ANTON FINNIE
Longwood,USA
Summary
Results-oriented, adaptive and hard-working Risk Analyst/Data quality analyst with 5+ years of extensive experience in Risk Management; conducting Third Party Risk/Vendor Risk management/Control Testing/Operational Risk management duties. Effective communicator with strong attention to accuracy and great critical thinking skills. Instrumental in helping clients minimize or eliminate financial risks that could be detrimental towards business goals.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Operational Risk Analyst/ Data Quality Analyst
Citi Bank
Jacksonville, FL
10.2022 - 02.2025
- RSA Archer GRC tool used
- Performed daily data quality review of new and existing issues/CAPs created by tech owned/ business owned LOB's
- Identified inconsistencies or inaccuracies within my purview of Issue/CAP data attributes
- Identified and measured risk associated with Customer Impact / Reputational and Financial impact
- Performed weekly scorecard reporting and data management (Overdue/Past Due or coming due issues.) Presented reports for system owners and senior management
- Provided recommendations to remediate control gaps and assist with project management on remediation efforts
- Developed and maintained currency of supporting procedures and documentation to provide a reference source for ensuring consistency of future activities
- Identified and assessed potential risks by performing daily data comparisons and reporting finding to aligned LOB, gathering essential data, and auditing functions, recommended and implemented corrective action when necessary
- Collaborated directly with large groups of information technology and business stakeholders
- Reviewed security policies, procedures, standards, and guidelines
- Assess current business practices and identify opportunities to promote effective data and issue management
- Lead issue assignment and sourcing of issue alignment
- (Info Sec, IT Risk, VA related etc)
- Identify, evaluate, and prioritize business, operational, regulatory, and technology risks as well as risk mitigation strategies for our clients
- Review vendor MCRs to adhere with current compliance revisions and or updated QA controls to meet requirements
Risk Analyst/Operational Risk analyst
BMO CAPITAL MARKETS
Jersey City, NJ
12.2021 - 07.2022
- RSA Archer GRC tool used
- Performed remote assessments of vendor engagements
- Performed vendor documentation review and analysis
- Performed contract reviews to ensure compliance with aligned Reg/Contract agreements were accurate and complete
- Documented and reported risk to Vendor Assessment management team, business partners and vendors
- Reviewed completed questionnaires (SIG) and supporting documentations
- Documented risks and recommendations based on a vendor's lack of controls
- Gathered confidential financial information from client such as income, assets, and debts to aide in audits/control testing
- Identified and measured risk associated with vendor security controls
- Tested IT controls (content filtering, password lockout etc.) and documented gaps
- SOC 2 Type 2 /Type 1 / SSAE 18 reviews from vendors
- Provided recommendations to remediate control gaps and assist with project management on remediation efforts
- Developed and maintained currency of supporting procedures and documentation to provide a reference source for ensuring consistency of future activities
- Assisted with various third-party risk management program initiatives working closely with the Third-Party Risk Management Leaders
- Performed remote assessment of third parties
- Identified opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
- Identified and assessed potential risks by performing walkthroughs of data centers, gathering essential data, and auditing functions, recommended and implemented corrective action when necessary
- Assessed the quality of assets and liability management strategies, the adequacy of capital and earning performance
- Analyzed financial statements and other documentations of borrowers, guarantors and other related entities to assess risk and creditworthiness on a national basis
- Created and presented reports for system owners and senior management
- Collaborated directly with large groups of information technology and business stakeholders
- Reviewed security policies, procedures, standards, and guidelines
- Assess current business practices and identify opportunities to promote effective third-party risk management
- Analyzed and assessed risks that the organization and vendors may face
Third Party Risk Analyst
IBM
Santa Monica, CA
01.2020 - 12.2021
- Administered assessment questionnaires to our vendors
- Conducted on-site risk assessments based on agreed-upon procedures guidelines
- Performed vendor documentation review and analysis
- Performed contract reviews to ensure compliance with aligned Reg/Contract agreements were accurate and complete
- Documented and reported risk to Vendor Assessment management team, business partners and vendors
- Reviewed key vendor-provided documentation report
- Reviewed the access control management on the vendor site
- Complete projects and reports to be submitted to the business owner and management office
- Escalated issues of vendor's non-compliance to the vendor management office
- Planned and executed onsite security/risk assessments for vendors
- Carry out various types of vendor assessments such as onsite, virtual, risk assessment for our vendors depending on information from the vendor management office
- Validated all controls at the vendor site to ensure their confidentiality, integrity and availability of our data in their custody
- Completed assessment manually on excel
- Working with the vendors to ensure risks discovered are remediated within a reasonable time
Vendor IT Risk Analyst
PNC BANK
New York, NY
08.2017 - 06.2019
- RSA Archer tool used
- Coordinated with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements
- SOC 2 Type 2 /Type 1 / SSAE 18 reviews from vendors
- Assessed completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls
- Produced detailed documentation of assessments
- Communicated vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks
- Validated evidence from vendors before remediation plans are closed
- Responsible for managing and reviewing the employee entitlement access to internal systems of the company
- Escalated issues associated with vendors as needed to management
- Supported the VRM Program to effectively manage vendor risk in accordance with internal policy and regulatory requirements, ensuring strong oversight of all vendor risks and provide visibility of existing and emerging risks
- Maintained established relationships with the Business and applicable stakeholders to ensure proper execution and compliance with VRM policies and procedures
- Assisted in the reporting of vendor risk management activities
- Promoted and delivered continuous training and awareness to Business partners on vendor risk
Third Party Risk Analyst
GEICO
Springfield, NJ
12.2014 - 07.2017
- Plan and conduct security risk assessments for all third-party vendors
- Work with the vendor for oversight to ensure adequate tier-in for vendors-based applications on the level of data they have access to
- Conducts onsite and virtual risk assessments to continuously determine the security posture at the vendor site
- Performed vendor documentation review and analysis
- Performed contract reviews to ensure compliance with aligned Reg/Contract agreements were accurate and complete
- Documented and reported risk to Vendor Assessment management team, business partners and vendors
- Review and validates all controls at the vendor site to ensure data confidentiality
- Administer questionnaires to all vendors to determine the control effectiveness
- Validate security questionnaires vitals, to ensure up-to-date data protection on vendor site
- Review all essential security policies and procedures documentation
- Provide detailed reports of assessments to business owners and the vendor management office
- Escalate issues of 3rd party vendor's non-compliance to the vendor risk management office (VMO)
- Performed continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure the protection of data at the vendor sites
- Ensure third-party relationships adhere to the company's policies, procedures and are compliant with regulatory guidelines and industry best practices
- Prepare third-party portfolio reporting of risk and performance to senior executive
Education
High school diploma -
Skills
- GRC tools: RSA Archer
- GRC tools: MetricStream
- GRC tools: Prevalent
- GRC tools: Coupa
- GRC tools: SNOW
- Regulations: UDAAP
- Regulations: OCC
- Regulations: FDIC
- Regulations: FRB
- Regulations: CFPB
- Regulations: PMLA
- Regulations: BSA
- Regulations: SEC
- Regulations: REG Z
- Regulations: TILA
- Regulations: FCRA
- Regulations: ADA
- Control Frameworks: NIST
- Control Frameworks: COBIT
- Control Frameworks: ISO 27001
- Intermediate: MS Excel
- Intermediate: MS Word
- Intermediate: MS Access
- Intermediate: MS Project
- Intermediate: MS Visio
- Intermediate: Power Point
- Intermediate: Tableau
- Intermediate: Power BI
Certification
- Certified Regulatory Vendor Program Manager (CRVPM), CEI-CRVPM-B02904, Compliance Educational Institute
- Certified in Risk and Information Systems Control (CISA), In View, 12/01/24, ISACA
- Certified Information Security Manager (CISM), In View, 03/01/25, ISACA
References
Available upon Request
Technical Skills
RSA Archer, MetricStream, Prevalent, Coupa, SNOW, UDAAP, OCC, FDIC, FRB, CFPB, PMLA, BSA, SEC, REG Z, TILA, FCRA, ADA, NIST, COBIT, ISO 27001, MS Excel, MS Word, MS Access, MS Project, MS Visio, Power Point, Tableau, Power BI
Timeline
Operational Risk Analyst/ Data Quality Analyst
Citi Bank
10.2022 - 02.2025
Risk Analyst/Operational Risk analyst
BMO CAPITAL MARKETS
12.2021 - 07.2022
Third Party Risk Analyst
IBM
01.2020 - 12.2021
Vendor IT Risk Analyst
PNC BANK
08.2017 - 06.2019
Third Party Risk Analyst
GEICO
12.2014 - 07.2017
High school diploma -
Similar Profiles
Senthilkumar SSenthilkumar S
Service Delivery Manager at Citi Bank USA, The Citi BankService Delivery Manager at Citi Bank USA, The Citi Bank
null null
Service Delivery Manager at Citi Bank USA, The Citi BankService Delivery Manager at Citi Bank USA, The Citi Bank
Sai Ram BolugodduSai Ram Bolugoddu
SR. Site Reliability Engineer at Citi BankSR. Site Reliability Engineer at Citi Bank
Velupillai EkambaramVelupillai Ekambaram
AVP at CITI BANKAVP at CITI BANK
Michelle M. RefsniderMichelle M. Refsnider
Student nurse intern at Orlando HealthStudent nurse intern at Orlando Health