John Barnes

Litchfield, CT ***** 860-***-**** ad4xmx@r.postjobfree.com

IT RISK MANAGEMENT LEADER

Top-performing technology leader with success planning, executing, and managing risk, mitigation and response, compliance, control assurance, and user awareness for multiple IT projects. Dynamic track record of developing and driving risk and control strategies and standards, with a strong analytical skill set ensuring the effectiveness of solutions, and managing vulnerability audits and assessments. Excellent communicator, with attention to detail and the innate ability to manage multiple projects with competing deadlines.

AREAS OF EXPERTISE

Operational Risk Stakeholder Management Governance Risk Compliance Risk Analysis

Residual Risk Reporting Project Management Process Improvements FFIEC NIST, ITIL ISO Leadership

RCSA Assessments GRC Control Evaluation Excel Archer and Service Now

PROFESSIONAL EXPERIENCE

Wells Fargo, Danbury, CT 10/2018 - Present

Senior VP Risk and Controls

Performed Control analysis and RCSA Risk assessments and infrastructure inventory reviews.

Drove analytical approach of our Risk assessable unit technology risk component with Excel based analysis.

Managed process for RAU to Infrastructure asset mapping across the 27 technology Process risk assessable units for 4000+ applications. This led to over 95% coverage of technology assets and led to a comprehensive technology risk assessment.

Facilitated contact between application development team, assessment and audit including matters of high priority. This included regular touchpoints and ad-hoc critical engagement.

Produced monthly metrics for Technology Risk Committee presentations on status of risk assessment mapping across technology and business LOBs.

Represented the central assessment team where necessary in bank concerns internally. Our forums were cross LOB exposure helped developed a broad-based solution.

Helped drive regulatory request Action Items pertaining to technology control space. This was for self-assessment related Issues as well as matters of high priority from regulatory requirements. All internal Action Items completed on-target.

Reporting and recertification of risk acceptances included review and challenge of their risk.

Interfaced with senior leadership across different LOBs within the firm facilitating an enterprise solution and risk reporting. This included adhoc and forum meetings.

Coordinated changes to RCSA documentation to include application risk and analysis as part of the workshop. Similarly added this to the Business Process Modelling guideline documentation.

Created reporting on Business Process modelling technology asset to Process modelling. Tracked and reported progress on monthly risk reporting. This was key to our approach to tech risk management. We went from 20% to 50% coverage of processes withing the first 6 months.

Agile shop with regular use of JIRA for tracking progress and task driven approach to solutions.

All risk management system of record details were stored in RSA Archer. Competent query builder.

JPMorgan, New York, NY 2/2006 - 12/2017

Technology Control Officer, 7/2014 - 12/2017

Led all risk management and control officer duties and operational risk assessments within technology horizontal LOB. Supervise a cross-regional assessment team, facilitating risk workshops and control evaluations. Create project plans from scope through delivery comprised of roles, tasks, schedules, budgets, and reporting systems. Manage project kick-off meetings and provide project updates to key stakeholders.

Coordinated the annual risk and control self-assessment process for horizontal Technology LOB. This was a 900 person software developer group with over 3000 applications.

Implemented a risk and control analysis program, completing controls testing for 500+ controls within deadline. This was a first time for the bank and we met all deliverables despite a serious shortage of staff on the evaluation side.

Led virtual team of 6 control evaluators including required onboarding, training and ongoing coaching. This group was pulled mostly from offshore and were part-time evaluators.

Drove the disaster recovery annual certification program within our LOB which included review and challenge of evidence as well as technology leader acknowledgement. Achieved a 100% certification score after first year.

Documented key reports to eliminate single person dependency and streamline reporting processes. This “keep the lights” on approach was mimicked across other LOB’s to improve our resiliency and RTO within Tech Risk.

Served as Trusted advisor to LOB CTO on risk posture to identify top 10 risks.

Presented RCSA results to LOB CTO summarizing issues and remediation expectations.

Customer Support Manager, Credit Portfolio Group (CPG), 2/2006 - 7/2014

Oversaw a 7-person Level 1 CPG team tasked with supporting CPG application and risk engines. Developed and deployed market tweak simulations for CPG front-office, including pre-trade pricing, quarterly Stress testing, Basel 3 runs, and ad hoc requests.

Developed close rapport with Middle and Front Office clients to support daily closing activities. Built up support team from the ground-up, providing training, weekly status reporting, goal setting, and end-of-year reviews.

Identified, documented, and maintained key service level agreements and KPIs within 98% target.

Expanded the scope of team from 1 application to 15.

ADDITIONAL RELEVANT EXPERIENCE

JPMorgan, Technology Manager on swap tranche tool developed using Whitelight software.

Whitelight Systems, Consultant focused on pre-sales presentations on multi-dimensional business analytics.

Revel wood Partners, Decision Support System Analyst implementing budgeting and forecasting models.

EDUCATION AND TRAINING

Master of Science (MS), Business Analytics and Project Management (In progress 2025)

University of Connecticut, Hartford, CT

Bachelor of Business Administration - Graduated Cum Laude

International University, Vienna, Austria

CRISC Certification, ISACA

Contact this candidate