Risk Management Information Systems

Alichia Scott Wicker, MBA

Page * of *

Conyers, Georgia 30094 • 404-***-**** • ********@*******.*** • www.linkedin.com/in/alichia-scott-wicker Qualifications Profile

IT Risk Manager with experience in risk management and audit. Consistently engaged in bridging the gap between business and technology to mitigate risk and identify gaps. Effective in building relationships and leading team members to drive results. Strong understanding of technology risk management, IT controls, create policies and standards, and governance frameworks. Strong attention to detail and organizational skills. Excellent communication and people skills, with an ability to influence at all levels of an organization. Proven ability to deliver engaging and persuasive presentations. Excellent problem-solving and analytical skills.

IT Auditing: Proven success in auditing information systems applications and infrastructure to determine if appropriate controls exist and that IT procedures comply with corporate policies and best practices. Exceptional controls tester who pays attention to detail, to ensure that each testing phase is comprehensible, traceable, and replicable, thereby enhancing the overall effectiveness and reliability of IT controls.

Governance, Risk, and Compliance: Support the governance framework to ensure effective oversight an organization’s technology practices. Monitor compliance with internal policies, assessing risks, provide insights into technology governance practices, and implement controls to safeguard the organization’s data, systems, and processes. Core Skills and Technologies

Skills: SOX, PCI DSS, GLBA, FFIEC CAT, SSAE 16, NIST and CIS Frameworks, SAS 70, ITIL, COSO, COBIT 2019, Application, and IT General Controls Testing, Risk Assessment, Governance, Risk Control Self-Assessments, Agile Methodology Software/Tools: RiskPro, Microsoft Office 365, Active Directory, SailPoint, Archer, ServiceNow, SMS, Qualys Guard Education and Credentials

Master of Business Administration, Technology Management American InterContinental University, Dunwoody, GA Bachelor of Science, Computer Information Systems Herzing College, Atlanta, GA Certification: CompTIA Network+ Certified Professional Experience Highlights

First Citizens Bank, 2024 - Present

Sr Cyber Security Risk Officer, 2023 – 2024

Responsible for leading the design and implementation of cybersecurity risk assessments, develop solutions to address identified risk, and ensure risk strategies are effective and compliant. Partner with Technology Leaders, Control Owners, and Risk Managers to identify and mitigate cybersecurity risks.

Leads risk assessments such as Federal Financial Institutions Examination Council Cybersecurity Assessment Tool

(FFIEC CAT) and National Institute of Standards and Technology (NIST) 2.0 to evaluate key risks, identify gaps and identify the maturity of the cybersecurity capabilities.

Leads the tracking and resolution of issues by collaborating with cross-functional teams to address gaps, implement remediation efforts, and test the corrective actions to ensure compliance. Synovus Bank, Atlanta, Georgia, 2020 - 2024

Technology Operational Risk Manager, 2023 – 2024

Responsible for building strong relationships and maintaining consistent interaction with leadership and team members to proactively identify and understand technology risks and their impact to the operating environment. Develop and maintain IS policies, standards, and standard operating procedures.

Assisted with defining the IT Operational Risk Management (ORM) program, strategies, and processes to improve performance and the value of the Risk Control Self-Assessments (RCSA) and Key Risk Indicators (KRIs).

Partnered with the first line of defense teams such as Information Risk and Resiliency (Identity and Access Management, Business Continuity, Cybersecurity, and Physical Security), Application Development, Enterprise Technology, Infrastructure, and Networking to drive change and support ORM including identification of risks, test controls, developing remediation strategies (e.g., corrective actions), issue management, policy management, and advising where risk controls are needed.

Assisted IT Leader with creating KRIs and monitor operational issues to ensure timely completion and appropriate mitigating controls are implemented.

Provided day-to-day leadership, coaching, and training to the cross-functional ORM team to deliver solutions and services to meet the enterprise's needs.

Alichia Scott Wicker, MBA

Page 2 of 2

IT Operational Risk Analyst Lead, 2020 – 2023

Led risk management initiatives to effectively identify, assess, mitigate, and monitor operational risk. Analyzes the IT environment to detect critical deficiencies and recommend solutions to ensure risk mitigation.

Led the annual IT risk-based planning process to identify areas that warranted targeted Risk assessment.

Worked with IT stakeholders to identify and assess operational risk via Risk Control Self-Assessment.

Determined the adequacy and effectiveness of controls and develop action plans to remediate deficiencies and gaps identified in the internal control environment.

Assisted line of business management in designing, implementing, and updating enhanced policies, procedures, and processes to prevent non-compliance with laws and regulations.

Led risk management initiatives and participated in IT project meetings to document risk and controls for new products, or services.

Provided day-to-day risk support to build relationships and create a culture focused on proactive awareness and continuous improvement in the operational risk environment. Delta Air Lines, Inc., Atlanta, Georgia

Senior Systems Auditor, 2012 – 2020

Managed the full project life cycle for various IT audits. Defined audit scopes, formulated audit plans, scheduled milestones, conducted IT tests of internal controls, and created detailed audit reports for Senior Leadership.

Met with business stakeholders to identify areas of concern regarding risk. Collaborated with IT process owners and staff to identify recommendations for improvement in process optimization, internal controls, risk, and compliance.

Communicated IT audit findings to IT and senior business management. Analyzed and reviewed remediation plans and tested evidence to ensure correct remediation.

Former Sarbanes-Oxley (SOX) Project Leader, responsible for coordinating with management and external auditors to perform SOX testing and ensuring compliance with the company. Senior IT Governance and Compliance Analyst, 2010 - 2012 Served as an enterprise resource for regulatory and contractual compliance initiatives. Formulated and executed IT operational, regulatory compliance, and security audits to assess business risks and determine if adequate IT controls were operating effectively to mitigate the risks.

Conducted assessments of systems associated with financial statements to ensure SOX compliance.

Evaluated systems processing and the transmittal and storing of credit card data to guarantee compliance with the Payment Card Industry Data Security Standard (PCI DSS).

Conducted third-party assessment reviews, including analyzing vendor-supplied reports of Statement on Standards for Attestation Engagements (SSAE 16) for appropriateness, completeness, and applicability. Identified third-party risks, where the business either accepted the risk or required the vendor to mitigate it. IT Audit Consultant, Atlanta, Georgia

Information Technology Audit Consultant, 2008 - 2010 Developed the IT audit scope, prepared narratives, and performed walk-throughs to document processes and controls. Client engagements included ING, Trace Security, Ricoh, and TrustNet, Inc.

Designed and executed test plans based on management action plans for the remediation of IT risk identified during the compliance assessment. Followed up on critical findings weekly and retested.

Performed risk assessments by creating detailed controls that mapped Federal Financial Institutions Examination Council (FFIEC), Control Objectives for Information and Related Technology (COBIT), or National Institute of Standards and Technology (NIST) controls to minimize risk and the impact of information security vulnerabilities and threats.

Served as a SOX auditor and consultant, performing full lifecycle projects. Conducted Statement of Auditing Standards No. 70 (SAS 70) Type II audit to verify that specified controls were designed and operating effectively. CheckFree Corporation, Norcross, Georgia

Information Technology Auditor, 2007 – 2008

Performed IT audits, risk assessments, and reviewed regulatory requirements such as SOX, FFIEC, and SAS 70 requirements. Utilized Control Objectives for Information and Related Technology (COBIT), the Gramm–Leach– Bliley Act (GLBA), Committee of Sponsoring Organizations of the Treadway Commission (COSO), Information Technology Infrastructure Library (ITIL), and internal controls design and evaluation methods.

Contact this candidate