Summary
Overview
Work History
Education
Skills
Certification
References
Timeline
Generic

ANTON FINNIE

Longwood,FL

Summary

Results-oriented Risk Analyst with 8+ years of experience in Risk Management. Skilled in conducting Risk assessments, Control Testing, and Operational Risk management. Effective communicator with strong attention to accuracy and critical thinking skills. Instrumental in minimizing financial risks for clients.

Overview

10
10
years of professional experience
1
1
Certification

Work History

Operational Risk analyst/ Issue Management

Citi Bank
Jacksonville, FL
10.2023 - 10.2024
  • RSA Archer GRC tool used
  • Documented and reported risk to Vendor Assessment management team, business partners and vendors
  • Identified and measured risk associated with Customer Impact / Reputational and Financial impact
  • Performed weekly scorecard reporting and data management (Overdue/Past Due or coming due issues.) Presented reports for system owners and senior management
  • Provided recommendations to remediate control gaps and assist with project management on remediation efforts
  • Developed and maintained currency of supporting procedures and documentation to provide a reference source for ensuring consistency of future activities
  • Identified and assessed potential risks by performing daily data comparisons and reporting finding to aligned LOB, gathering essential data, and auditing functions, recommended and implemented corrective action when necessary
  • Collaborated directly with large groups of information technology and business stakeholders
  • Reviewed security policies, procedures, standards, and guidelines
  • Assess current business practices and identify opportunities to promote effective data and issue management
  • Lead issue assignment and sourcing of issue alignment
  • (Info Sec, IT Risk, VA related etc)

Risk and Compliance Specialist/ Control Testing/ Third Party Risk management

Deloitte & Touche LLP/ Wells Fargo Bank
Charlotte, NC
08.2022 - 10.2023
  • RSA Archer GRC tool used
  • Conduct evaluation of the design and performance of internal controls to assess whether the controls and underlying attributes are designed/operating effectively to mitigate risk
  • Validated all controls at the vendor site to ensure their confidentiality, integrity and availability of our data in their custody
  • Interact with line of business leaders and conducted walkthroughs to understand control processes
  • Document testing results and report on controls effectiveness
  • Effectively communicate and interacted with client business leaders
  • Lead the development of client deliverables or for internal business needs
  • Produce quality work products with minimal management oversight throughout project and controls evaluation lifecycle (from control evaluation planning to results documentation)
  • Serve as subject matter advisor on projects, including providing recommendations to improve or remediate control deficiencies or reduce risk for our clients
  • Identify, evaluate, and prioritize business, operational, regulatory, and technology risks as well as risk mitigation strategies for our clients
  • Review vendor MCRs to adhere with current compliance revisions and or updated QA controls to meet requirements
  • Assessed QC/QA task to ensure compliance is met within the scope of business

Third Party Risk Analyst/Operational Risk analyst

BMO CAPITAL MARKETS
Jersey City, NJ
12.2021 - 07.2022
  • RSA Archer GRC tool used
  • Performed remote assessments of vendor engagements
  • Performed vendor documentation review and analysis
  • Documented and reported risk to Vendor Assessment management team, business partners and vendors
  • Reviewed completed questionnaires (SIG) and supporting documentations
  • Documented risks and recommendations based on a vendor's lack of controls
  • Identified and measured risk associated with vendor security controls
  • Tested IT controls (content filtering, password lockout etc.) and documented gaps
  • SOC 2 Type 2 /Type 1 / SSAE 18 reviews from vendors
  • Provided recommendations to remediate control gaps and assist with project management on remediation efforts
  • Developed and maintained currency of supporting procedures and documentation to provide a reference source for ensuring consistency of future activities
  • Assisted with various third-party risk management program initiatives working closely with the Third-Party Risk Management Leaders
  • Performed remote assessment of third parties
  • Identified opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
  • Identified and assessed potential risks by performing walkthroughs of data centers, gathering essential data, and auditing functions, recommended and implemented corrective action when necessary
  • Assessed the quality of assets and liability management strategies, the adequacy of capital and earning performance
  • Analyzed financial statements and other documentations of borrowers, guarantors and other related entities to assess risk and creditworthiness on a national basis
  • Created and presented reports for system owners and senior management
  • Collaborated directly with large groups of information technology and business stakeholders
  • Reviewed security policies, procedures, standards, and guidelines
  • Assess current business practices and identify opportunities to promote effective third-party risk management

IT Third Party Risk Analyst

IBM
Santa Monica, CA
01.2020 - 12.2021
  • Administered assessment questionnaires to our vendors
  • Conducted on-site risk assessments based on agreed-upon procedures guidelines
  • Reviewed key vendor-provided documentation report
  • Reviewed the access control management on the vendor site
  • Complete projects and reports to be submitted to the business owner and management office
  • Escalated issues of vendor's non-compliance to the vendor management office
  • Planned and executed onsite security/risk assessments for vendors
  • Carry out various types of vendor assessments such as onsite, virtual, risk assessment for our vendors depending on information from the vendor management office
  • Validated all controls at the vendor site to ensure their confidentiality, integrity and availability of our data in their custody
  • Completed assessment manually on excel
  • Working with the vendors to ensure risks discovered are remediated within a reasonable time

Vendor IT Risk Analyst

PNC BANK
New York, NY
08.2017 - 06.2019
  • RSA Archer tool used
  • Coordinated with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements
  • SOC 2 Type 2 /Type 1 / SSAE 18 reviews from vendors
  • Assessed completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls
  • Produced detailed documentation of assessments
  • Communicated vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks
  • Validated evidence from vendors before remediation plans are closed
  • Responsible for managing and reviewing the employee entitlement access to internal systems of the company
  • Escalated issues associated with vendors as needed to management
  • Supported the VRM Program to effectively manage vendor risk in accordance with internal policy and regulatory requirements, ensuring strong oversight of all vendor risks and provide visibility of existing and emerging risks
  • Maintained established relationships with the Business and applicable stakeholders to ensure proper execution and compliance with VRM policies and procedures
  • Assisted in the reporting of vendor risk management activities
  • Promoted and delivered continuous training and awareness to Business partners on vendor risk

Third-Party Risk Analyst

GEICO
Springfield, NJ
12.2014 - 07.2017
  • Plan and conduct security risk assessments for all third-party vendors
  • Work with the vendor for oversight to ensure adequate tier-in for vendors-based applications on the level of data they have access to
  • Conducts onsite and virtual risk assessments to continuously determine the security posture at the vendor site
  • Review and validates all controls at the vendor site to ensure data confidentiality
  • Administer questionnaires to all vendors to determine the control effectiveness
  • Validate security questionnaires vitals, to ensure up-to-date data protection on vendor site
  • Review all essential security policies and procedures documentation
  • Provide detailed reports of assessments to business owners and the vendor management office
  • Escalate issues of 3rd party vendor's non-compliance to the vendor risk management office (VMO)
  • Performed continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure the protection of data at the vendor sites
  • Ensure third-party relationships adhere to the company's policies, procedures and are compliant with regulatory guidelines and industry best practices
  • Prepare third-party portfolio reporting of risk and performance to senior executive

Education

High School Diploma -

St Lucie West Centennial High
Port Saint Lucie, FL
05-2007

Some College (No Degree) - computer science

Compliance Education Institute

Skills

  • GRC tools: RSA Archer, MetricStream, Prevalent, Coupa, SNOW
  • Experienced in Regulations: UDAAP, OCC, FDIC, FRB, CFPB, PMLA, BSA, SEC, REG Z, TILA, FCRA, ADA
  • Control Frameworks: NIST, COBIT, ISO 27001
  • Intermediate: MS Excel, MS Word, MS Access, MS Project, MS Visio, PowerPoint
  • Data Analytics
  • Risk and Control Self-Assessment (RSCA)
  • IT risk management
  • Risk Mitigation
  • SharePoint
  • Control testing
  • Operational Analysis

Certification

  • Certified Regulatory Vendor Program Manager (CRVPM)
  • Certified in Risk and Information Systems Control (CRISC) - ISACA (In View)
  • Certified Information Security Manager (CISM) in view

References

available upon Request

Timeline

Operational Risk analyst/ Issue Management

Citi Bank
10.2023 - 10.2024

Risk and Compliance Specialist/ Control Testing/ Third Party Risk management

Deloitte & Touche LLP/ Wells Fargo Bank
08.2022 - 10.2023

Third Party Risk Analyst/Operational Risk analyst

BMO CAPITAL MARKETS
12.2021 - 07.2022

IT Third Party Risk Analyst

IBM
01.2020 - 12.2021

Vendor IT Risk Analyst

PNC BANK
08.2017 - 06.2019

Third-Party Risk Analyst

GEICO
12.2014 - 07.2017
  • Certified Regulatory Vendor Program Manager (CRVPM)
  • Certified in Risk and Information Systems Control (CRISC) - ISACA (In View)
  • Certified Information Security Manager (CISM) in view

High School Diploma -

St Lucie West Centennial High

Some College (No Degree) - computer science

Compliance Education Institute

Similar Profiles

  • Sreeja Gangavarapu

    Sreeja GangavarapuSreeja Gangavarapu

    Golang Developer at Citi BankGolang Developer at Citi Bank

    View Profile
  • BHARATHNATH L

    BHARATHNATH LBHARATHNATH L

    Senior Ops Support Specialist at CITI BANKSenior Ops Support Specialist at CITI BANK

    View Profile
  • Stephanie Fields

    Stephanie FieldsStephanie Fields

    Recruiting Lead, Vice President at Citi BankRecruiting Lead, Vice President at Citi Bank

    View Profile
ANTON FINNIE