Jared Hampton
Charlotte,NC
Summary
17 years of Information Technology experience in the Banking and Utility sectors:
-Specializing in Software/Systems Development Life Cycle Management (SDLC), Identity and Access Management (IAM), Risk and Control Self-Assessment, and Business Management & Controls
Overview
17
17
years of professional experience
Work History
IT Project Manager
Bank of America
12.2024 - Current
- Managed Privileged Access Management audit to satisfactory control effectiveness ratings for Global Technology, demonstrating adherence to IAM Sox controls and standards for Multifactor authentication, authorization and audit and monitoring of user access.
- Managed targeted risk assessment of access review of lower lanes to satisfactory rating demonstrating compliance to IAM SOX standards for permission tagging, non-human or service account inventory, blocking self-provisioning and user access certification standards.
- Support Global Technology Password Management audit to test compliance for password vaulting, hash+salt algorithm or other approved technologies to ensure passwords are securely stored and using encryption for service accounts with elevated rights.
- Work closely with subject matter experts, auditors, and business partners to analyze audit questions, understand, and review technical evidence returned, ensure complete and accurate audit responses, and execute review and analysis of identified control deficiencies to drive to appropriate disposition
Information Security Analyst
Wells Fargo
07.2024 - 12.2024
- Design and execute new monitoring and user access control for Corporate and Investment Banking Info Sec team to enforce IAM Sox requirements, whereby all trade capture systems must conduct a quarterly review of Fine Grained Entitlements to ensure traders do not have excessive or inappropriate access to trade books.
- Work closely with Corporate and Investment Banking Securities directors and IT support specialist to gather the necessary data from multiple sources and systems of record to create over 75 user access certifications to be completed by Entitlement Owners and Desk Unit Managers.
- Collect and package evidence for 30 applications in response to an Audit Identified Issue. Completed remediation activities on time demonstrating control effectiveness and sustainability.
- Train FTE resources on the process of newly created control, including communications, reporting procedures, office hours and remediation of findings around coarse grain entitlements that had inappropriate fine grain entitlements embedded within the role.
Sr. Business Controls Specialist
Bank of America
06.2023 - 06.2024
- Collaborate on the Audit and Exam Adherence team overseeing internal audits and technology compliance and operational (TCOR) reviews that are horizontal in nature and span across multiple CIOs within Global Technology
- Partner with Identity and Access Management Cyber Compliance team to analyze accuracy, completeness, and effectiveness of metadata tagging and permission descriptions in IAM tool. Driving risk reduction of managers certifying access that is either excessive or inappropriate.
- Enforce Segregation of Duties Controls and IAM Governance Criteria by developing controls for End User Platforms team that had engineering/build resources that were also deploying operating systems to production servers.
- Provide recommendations to First Line Unit (FLU) IT teams on processes, controls, and objectives around information security and enterprise access management activities, best practices, and process improvements.
Operational Risk Consultant
Wells Fargo
10.2016 - 12.2021
- Created a new user access control to enforce Separation of Duties IAM Sox compliance between developers with access to check-in code and those with access to deploy code through establishing a periodic access review and attestation process.
- Completed project with Enterprise Access Management to identify developers with persistent privileged access or administrator access that was self-provisioned and remediate those findings.
- Conducted application risk assessments on over 125 applications to ensure all WF applications are compliant with Information Security, Access Management, Third Party Vendor and Technology Architecture controls and standards.
- Completed initiative to ensure all users that support SDLC and Change Management have a defined role in IAM tool to implement preventative controls that would prevent provisioning of entitlements considered toxic access combinations.
- Collaborate with Infosec engineers to ensure IT projects are adhering to required standards based on application criticality score as defined in the Information Security Risk Assessment (ISRA).
- In compliance with IAM Sox controls, completed service account remediation project on 300 accounts, ensuring all non-human service accounts are registered in Service Account Repository (SAR) and have CyberArk password vaulting enabled.
Senior IT Business Analyst
Duke Energy Corporation
06.2008 - 10.2016
- Lead Access Security Analyst for IBM Maximo implementation project responsible for understanding business processes and needs. Built security groups matrix on a Role Based Access Control (RBAC) model for over 300 roles/groups.
- Document IAM processes and procedures. Create job aids for how to request the appropriate level of access. Trained Level 2 support team on access provisioning process.
- Active Directory custodian for 150 AD groups. Built test approach to ensure all groups/entitlements have only the least privilege access needed to perform job functions.
- Execute quarterly product license audit in line with IAM requirements for SOX compliance for HP Project and Portfolio Management tool. Certifying that inappropriate, excessive or unauthorized access was not being provisioned.
- Respond to security related incidents for IBM Maximo related to unauthorized access and resolve within SLA.
Education
Bachelor of Science (B.S.) - Computer Information Systems
University of South Carolina-Columbia
Columbia, SC12-2008
Skills
- Process Improvement
- Compliance Management
- Oral Communication
- Executive Presentation
- Business Intelligence Reporting
- Risk Control
- Problem-solving
- MS Office (Word, Excel, Outlook, PowerPoint)
- Identity and Access Management (IAM)
- Risk assessment
- Data analytics
- Tableau
- Information Security Analysis
- Data Quality Testing
- Privileged Access Management
Timeline
IT Project Manager
Bank of America
12.2024 - Current
Information Security Analyst
Wells Fargo
07.2024 - 12.2024
Sr. Business Controls Specialist
Bank of America
06.2023 - 06.2024
Operational Risk Consultant
Wells Fargo
10.2016 - 12.2021
Senior IT Business Analyst
Duke Energy Corporation
06.2008 - 10.2016
Bachelor of Science (B.S.) - Computer Information Systems
University of South Carolina-Columbia
Similar Profiles
Nicholas ShakanNicholas Shakan
Vice President, Portfolio Manager at Bank of America Private BankVice President, Portfolio Manager at Bank of America Private Bank
AUSTIN MONREALAUSTIN MONREAL
Relationship Banker at Bank of AmericaRelationship Banker at Bank of America
Andre S. ElphicAndre S. Elphic
Financial Center Assistant Manager at Bank of AmericaFinancial Center Assistant Manager at Bank of America
Jermaine RiddleJermaine Riddle
Fraud Specialist at Bank of AmericaFraud Specialist at Bank of America
Jonathan EdouardJonathan Edouard
Security Officer at Allied Universal Security ServicesSecurity Officer at Allied Universal Security Services