Gabriela Resende

ad40c1@r.postjobfree.com 201-***-****

Dynamic and forward-thinking IT Risk and Compliance Analyst with a methodical approach and extensive experience in identifying, remediating, and verifying infrastructure risks and security fundamentals within complex, matrixed environments. Proficient in leveraging regulatory guidelines to ensure compliance, troubleshoot integration issues, conduct 2nd Line of Defense audits, and standardize database architectures. Proven track record in implementing new risk policies, practices, and appetites, providing comprehensive solutions for holistic risk management aligned with industry best practices. Skilled in managing cross-functional relationships across various stakeholders, including management, development teams, external providers, and clients. Possesses strong communication and presentation skills, with fluency in both English and Spanish. Additionally, adept in information security and vulnerability management.

Core Competencies

Third-Party Risk (TPR) Management Vendor Risk Management RSA Archer Controls Management Business-Planning

Analyses & Research FFIEC CAT Requirements

Functional System Design System Infrastructure Strategic Planning Workflow Optimization Risk Mitigation

Technical Skills

Microsoft Access, Active Directory, Outlook, PowerPoint, Project, & Excel, SAP, GRC 10.0, HTML, Perl, Python, SQL, LDAP, ECATT, Load Runner, Citrix, RSA Archer, VIA Archer, Visio, Carbon Black, Salesforce, FireEye, BMC Remedy, G Suite, Norton Ghost, CyberArk, Identity Management, IBM SPSS, Google Motion Charts, Qualys, CrowdStrike Digital Guardian, Tenable Service Now, and SharePoint

Professional Experience

Information Security GRC Analyst ZT Systems Secaucus, NJ Nov 2020 – Present Initiate key assessment of internal controls over our Information Security to ensure compliance with our industry-standard and our customer requirements

Initiate key assessment of internal controls over our Information security to ensure compliance within support of Technology customer requirements.

Development and maintenance of strategies, standards, plans, policies, procedures, and other documentation in support of Technology (NIST) requirements for federal information systems, in addition to complying with our customer requirements.

Manage and support customer audit engagements, the audit request lists and ensure requests are being fulfilled by stakeholder management; participate in internal/external audits as it relates to evidencing control management practices; assist the business to document, assess, remediate any issues and risks raised during audit examinations and risk assessments

Designing and deploying numerous enterprise technical security services such as SIEM, DLP, PKI, IDS/IPS, and enterprise

Conducted comprehensive information security assessments of third-party vendors and cloud services, providing strategic recommendations to senior management on mitigating identified risks effectively.

Supported the enhancement and ongoing development of vendor risk assessment procedures, including the creation and management of necessary documentation, tools, and performance metrics to streamline the evaluation process. Authentication/authorization frameworks and models.

IT Risk & Data Quality Analyst (Consultant) Citigroup Global Markets, New York, NY Nov 2019 – Nov 2020

Lead design reviews of data model and other relevant metadata including physical and logic model

Partner with Data Quality Managers to facilitate and support Enterprise-wide data quality improvement initiatives.

Manage data governance initiatives and projects that involve any upstream or downstream data flows and processes.

Implements change initiatives to ensure that the introduction of undesirable impacts to data definition, maintenance, quality and/or consumption are minimized.

Initiate and oversee changes (such as creation, modification, deletion) to KDEs, recommend the prioritization and identify the impact for the key stakeholders.

Ensures controls are in place over applications and manual processes to insure data integrity by performing root cause and gap analysis.

Document and maintain data calculation rules, data sourcing rules, data transformation rules and data lineage in a centralized data governance repository

Identify and categorize the inconsistencies between the group and divisional structures and metadata and partner with the group and divisional DMOs to identify root cause of inconsistencies; Define the remediation approach.

RISQ Group – Lead IT Risk Business Analyst (Consultant) Société Générale, New York, NY Sept 2018 – Nov 2019

Identified data security issues and risks. Developed and wrote business risk mitigation strategies utilizing GRC Archer.

Designed ISO27001 compliant procedures for the digital forensics analysts

Analyzed delivery of services of infrastructure team to meet sprint objectives while adhering to budget restraints.

Facilitated internal staff training and awareness for system risk assessments, encryption of unstructured data, and user monitoring.

Designed business and functional requirements for RCSA Program; implemented Archer measures, conducted quality testing and configurations, obtained appropriate authorization, and executed procedures for Steering Committees.

Reviewed and interpreted vendor due diligence security controls; assessed security controls effectiveness and streamlined practices to align with business processes.

Managed e-GRC tools to ensure secure and prompt communication of findings and deployments of questionnaire to the vendor and to track vendor progress on remediation.

Managed end-to-end risk audit infrastructure reviews, remediated gaps, and retested for internal compliance.

Implemented IT risks for Audit and Governance programs with SOX, IISO, COSO, COBIT, NIST Frameworks; enforced policies to support industry mandates.

Internal Audit and Compliance (Consultant) Citigroup Global Markets, New York, NY Jun 2017 – Aug 2018

Developed and executed auditing plans in accordance with Internal Audit standards, relevant government statutes status and regulations, and Citi Group and Citibank policies. Tested processes, identified risks, and implemented remediation plans.

Supported senior management to optimize internal controls affecting operations, finance, regulatory, and business risks; proposed business process improvements that promoted efficiency and mitigated risks.

Executed new finance and audit procedures, practices, and accounting standards to ensure GAAP & SOX compliance

Tracked KPI's for audit, finance, and enterprise risk management departments for review by the executive board.

Revamped internal control structure and framework applicable to financial reporting; ensured compliance with regulatory rules and laws.

Data Management Business Analyst (Consultant) (UBS), Weehawken, New Jersey September 2015 – May 2017

Served in multiple roles. Reviewed internal audit plan for Firms Risk Management Policies, and controlled Framework for Regulatory Programs, as well as checked data architecture to ensure compliance. Developed and implemented validation rules.

Reviewed internal audit plan for the Firms Risk Management Policies, and control Framework for Regulatory Programs implementation of FR Y9C, FR Y 14A, FR Y 14Q and FR Y 14M to ensure BCBS 239 Compliance

Reviewed Data architecture governance framework ensuring internal policies and producers

Partner with CCAR Validation stakeholders to conduct walkthrough of business requirements to understand development of Axiom data validation rules to ensure reported values are aligned with transactional data by documenting governance framework

Conducted internal audit to evaluate how the CCRIP team created the corresponding validation rules for each report by understanding each allowable value and corresponding edit checks

Examined Informatica axiom extraction based on the Pseudo logic created to ensure data accuracy by conducting several work papers to validated Pass and Fail of each validation rules

Confirm key stakeholder approval to obtain proper sign off and authenticate CCAR validation remediation process to resolve any data anomalies

Reviewed CCAR RAID Log to identified enhancements needed for existing issues to comply with BCBS 239 principals revolving on credit risk, regulatory and liquidity reporting

Directed end to end audit of CCAR central repository, documenting lack of internal data quality controls and communicated with lead CCAR stakeholders for the development and documentation of Corrective Action Plan (CAP)

Led fieldwork to develop work papers for the Design Effectiveness Assessment (DEA) by meeting with CCAR Validation team leads to assess robustness of internal controls to audit the end-to-end development and implementation of validation rules

Implementation Specialist - Time Attendance (Consultant) Amano US Holding, Inc, Roseland, NJ Sept 2013 – May 2017

Delivered comprehensive Time Guardian solution to clients in order to accurately utilize timesheet portal platforms and configured to specific requirements. Ensured and enforced Quality Assurance standards.

Directed market research and tracked market/competitive trends; identified potential disruptive threats, weighed client preferences, and gathered feedback for future developments.

Introduced various products to clients and partners; gained valuable input to align with business strategies and vision.

Coordinated with clients to onboard Third-Party Vendor applications; met time management needs and requirements.

Lead weekly status meetings to reviewed issues, discuss solutions, and implement corrective actions.

Attended Steering Committee discussions; provided project progress reports, identified and mitigated high-level risks, addressed project remediation strategies, and produced deliverables.

Security & Compliance Analyst (Consultant) Panasonic, Secaucus, NJ Jan 2012 – Aug 2013

Revamped insufficient processes and recommended specific software/hardware as well as proposed Notice of Findings and Recommendations (NFRs) to streamline operations.

Evaluated Third-Party Vendor Software Solutions and recommended desktop security software and O/S Management tools compliant with Panasonic platform.

Reported and analyzed agreed to SLAs between Panasonic and clients to define contractual tasks and requirements.

Collaborated with external providers on developing and maintaining IT asset security policy and procedures.

Investigated IT network and systems to test Cyber Security; analyzed findings and drafted detailed reports for management.

Assisted in development of an enterprise-wide Security Architecture Assessment Plan and Security Architecture; thwarted potential attacks on organization's computer system.

Education & Certifications

Bachelor of Arts in Criminal Justice Kean University, Union, NJ

Certification in Computer Support and Network Support Lincoln Tech Institution, Edison, NJ

Contact this candidate