recommendations
11/2013 to PR Newswire, Jersey City, NJ
05/2015 IT Senior Financial/Risk Analyst
●Reviewed the strategy and financial projection of new and emerging projects and products in order to build financial models to support such projects
●Monitored actual financial results vs. budget and highlighted key variances for senior department managers
●Conducted meetings with service team members and have proactive follow ups on findings and recommendations status
●Monitored financial performance, highlighted trends across key performance indicators and analyzed any substantial variances in order to understand the underlying root causes
●Maintained the overall integrity of the financial and management reporting process and ensured compliance with specific client requirements
●Coordinated and maintained the global technology project portfolio and recurring financial forecast by working collaboratively with key technology and finance staff
03/2011 to ACTIVE Health Management, New York, NY
11/2013 IT Financial/Risk Analyst
●Reported findings and made recommendations for the correction of noted control deficiencies, improvements in operations and reduction in cost
●Reviewed proposed budget submissions from department managers for accuracy and completeness
●Arranged and lead meetings with internal resources to collect, track and report information
●Reviewed Third Party engagement details and assessed appropriate risk level using defined criteria
●Compared actual to budget results at the end of each reporting period, and reported on significant variances
●Determined whether areas reviewed are performing control activities in compliance with applicable policies and procedures in a manner consistent with both organizational objectives and high standards of administrative practice
11/2008 to Citigroup, New York, NY
03/2011 Client Service Analyst (Consultant)
●Worked with the proprietary trading desk, accounting, operations, tax and treasury groups to perform account analysis, assisted with money movement and handled capital allocation
●Identified problem areas in regards to processes and worked with the team to generate solutions and escalated to management as appropriate
●Worked closely with the branch operations team and bank service desks on resolving client inquiries
08/2007 to TOMMY HILFIGER, New York, NY
05/2008 Sales Analyst
●Performed complex analyses of organizational performance and identified opportunities for improvements that will further sales objectives
●Assisted with planning by providing current sales trend information and analysis to support the development of the team's customer plan
●Generated daily, weekly and monthly activity reports showing detailed analysis of various revenue, expense and headcount to drive organizational performance and analyzed opportunities for improvements
12/2006 to JP MORGAN CHASE, New York, NY
06/2007 Financial Analyst (Consultant)
●Maintained pricing and profitability model/pro-forma in ordered to perform in-depth financial analyses to support all new business propositions or initiatives
●Partnered with the Product Team to ensure products were competitive, well priced and have the necessary features in order to remain competitive within the market
●Priced standard deals and acted as a control during the deal/pricing process while adhering to policies and procedures in place to document pricing decisions
Contact this candidate