Third-Party Cyber Security

A N T H O N Y J . B O N A C E T O

CUMBERLAND, RI 02864 617-***-**** ***************@*****.***

l inkedin.com/in/anthony-bonaceto

S U M M A R Y

Accomplished Information Security Management Systems Analyst with in-depth experience in vendor, risk, and project management. Successful in minimizing the adverse impact of losses on the achievement of the organization’s objectives. Managing the planning, organizing, and directing the completion of specific projects while ensuring these projects are on time, on budget, and within scope. Team leader known for ability to communicate with diverse stakeholders and build strong alliances with clients and business partners. H I G H L I G H T S

• Responded to all Boston Mutual cyber security incidents and documented resolutions

• Relationship manager for the vendors Broadridge, SEI, RICOH, Rapid Ratings, Rapid 7, and CGL Security.

• Project manager for physical security upgrades, client enhancements, and resolving client issues, which included agile project management methodology.

• Collaborated with internal and external auditors to reduce company risk, review policies, and identify gaps in vendor’s business continuity plans.

• Recognized over $232K in vendor savings from multiple cost saving projects.

• Established vendor service level agreements for 40,000 custody statements and two million retirees checks and advices.

• Implemented new centralized procurement process for senior management to track, approve, and pay monthly vendor invoices.

• Managed the Third-Party Risk Management’s Financial Viability Program to reduce risk and identify financial health for all third-party vendors.

P R O F E S S I O N A L E X P E R I E N C E

Boston Mutual Life Insurance Company, Canton, MA 06/27/22-03/15/24 Information Security Management Systems Analyst

• Coordinated with CGL Securities to install new employee card readers and cameras to increase physical security within the office.

• Responded to all Boston Mutual cyber security incidents and documented resolutions

• Successfully completed two external audits focused on internal controls surrounding employee hiring, termination, and systems access.

• Upgraded SOC2 questionnaire to create better transparency among our Third-Party vendors

• Responsible for reviewing SOC2 and cyber security controls during Onboarding of Third-Party Vendors

• Reviewed weekly Rapid 7 vulnerability reports, tracked trends, and escalated critical issues

• Reviewed internal teams’ disaster recovery documents and provided efficiency recommendations

• Responsible for selecting employee cyber security training leveraging our vendor KNOWBe4

• Responsible for Cyber Security content for monthly newsletter STATE STREET BANK & TRUST, Boston, MA 07/2007 – 08/2021 Assistant Vice President, Third Party Risk Management Ongoing Monitoring Team (03/2020 – 08/2021) VENDOR FINANCIAL VIABILITY

• Created personalized Financial Heath Reports for all third-party vendors as liaison with the vendor Rapid Ratings.

• Improved efficiency by having Rapid Ratings input Financial Viability requests into system within 24 hours instead of 72 hours. Resulted in a 40% increased Financial Health Report completion rate.

• Transferred current Financial Viability process to new Archer database. Resulted in more efficiency which allowed all internal reviews to be in one centralized database.

• Created and provided Financial Viability Training for senior managers within the organization. Officer, Wealth Manager Services Vendor Management (07/2007 – 03/2020) RISK REDUCTION

• Conducted cyber security review with vendors regarding phishing, turning off email auto populate functionality, and review vendor’s Business Continuity controls to avoid a cyber security breach.

• Successfully completed Broadridge penetration test that assisted State Street finalizing a new contract with the vendor

• Implemented new controls with the vendor Broadridge that resulted in no Incidental Data Disclosures for our clients.

• Collaborated with external audit to review retirees checks and advices mailing process which resulted in a satisfactory rating.

• Conducted audit review of the vendor Broadridge which resulted in a satisfactory rating.

• Met with vendors annually to produce disaster recovery tests, inclusion of State Street Privacy and regulatory inserts in statements and created automated process to purge online statements after seven years per compliance retention policy.

PROJECT MANAGEMENT

• Project Manager for conversion of retiree services checks and advices to new mailing vendor. Conversion was completed on time, on budget, and improved delivery of retiree checks and advices.

• Resolved RR Donnelly statement commingling trend for Capital Guardian. Went on site at RR Donnelly in New Jersey and identified issue with inserter. Handled product replacement, managed rigorous testing, and resolved issue.

• Assumed all vendor responsibilities from the client team which allowed them to redistribute staff to focus strictly on supporting additional clients.

• Due to client statement SLA delays, conducted monthly onsite visits to our Detroit office to oversee statement printing, inserting, and delivery. Onsite presence resolved SLA issues and improved client relations. VENDOR MANAGEMENT

• Identified requirements for Broadridge contract negotiations that resulted in a favorable contract for State Street.

• Created and presented vendor training for all client teams and onboarding training for new employees.

• Created survey that allowed client teams to provide feedback on vendor management team.

• Finalized a cost per statement tool which assisted the sales team with pricing out statement costs for new clients. COST SAVINGS

• $146K saved by implementing new process for vendor receipt of checks and advice data files.

• Resolved aged invoice issue with Broadridge resulting in no aged invoices reported over five years.

• $26K saved by implementing new process for regulatory inserts to be included with checks and advices.

• $21K saved by implementing new environmentally friendly envelope for client statements. C O M P U T E R S K I L L S

• Microsoft Office/Teams • Archer Data Base • EPASS Procurement E D U C A T I O N A N D P R O F E S S I O N A L D E V E L O P M E N T Bachelor of Science, Communications and Psychology, SYRACUSE UNIVERSITY, Syracuse, NY LEAN Training, STATE STREET, Boston, MA

Certifications: NIST CSF 1.1 Lead Implementer Training; Implementing The NIST Privacy Network Received Bryant University Project Management Certificate. Completed course in February 2022

Contact this candidate