Risk Management Technology

JOHN GIORDANI

Technology Risk Manager and Information Assurance Specialist

1-646-***-****

ady8kq@r.postjobfree.com

www.linkedin.com/in/johnggiordani

I am a highly enthusiastic and output-driven Technology Risk Manager with over 20 years of progressive experience directing and consulting on Information Technology, evaluating existing systems, and implementing process improvements resulting in favorable outcomes. I am a self-directed, disciplined, and strategic candidate with a global vision of operations and real success in developing and managing technology risk programs and ensuring on-time delivery of risk assessment projects.

WORK EXPERIENCE

United Nations Federal Credit Union (UNFCU): Technology Risk Manager (Present Position)

Develop and manage an ongoing technology risk program as part of the ERM oversight program; provide assurance that enterprise-wide technology risks (including information security risk) are effectively managed and within risk appetite.

Performing enterprise risk oversight over technology-related risks embedded throughout the organization and with third parties. Perform independent risk identification and develop monitoring reports on IT and IS risk. Review existing reporting and data to explain trends and exceptions and identify emerging technology risks and issues.

Responsible for analyzing internal and external risks related to technology and understanding its potential impact in delivering on both our overall and IT strategy, and obtaining an interconnected enterprise understanding of risks and controls to assess whether recommendations are required, such as modifications or development of new controls.

Manage and facilitate the administration and integration of the organization's Governance, Risk, and Compliance (GRC) system and overall program.

Development of plans and processes to enhance risk management practices.

Collaborate closely with Information Technology (IT) and Information Security (IS) in understanding and developing effective risk management practices.

In addition to successfully implementing a technology risk management program within the ERM department, which has earned compliance with regulators, I have also been actively involved in efforts that have positioned the organization favorably for the $10 billion project. This project required meticulous risk assessment and mitigation strategies to ensure smooth execution and regulatory compliance.

NCHENG LLP, NY: Consultant and IT Director –from 07/2001 to 10/2022

Collaborate on implementing a strategic IT services, security, and data privacy plan.

Worked with a team of professionals performing Information Systems Audits, IT Risk Assessments, IT Compliance Reviews, and Cybersecurity Risk Management.

Worked in IT audit program execution, making changes to programs during the audit as required based on new information and identified risks.

Explained complex technical information to clients in a way that was easily understandable and met their needs by writing clear, concise, and constructive IT audit reports based on facts, severity, and risks.

Designed, shared, presented, and supervised the implementation of guidelines. As an accomplished presenter, I engaged the audience and heightened security awareness throughout the organization.

Assessed SLA and service contracts and derived the best value proposition.

Examined Disaster Recovery and Business Continuity plans and addressed short- and long-term critical business requirements.

Participated in IT audits for general and application controls for client financial systems.

EDUCATION

-Doctorate in Information Assurance

-University of Fairfax, VA, USA. (in progress)

-Master's Degree in Management of Information Systems

-The City College of NY, CUNY, USA.

-Bachelor of Arts in Italian Language and Literature for Foreigners

-ICON University of Pisa, (PI) Italy, EU.

SKILLS

Ability to work independently and manage personnel.

Ability to be flexible and quickly adapt to changing business needs and processes.

Ability to multitask, prioritize, and manage time efficiently.

Creative thinking to a wide variety of challenges.

Experience with assessing Azure and other cloud services.

IT Risk Management.

Cybersecurity Operations and Business Continuity.

Excellent knowledge of technical Management and computer hardware/software systems

Hands-on experience with computer networks, network administration, and network installation.

Experience with Microsoft Azure, Microsoft Azure AD, Microsoft Teams, Microsoft Teams Voice, and Microsoft Exchange (365).

CERTIFICATIONS

Certified Information Systems Auditor (CISA), ISACA

I race formula cars, and I am an avid skier!

Contact this candidate