Information Technology Subject Matter
Resume:
Steve Boston
Bessemer City, NC 28016
***********@*******.***
I am passionate about Audit; Compliance, Risk & Controls. I have gained an appreciation in performing audits and reviews that produce effective results. Research and understanding of the Business processes and system operations, as well as, discovering enhancements and implementations provides structure and consistency to the industry. I enjoy ensuring adherence to policy and procedure as well as the validity and evidence of the documentation involved. I value the knowledge of technology, tools, and applications used in operations and providing reporting.
Experience:
Bank of America; Global Technology Operations – Merchant Services Oct. 2022 – Jan. 2023
Risk & Compliance Specialist
Merchant Processing Technology – Develop reports for SVPs on a weekly basis regarding Past and Coming Due Risks:
Issues based on the applications’ Application Inventory Tool number from its source
Deliverables are maintained within the Enhanced Remediation Program and remediated within a time frame:
oRisks remediated within 12 months followed a Just Do It process
oRisks remediated beyond 12 months followed a Low Risk Monitor process
Assessments are assigned to specific stakeholders including the Line of Business contact; however, will be reported with the AIT Tech. Exec.
Findings of Third Party Information Security are assigned a Remediation Assessor who works with the Vendor to determine plan/target dates for remediation. There are two types of TPIS Findings:
oManual Ethical Hack – automated scanning tools and skilled manual interaction with the applications’ business logic in an attempt to identify potential weaknesses in the application’s security model that a hacker could exploit.
Functional Security Assessment – a manual assessment to determine if a web application could be abused by an associate to send email, share files, or navigate the web in ways that bypass the bank’s control. For example, could a web app be abused by a malicious insider to upload proprietary files while on the banks network and then later download them when off? No automated scanning tools are used in the assessment. This assessment type is included with the MEH assessment.
Wells Fargo; Enterprise Next Generation Inventory Mar. 2021 – Jun. 2022
Senior Compliance Specialist
ENGIn – Program was established to define a sustainable approach to expand and maintain a regulatory inventory. Wells Fargo committed to developing a sustainable, comprehensive inventory of laws and regulations for states and specific non-U.S. jurisdictions.
Map Major Compliance Requirements to Risk Accessible Unit (including MCR attributes)
Control identification by RAU (for MCR attributes)
USAA Bank; Consumer Credit Card May 2020 – Sep. 2020
Risk Analyst
Assist PWC and Testers with interviewing Stakeholders to determine the soundness of Controls per different Experiences and gaining supporting information such as: who the Control Owner, Experience Owner, Senior Experience Owner, and Process Owner is, if the Control is Key or Non-Key, associated Processes, Risks and Federal Regulations. Gather information, research Systems of Record and analyze data within reports to make decisions in aiding the Controls to pass testing. Support First Line of Defense; overseeing and supporting operational processes, risks, and controls. Trained in Metric-Stream and completed MS templates which fed Turbo-Risk; a process to flush out errors and/or gaps within the template, made corrections to the information within the template for submission to MS for changes/updates.
Assist with strengthening initiatives; Be a Compliant Company.
Wells Fargo; Data Risk Control Operating Model and Business Process Risk Management May 2018 – Feb. 2020
Operational Risk Consultant
DRCOM – Data Risk Control Operating Model
Identify gaps in Data Risks and develop enterprise operational Data Controls that are effective and align to and reduce Risks
Stratify Business Processes and classify them into one or more phases of the Data Lifecycle
COMPILE and STRATIFY – The annual assessment used to identify the scope for future mapping
Process Description: Consider what the different components are that make up the Process in order to assign the Risk
Impact Filters: Financial Impact, Regulatory Compliance Impact, Internal/External Customer Impact, Percentage of Customers Served, Data Security, and Reputation Impact (includes Social Media)
Privacy Filters: Process Operational Exposure, Process Access to Data, Non-U.S. Personal Data Impact, Nature of Data, User of Data, and Third Party Service Provider Controls
Susceptibility Filters: Manual Processing, Third Party Service Providers, International Operations, Subject Matter Experts, Inter-Dependencies/Handoffs, External Data Feed Systems, External Facing Systems, and Business Environment Changes
Control Environment Filters: Risk Assessment Results, Wells Fargo Audit Services Results, External Reviews and Exams, Internal Loss Data, and Process Metrics
BUSINESS PROCESSES:
Private Bank – Direct Private Investment Program
Investment Institute Business; Global Alternative Investment Trades; Execute Trades, and Institutional Retirement & Trust
Steve Boston; cont. Page 2
ANALYZE and REMEDIATE – The execution of mapping for High, Medium, and Low Risk Business Processes identified during Compile and Stratify. A&R
encompass: Build’s, Data Compilation’s, Peer Review’s and Quality Assurance
Perform Data Governance by diagramming Business Processes using Visio; Pools and Swim Lanes
Process: Name, Owners: Process and Control, Subject Matter Experts, Objectives, and Preceding and Subsequent Process title
Activities/Steps: Activities and steps by role or function and type using Decision Points, Owners, and Subject Matter Experts
Risks: Descriptions, Significance, Titles, Categories and Sources
Controls: Descriptions, Importance, Types, Automation, Frequencies, Titles, Categories, Sources and Owners, and Subject Matter Experts
Peer Review: Risks; accurately documented, Controls; testable – required components in Business Unit Tailored Control, Controls; Classification’s appropriate, Data 100% consistent; between: Data Compilation, BIKE and the Build Report, Shared Drive; all Required documentation saved
Credible Challenge: Collaborative discussions between Subject Matter Experts, Process Owners and Operational Risk Consultant
Data Compilation: A collection of specific information associating Risks to Controls that are sound and can be tested and validated
Monitoring Activities: Descriptions, Titles, Automation, Frequencies, Sources, Owners, Subject Matter Experts, and applicable Key Performance and Risk Indicators
Policies: Categories, Titles, Descriptions, Types, Location, Sources, Publish Date, and Owners
Review Activities: Descriptions, Titles, Types of Frequencies, Report Data, Assurance, Sources and Owners, and Subject Matter Experts
Revise drafts, review process flows for presentation in PowerPoint and stored in Share Point
Conduct Risk and Control Self Assessments, designs, implementations, and maintain controls
MAINTAIN – Partnering with Process Owners annually, after initial process mapping, to review and update documented Processes, Risks, and Controls. Prepare
presentations using Power Point and saving/sharing files in Share Point.
SPECIAL PROJECTS
Identify ALL High Risk Business Processes that contain use of Third Party Service Providers within Wealth and Investment Management / Business Process Managements Inventory
Provide a list using Excel, of the “loan-related” Processes across Wealth and Investment Management. Anywhere we provide loans to WIM Clients and any details about each Process identified. If the Process is high-risk or managed-in, provide packages with level five maps and risks and control details. This is needed in preparation for a corporate risk review that is planned around understanding where we provide loans and specifically, how we manage pre-payment fees and calculations
TD Bank Jan. 2017 – Feb. 2018
Senior Business Analyst
Gather information from Business Partners, Lines of Business', Subject Matter Expert's, and Technology to document Issues and Change Requests in the database; Data Issue and Change Governance. Map Processes using Visio and Business Requirement Documents for required Government Regulation as well as Audit purposes to show and track history and lineage. A contributor to Treasury Balance Sheet Management within an agile environment
Set up and build 500 securities in In-Trader for Scottrade for a purchase worth of $8B
Establish Data Quality rules for four derivative Critical Data Elements: Internal Trade ID, Maturity Date, Derivative Notional and Clean Mark-to-Market
Research three derivative Critical Data Elements for Data Quality rules: Entity, Maturity Date and Notional
Change Requests and Business Requirement Documents: In-trader Entity #201 (NA Asset Management Elimination), New Field needed to report Fair Value Hedge for International Financial Reporting Standards, Scottrade Bank, and (STB) Conversion.
Wells Fargo Jun. 2015 – Jan. 2017
Risk Analyst
Work in accordance with Federal Regulations to maintain a Risk Reporting Inventory of the 21 Monthly/Quarterly reports: ACT Past Due Certification Summary, Compliance Enhancement Program, Update Enterprise Information Technology, Operational Risk Management, Executive Risk Profile Review, Enterprise Information Technology; Risk Control and Self-Assessments/Review, Quarterly Control Assessment, Enterprise Information Technology; monthly Risk Report Update (Interim), Operations Review Report, The Nine Enterprise Information Technology Divisional Reports Top of Mind, Risk Report for Executives, Regulatory Report Updates requested by Executives, Operational Risk Profile Report, Quarterly Control Assessment/Rep Letter, ETGC Presentation, Risk Bi-weekly Status Report, Executive letter to Chief Financial Officer. Perform Quality Assurance to ensure proper documentation exists and is current showing where the information comes from, how the report is created, and the distribution of the reports within each of the Share Point folders.
Work with Federal Regulations and Major Compliance Requirements; assist in assigning Summary and/or Detail Controls considering the combination of Product Class/Activity to mitigate the Major Requirement. Federal Regulations include: Captive Insurance Laws Corporate, FDIC Annual Audits and Reporting, Labor Management Reporting and Disclosure Act, Municipal Securities Rulemaking Board Rules, Recordkeeping and Confirmation Requirements for Securities Transactions, Regulation Fair Disclosure and State and Local Sales and Use Tax.
Liaison with Attorneys/Proponents to document within the Control Nomination workbook; Major Compliance Requirements, research Controls Catalog to apply Controls with MCRs and then update the Control Review Analysis System. Update CRAS+ included: additions and/or changes to Sub Sections (Citations, title and description), MCRs name and/or description, product class/activity associations and control additions.
Perform reporting utilizing Operational Risk Information Store
Work in concert with Global Wholesale Lines of Business to meet Office of the Comptroller of the Currency audit requirements
Document in Excel the data linkage table and diagram in Visio Pro; High Risk Business Processes: Confirm Trades, Process Payments and Deposits, Service Customers and Accounts, Correspondent Banking, Foreign Item Processing and Treasury Management Operations; showing risks and controls for the International Global Wholesale team. A contributor to Wholesale, within an agile environment.
Ensure the completion of Business Process Risk Management by analyzing and remediating responsibilities including:
oCoach and guide process owners to identify process risks and controls
oValidate previously unidentified risks, control gaps, and monitoring activities
Education and Experience
Excel, Outlook, PowerPoint, SharePoint, Skype, Tableau, Visio, WebEx, and Word
Lee University, Cleveland, TN: Bachelor of Science, Accounting
The University of Akron: Information Technology
Contact this candidate