Operations Risk Management

SYLVIA C. FOYA, JD, MBA

Catonsville, MD ***** Email: ******@*****.*** Mobile Phone: 770-***-****

SUMMARY

Risk management professional experienced in operational risk, Identity and Access Management, Data Security, Data Privacy, Data Analysis and Data Management.

Possess knowledge of Cybersecurity risks to digital systems and data such as malware, ransomware, phishing, social engineering, password attacks, data breaches, insider threats, Internet of Things (IoT) attacks, Cloud abuse / vulnerabilities in Cloud, Distributed Denial of Service (DDoS) attacks, Mobile device vulnerabilities, ignoring software updates, supply chains, and State-sponsored cyber-attacks.

Possess knowledge of Cybersecurity control measures to protect systems and data such as:

Technical Controls: Firewalls, intrusion detection systems, anti-malware software, encryption, access control lists, strong passwords, multi-factor authentication, patch management, network security, application security, and backups.

Organizational Controls: Security policies, procedures, employee training programs, and incident response plans.

Physical Controls: Access control to physical facilities, security cameras, and alarms.

Capable of ensuring system and organization data protection from breaches for

Confidentiality, Integrity, and Availability purposes.

Familiar with NIST Cybersecurity Framework (CSF).

EDUCATION

Master of Business Administration, Finance and Accounting, Baker College Flint, MI 2011

Juris Doctor, Thomas M. Cooley Law School Lansing, MI 2004

Bachelor of Science, Governmental Administration

Christopher Newport University Newport News, VA 1998

IBM Data Science Professional Certificate

Databases and SQL for Data Science with Python – Completed 01/2025

Google Cybersecurity Professional Certificate

Certificate - Foundations of Cybersecurity – Completed 12/2023

Certificate - Play It Safe: Manage Security Risks – Completed 01/2024

Certificate - Connect and Protect: Network and Network Security – Completed 03/2024

Certificate - Tools of the Trade: Linux and SQL – Completed 08/2024

Certificate – Assets, Threats, and Vulnerabilities – Completed 01/2025

Certificate – Sound the Alarm: Detection and Response – In Progress

Certificate – Automate Cybersecurity Tasks with Python (To Be Determined)

Certified Internal Auditor (CIA) -Udemy.com

Part 1 – Full Study Course – Completed 08/2024

Part 2 – Full Study Course – In Progress

Part 3 – Full Study Course – To Be Determined

Sylvia C. Foya 770-***-**** Page 2 of 3

Risk Management Specialization

New York Institute of Finance 2023

Certificate – Introduction to Risk Management - Completed 04/08/2023

Business Analytics Specialization

Wharton Online – The Wharton School of the University of Pennsylvania Philadelphia, PA 2018

Certificate – Customer Analytics Completed 02/18/2018

Certificate – Operations Analytics Completed 03/19/2018

Certificate – People Analytics Completed 04/23/2018

Certified Anti-Money Laundering Specialist (CAMS)

ACAMS – the Association of Certified Anti-Money Laundering Specialists 2022

Mortgage Underwriter

Completed Training Program through Campus Mortgage Hollywood, FL 2020

Certified Master Mortgage Underwriter (NAMU®-CMMU)

Financial Markets and Investment Strategy Specialization 2019

Indian School of Business Online Certificate – Intro to Financial Markets Completed 04/14/2019

Certificate in Project Procurement & Contract Management

Boston University in collaboration with USDA- Graduate School Washington, DC 2005

EMPLOYMENT HISTORY

AML Risk Negative News Screening Associate October 2023 – Present

Morgan Stanley Baltimore, MD

Review and investigate media alerts and customer information to perform Negative News reviews.

Actively identify, measure, control and remediate AML and reputational risk issues.

Utilize Actimize, Genie, EBOSS, 3D, SharePoint, etc.

Risk Management Associate, Operational Mapping Coordinator June 2022 – Sept. 2023

Morgan Stanley Baltimore, MD

Conducted Operational Mapping Program Facilitation / Data Maintenance of the Strategic Warehouse of Operational Relationship Data (SWORD). Conducted annual testing of internal controls.

Maintained data integrity by performing quality assurance checks / quality control of data in SWORD.

Facilitated and coordinated the Due Diligence Review process of identifying changes and impact due to Organization, Legal Entity, Service / Process, Application / Process & Vendor / Process Triggers.

Worked with various stakeholders to identify the specific changes and facilitated the updates required within the Firm’s systems. Project Management. Time Management. Communication.

Managed Reporting / Performance Analysis. Developed / Facilitated reporting of Operational Mapping data to satisfy regulatory reporting.

Assisted with ad hoc analyses relating to data reconciliation supporting the integration from various sources into SWORD. RDBMS, Rapid SQL. SQL.

Stakeholder Relationship Management. Served as the central contact to maintain the list of business users across the program. Worked with the entitlement team to make entitlement changes.

Sylvia C. Foya 770-***-**** Page 3 of 3

Facilitated training for newcomers to the program and existing end users.

Supported the yearly Certification / Attestation Cycle of the Inter-Affiliate Data for the Firm’s regulatory reporting obligations (Title I Reporting of the Dodd–Frank Act).

Coordinated with both the first and third lines of defense to ensure both the accuracy of inter-affiliate data captured and the governance built around the program.

Performed consistency analysis of Morgan Stanley’s Inter-Affiliate Data.

Reporting of the data to support cross-functional teams / divisions.

Team member of the Global Operational Risk Department’s Baltimore Specialized Technical Analysts / Associates.

Business Analyst/Contractor (Working Remotely) October 2021 – June 2022

Lexitas Legal Houston, TX

Reviewed newly enacted or amended laws, rules, regulations, and guidance from federal and states.

Utilized the Enterprise Governance, Risk and Compliance (EGRC) system’s daily feed tool ServiceNow (SNOW) to manage risks across the Enterprise.

Contract Attorney (Working Remotely) September 2020 – September 2021

Lexitas Legal Houston, TX

Performed sanctions risk assessment of prohibited transactions with certain countries subject to economic sanctions on the Office of Foreign Assets Control ("OFAC") Specially Designated Nationals and Blocked Persons (SDN).

Reviewed and identified customer risk factors such as nonresident customers, cash-intensive businesses, complex company ownership structure, country / geographic risks and bank risk appetite.

Netting Analyst, Analytic Consultant II April 2018 – July 2019

Wells Fargo Bank Charlotte, NC

Performed Enterprise Counterparty Risk Management (ECRM) netting and collateral enforceability reviews of the International Swaps and Derivatives Association (ISDA) Master Agreement, Amendment(s) and Credit Support Annex (CSA), Schedule to the Master Agreement, the Foreign Exchange Master Agreement (FXMA), the Master Securities Forward Transaction Agreement (MSFTA), Master Repurchase Agreement (MRA), Master Securities Loan Agreement (MSLA), the North American Energy Standards Board (NAESB) contract, Master Lending Agreement and Prime Brokerage Master Agreement, by utilizing FX FileNet, FileNet, DocForce, Sales Force, and SharePoint document repositories. Experience using Adaptiv, Counterparty Credit Risk System (CoRS) and WCIS databases.

Ensured that netting and collateral terms were appropriately applied to counterparty-level exposure calculations. Worked with Legal, Documentation, Accounting, and Risk Management to resolve issues and assess the enforceability of existing master netting and collateral agreements.

Worked with the ECRM Limits and Monitoring Team and Collateral Operations to resolve any customer account and collateral pool set-up issues. Created new counterparty accounts in CoRS database.

Retrieved the Netting Management report and the Netting Exceptions report from the SQL Server Reporting Services, manipulated data and performed data analysis.

Prepared the Netting Management report and the Netting Exceptions report for management.

Performed Netting Exceptions reconciliation of Unmapped Algo Reference, Invalid Algo Reference, and researched Collateral ID mismatches, etc. Performed quality control of coworkers’ work.

Researched accounts with discrepancies, and reconciled counterparty accounts.

Contact this candidate