Risk Management It Business

Page * Jacqueline Bennerman

JACQUELINE S. BENNERMAN

South Amboy, NJ **********@*****.***. Cell: 917-***-**** IT BUSINESS CONTINUITY & OPERATIONS RISK MANAGEMENT Methodical, forward thinking IT Risk and Compliance Analyst, and IT Business Continuity Disaster Recovery professional with a proven track record in Operational Risk Management, Vendor Risk Management and IT Business Continuity and Disaster Recovery. Proficient in developing and documenting control monitoring processes and procedures including policy/process compliance monitoring for highly matrixed environments. Highly skilled in IT Governance Risk Compliance (GRC), risk identification and remediation, control process improvement and Manager's Control Assessment (MCA) testing. and worked with 2nd Line of Defense regulators to demonstrate compliance with industry standards ensuring corporate best practices. Spearheaded and led multiple high-volume Data Center tests with Infrastructure, Mainframe and Distributed Software Applications within the CLOUD environment. Developed and maintained effective working relationships with Third-Party Suppliers, cross-functional departments and provided monitoring and self-assessments of IT risk management. supported implementation of new risk policies, practices, appetites, and solutions to ensure holistic understanding of risks according to industry best practices.

CORE COMPETENCIES

● IT Strategic Planning

● Operational Risk

● Risk Assessments

● IT Business Continuity Planning

● Business Impact Analysis

● IT Data Center Testing

● Application Recovery Plans

● Project Management

● Internal Audit Facilitator

● Cyber & Data Resiliency Governance

● Regulatory and Controls Management

● COBIT Framework

● NIST Framework

● Mapping Controls

● Documentation

TECHNICAL SKILLS

Software: Proficient with Microsoft Office Suite, Word, Excel, PowerPoint, Outlook, and Visio applications Internet: Chrome, I.E. Explorer, VDI, VPN, Cloud Computing, GRC 10.0, HTML Platforms: CitiRisk-GRC, Dialogic, CobTrac, Service Now, SharePoint, Documentum, Veritas, Citrix, RSA Archer, ICAPS, CSI, EERS PROFESSIONAL EXPERIENCE

WELLS FARGO

SENIOR CYBER AND DATA RESILIENCY BUSINESS RISK CONSULTANT (REMOTE) AUG 2022 - PRESENT IT CYBER RESILIENCY CONSULTANT MAR 2022 - JUL 2022

● Oversight for the Execution of Cyber and Data Resiliency Processes during the Sustainability (Maintenance) Cycles for established Risk mitigation Controls. Partner with Stakeholders to Create draft of Standard Operating Control Procedures and Flowcharts using Microsoft Visio application. Efficiently conduct Peer Reviews of Evidence Packages to ensure Compliance requirements are met in a timely manner.

● Collaborate with Control Partners on responses to Internal Audit as it relates to assessment program results. Proactively ensure Sustainability documentation, after-action reports and post lessons learned are accurately documented and uploaded in the Documentum repository.

● Create and design the monthly Cyber and Data Resiliency Center of Excellence Newsletter. Research, monitor, analyze and report on different Cybersecurity trends that increased readership by 20%.

● Onboard Cyber and Data Resiliency new team members. Track and produce required Compliance training for ALL Cyber and Data Resiliency staff. Perform, monitor and grant access management to the Cyber and Data Resiliency SharePoint Sie. CITIGROUP

BUSINESS RISK OFFICER, NEW YORK, NY (REMOTE) AUG 2020 – JAN 2021 IT RISK MANAGEMENT CONSULTANT, RUTHERFORD, NJ SEPT 2019 – JUNE 2020

● Effectively managed the Business Continuity planning program for 13 business units by identifying and guiding business recovery coordinators, resulting in updated and maintained Business Impact Analysis (BIA), Business Recovery Plans (BRP), Crisis Management Plans (CMP) and Call Trees. Conducted quarterly Call Tree tests during COVID-19 Pandemic for over 1800 staff members to ensure accuracy of contact list, staff awareness and response time. Page 2 Jacqueline Bennerman

● Oversight for coordinating over 30 Denial-of-Service (DOS) tests for the Front Office. Secured business users to test critical business applications and provided script and supporting evidence during pre/post testing. Reviewed pre/post-test application recovery plans, evidence

● Supported the integration of the ICRM Regulatory Inventory (RI) leveraging existing Manager’s Control Assessment (MCA) Program by ensuring we have mapped the regulations. Reported and escalated at-risk non-compliant regulatory changes to the appropriate audience, including raising Correction Action Plans as appropriate.

● Underwrite control mappings for Third Party, Information Security, Business Continuity, Data Management, Technology Infrastructure, Architecture and SDLC to appropriate regulations (e.g., OCC, FFIEC, FRB) and control frameworks (e.g., COBIT, NIST) for Enterprise O&T. Maintained a positive rapport with stakeholders across multiple functional groups and work streams to mitigate gaps in communication for open third-party issues, status updates, and thorough review of key documentation including, but not limited to Statements of Work (SOW), Master Service Agreements (MSA), and Service Level Agreements (SLA).

● Ensured all FFIEC CAT requirements, such as DFS500, have been accurately mapped to core regulation inventory to validate the controls in place, meet regulatory obligations and are operating as intended. Assumed responsibility of bridging the gap between multiple work streams such as Cyber Security and Information Security Personnel, Regulatory Reporting, Legal, Compliance, Credit Risk, Market Risk and Operations.

CITIGROUP

VICE PRESIDENT, IT OPERATIONAL SR. CONTROL OFFICER, JERSEY CITY, NJ JAN 2015 - APR 2019

● Conducted independent 2nd line of defense reviews of significant regulatory and control remediation, including significant long- dates from all sources.

● Effectively managed Third-Party Risk Management program on day-to-day to ensure new and existing Third-Party suppliers were fully assessed pre/post onboarding and within compliance of internal governance standards. Successfully established and upheld responsibilities for all respective business owners to monitor, review, and mitigate any known risks/issues associated with service providers. Collaborated with Sourcing and Accounts payables teams on end-to-end processing activities, contract negotiations, and contract renewals based on cost.

● Collaborated with Third Party Vendors and application managers to address End of Vendor and End of Life support for over 100 business critical software applications. Performed quality assurance on vendor risk assessments.

● Implemented and maintained a cohesive, effective, and consolidated controls governance model in support of Technology Software Development Units, Infrastructure, and Product Support teams located in NA, LATAM, EMEA, and ASPAC.

● Proactively identified control deficiencies through Technology self-assessment (testing and on-going monitoring) to assess the design and effectiveness of key controls designed to address compliance risk; reported and escalated control issues and any violations of laws or breaches of policy; and validated adequacy of remediation taken to address reported issues.

● Effectively managed the Manager’s Control Quarterly Risk Assessment Reviews to ensure health and adequacy; analyzed and documented report findings and had preliminary discussions with corresponding control/process owners. Influenced senior stakeholders within technology and risk groups to create, endorse and adopt common processes and tools.

● Performed project management functions by successfully tracking, monitoring, and providing governance and risk oversight for 100+ critical application Functional IDs with Audit mandate to implement compensating controls for Cyber Ark migration, DB Link, PWP Password, and CISAR Updates by required target dates. CITIGROUP

VICE PRESIDENT, IT DISASTER RECOVERY LEAD, NEW YORK, NY SEP 2006 - DEC 2014

● Conducted IT Disaster Recovery testing throughout the year for over 200+ critical applications, Distributive, UNIX, Mainframe, and Third-Party vendor components. Achieved full “Recovery Time Objectives” as well as Revenue Protection Objectives; and 85% of Revenue generating applications recovered within a 4-hour recovery window with a 100% success rate.

● Analyzed the disaster recovery test results, developed, and communicated any necessary recommendations to key stakeholders. Ensured all testing documentation / evidence was thoroughly reviewed for accuracy, approved, and stored in corporate tool and readily available for review by senior management, auditors, and regulators.

● Oversight of IT LOB Business Impact Analysis Planning, Business Recovery Planning, Crisis Management, Pandemic Planning, and Tabletop scenarios and call tree communications. Developed great working relationships with key stakeholders and Solicited feedback to apply best case scenarios and best practices.

● Proactively ensured 150+ Technology Application Recovery Plans were thoroughly documented, reviewed, uploaded, and attested in corporate tool Pre-Post functional Data Center test. Established and maintained the overall plans for executing all DR procedures and understanding their interdependencies.

● Participated in assessments of the impact of potential disruptions in IT services, including declaring a disaster and activating the DR plan in the event of a disruption.

Page 3 Jacqueline Bennerman

● Supported Technology stakeholders with internal and external audit inquiries, such as reviewing artifacts prior to submitting to internal and external auditors.

● Aligned the Technology Business Impact Analysis and Business Recovery Planning efforts with guidelines established by Citi’s risk management team. Acted as SME and first point of contact to senior stakeholders and other stakeholders.

● Created exercise scenarios and coordinated walkthroughs and functional exercises including Denial of Access Testing for over 100+ Technology staff working remote, and via 24X7 Globally.

● Vendor management – Established Third Party working relationships with Relationship Managers to ensure contractual obligations were met. Performed quality review assessments on Third Party applications housed in Citi System Inventory (CSI) to ensure alignment with Citigroup’s business objectives. Proactively drove the identification, assessment, measurement, mitigation and monitoring of Technology risk and controls through various Technology Application & Cyber Security assessments, KRIs, incident/event management and targeted risk assessments.

● Conducted deep-dive process risk reviews, identified risk and control gaps, formulated remediation plans, and tracked issue and corrective action plans to closure.

EDUCATION: Bachelor of Arts, Corporate Communications The City University of New York, Baruch College Certification: ISACA member working towards obtaining CISSP certification.

Contact this candidate