Summary
Framework Expertise
Skills
Accomplishments
Certification
Education
Overview
Work History
Work Preference
Timeline
Work Availability
SoftwareEngineer
Brian Robison,MBA

Brian Robison,MBA

GRC Lead and Financial Services IT Risk & Controls Expert
Westport,CT

Summary

I bring a unique combination of technical, financial services, and regulatory expertise gained from Big 4, and over 20 years of experience in IT risk and controls. I work collaboratively with cross-functional technology groups to establish governance, with the goal of reducing audit findings and optimizing resources. My key strengths lie in defining strategic objectives, operationalizing security controls, and effectively communicating policy and regulatory requirements to stakeholders. I excel in proactively addressing controls that are at risk of non-compliance and am proficient in applying control frameworks such as NIST and ISO to implement efficient controls and assess their effectiveness in reducing risk, with a focus on continual improvement.

Framework Expertise

  • NIST CSF
  • NIST 800-53
  • ISO 27001
  • FFIEC
  • GLBA
  • CobIT
  • Data Privacy

Skills

  • Regulatory Expertise
  • Enterprise Risk Management
  • Compliance Monitoring
  • Corporate Governance
  • Privacy Regulations
  • Information Security
  • Risk Management
  • Compliance Reviews
  • Compliance Reporting
  • Risk Analysis
  • Policy Development
  • Policy Enforcement

Accomplishments

· Led team of 10 in developing the GRC application and executive reports.

· Achieved 100% on-time implementation of 50+ remediation action plans per year.

· Resolved control design issues with automated solutions resulting in resource optimization.

· Improved compliance by managing RCSAs and KPIs.

· Analyzed exception trends in ServiceNow to develop new risk management policies.

· Supervised a team of 5 staff members in fulfilling evidence requests for regulatory requirements.

· Achieved strategic goals through managing enterprise Cybersecurity programs.

· Rolled out clear guidance in standardizing security processes for merged companies.

Certification

  • Certified Information Systems Auditor, CISA cert# 1189077
  • Certified Information Systems Security Professional, CISSP cert# 437680
  • AWS Certified Cloud Practitioner (CLF)
  • OneTrust Platform - GDPR Data Privacy Management

Education

Master of Business Administration in Information Systems -

Georgia State University
Atlanta, GA
05.1997

Bachelor of Arts in Liberal Arts -

Emory University
Atlanta, GA
05.1992

Overview

26
26
years of professional experience
4
4

Certifications

Work History

GRC Lead

S&P Global
2020.03 - 2024.01
  • Provided expert guidance on regulatory requirements, ensuring that clients maintained full compliance with industry standards.
  • Established strong relationships with stakeholders to support successful execution of GRC initiatives.
  • Supported the integration of GRC tools within client environments, streamlining workflows and enhancing overall efficiency.
  • Enhanced GRC program effectiveness by conducting comprehensive risk assessments and recommending mitigation strategies.

Information Security Officer

First Abu Dhabi Bank
Washington, DC
2018.11 - 2020.03
  • Developed the risk assessment process based on NIST's Cyber Security Framework
  • Identified key administrative and technical controls in mitigating security risks relevant to business and IT operations and the overall threat landscape
  • Evaluated the effectiveness of the Information Security Program in meeting the acceptable risk level and in complying with data privacy laws such as GLBA.

IT Risk Officer

S&P Global
New York , NY
2018.02 - 2018.10
  • Supervised onboarding and security provisioning processes of an 800+ outsourced team
  • Reported compliance status on the completion of required training and background checks
  • Reviewed logical access to ensure role-based appropriateness and identified users with privileged access to monitor periodic securities trading activities.

IT Senior Manager

Accume Partners
New York , NY
2015.03 - 2018.01
  • Performed IT assurance and consulting projects within the banking and insurance industries
  • In charge of maintaining the quality of work papers, assigning, and scheduling staff resources, and performing IT controls and application testing.

IT Internal Auditor

IT Audit Contractor
New York , NY
2010.01 - 2015.02
  • Performed IT consulting projects within the manufacturing, telecom, insurance/ reinsurance, and financial services industries
  • Experience included working at General Electric (GE) reviewing systems in treasury operations to comply with the company's new designation as a Systemically Important Financial Institution (SIFI)
  • Non-banking clients included Jefferies, Hain-Celestial, First Federal Bank, ATMI, and Wilton Re.

Owner

Environmental Risk Services
Westport , CT
2007.11 - 2009.12
  • Started company, from developing an initial business plan and client base to detailing services and managing full P&L
  • Assessed health risks of environmental dangers and designed remediation plans according to industry standards
  • Documented scope and work performed to process claims payout according to compliance.

IT Risk and Assurance Manager

PricewaterhouseCoopers
New York , NY
1997.10 - 2007.10
  • Managed all aspects of systems reviews and business processes for Fortune 500 financial service and insurance companies
  • Implemented quality review efforts and evaluated the effectiveness of internal controls at the corporate and business unit levels
  • Consulted on control design and remediation plans to mitigate issues raised.

Timeline

GRC Lead

S&P Global
2020.03 - 2024.01

Information Security Officer

First Abu Dhabi Bank
2018.11 - 2020.03

IT Risk Officer

S&P Global
2018.02 - 2018.10

IT Senior Manager

Accume Partners
2015.03 - 2018.01

IT Internal Auditor

IT Audit Contractor
2010.01 - 2015.02

Owner

Environmental Risk Services
2007.11 - 2009.12

IT Risk and Assurance Manager

PricewaterhouseCoopers
1997.10 - 2007.10

Master of Business Administration in Information Systems -

Georgia State University

Bachelor of Arts in Liberal Arts -

Emory University
  • Certified Information Systems Auditor, CISA cert# 1189077
  • Certified Information Systems Security Professional, CISSP cert# 437680

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Brian Robison,MBAGRC Lead and Financial Services IT Risk & Controls Expert