Josephine Bellon
Hoboken
Summary
Multi-talented Senior Manager well-versed and highly effective at developing, executing and directing key improvements to enable business enhancements and growth. Visionary leader with solid success leading business operations toward growth.
Overview
12
12
years of professional experience
1
1
Certification
Work History
Senior Manager Cyber Risk
Ernst & Young
New York
01.2022 - Current
- Led cross-functional teams to develop strategic initiatives for client engagement.
- Managed complex projects ensuring alignment with organizational goals and client needs.
- Oversaw compliance with regulatory requirements and internal policies during service delivery.
- Analyzed market trends to inform strategic decision-making and service offerings.
- Developed frameworks for risk management enhancing project execution effectiveness.
- Collaborated with stakeholders to identify opportunities for operational improvements across services.
- Managed a team of 10+ employees by providing guidance, setting goals and objectives, delegating tasks, and monitoring performance.
- Provided strategic direction to departmental heads regarding resource allocation decisions.
- Participated in recruitment initiatives by interviewing potential candidates and selecting suitable hires.
- Developed long-term relationships with key stakeholders including customers, suppliers, regulatory bodies.
- Directed cross-functional teams in developing innovative solutions to complex problems.
- Represented the organization at conferences or trade shows as an expert speaker on relevant topics.
- Monitored competitor activities to anticipate changes in the industry landscape and design appropriate response measures.
- Conducted performance reviews and provided feedback to direct reports for career development.
- Oversaw quality assurance efforts to maintain high standards of product and service delivery.
- Identified and pursued new business opportunities to expand market presence and revenue streams.
- Guided change management initiatives to ensure smooth adoption of new business practices.
- Reported to executive leadership on performance metrics, challenges, and strategic opportunities.
Senior Consultant Advisory Services – IT Risk & Cybersecurity
Ernst & Young “EY”
10.2019 - Current
- Company Overview: EY – New York/ New Jersey
- Part of the Risk practice at EY specializing in IT SOX audits, SSAE 18 reporting and risk evaluation.
- Managed the execution of audit strategy over each engagement by leading both US and offshore teams in assessing the design and operating effectiveness of business process and IT controls and performing all work in compliance with US GAAP and AICPA standards.
- Acted as a liaison between the Assurance team Managers and Senior Managers, client executives and the IT audit team.
- Managed planning and review procedures for IT General controls and application controls and assist in concluding and reporting activities for the client.
- Lead team members in internal IT audit inspections.
- Assisted clients to optimize their risk mitigation and internal control activities.
- Responsible for analyzing the impact of identified control deficiencies, evaluating the level of risk, and determining additional procedures necessary to mitigate the risk.
- Execute the evaluation of cybersecurity controls attestation reports (i.e. SOC 2, and SOC for Cyber).
- Conducted a post AWS implementation security assessment that included evaluation of controls, processes, network and system security cloud settings, and IAM access rationalization across private cloud instances. Also assisted in aligning the organization’s cloud security processes to best practice.
- Conducted an Azure cloud security governance assessment for a large manufacturer and assisted with the benchmarking of processes and policies against best practice.
- Performed an anti-virus and vulnerability audits for large retailers, which evaluated the controls and processes around the anti-virus function and vulnerability management. The audit included review of McAfee, FireEye, and Palo Alto NextGen firewalls tools.
- Led a Cyber security incident response evaluation and SOC review, which included a tabletop exercise for a global food and beverage company.
- Led ISO27001 and CIS audits for large media, entertainment, retail and consumer services clients.
- EY – New York/ New Jersey
Senior Consultant – IT Advisory Services
Ernst & Young “EY”
01.2019 - Current
- Company Overview: EY – EMIA
- T24 R14 Implementation Project Manager.
- The project was a five-country big bang core banking implementation with over 100 team members. Project managed the integration, training, and retrofit work streams of the project while also assisting the all country lead project manager with management duties.
- Worked with a team of 30 people to develop interface build and design plans, the training strategy and coordinating activities around the three phases, attending management meetings to keep stakeholders up to date on the progress of the project, while also monitoring and resolving program risks.
- Supported major transformation project by managing quality assurance services on SOA implementation with Oracle Enterprise Business Suite (ESB).
- Reviewed service design, governance, and testing documentation to ensure value delivery from the vendor and compliance with internal controls. Worked with the team to ensure knowledge transfer, and successful implementation of the ESB.
- Led a team for the enterprise architecture framework development project and managed in the following areas: Level 1 &2 Enterprise Architecture current and future state for the Bank.
- Business Architecture – this included understanding and architectural documentation of business goals, objectives, challenges, and stakeholders.
- Data, Application and Technology architecture- which included creation of a technology and data inventory that allowed the client to clearly see all IT systems and corresponding data requirements in one view. Also provided future state data models that where mapped to the business architecture.
- Created a level 1 technical architecture that provided the client with an architectural view of their current and incoming technology.
- Led IT team in strategy development and worked with client to create a robust and executable five-year IT strategy, which included current state assessments, and stakeholder strategy requirements gathering.
- Worked with the implementation team to develop a SOA implementation strategy, an enterprise cloud computing strategy, business intelligence and big data development strategy, mobility and social media strategy, and designed a resource charge back model for the Bank.
- Managed a team in conducting an IT effectiveness assessment that included Flexcube core banking review, IT operations benchmarking against ITIL, IT infrastructure review, IT security assessment against ISO 27001, and IT human skills gap assessment.
- Worked with team and client to develop an IT strategy for the Bank.
- Performed multiple post core banking system upgrade review to ensure that all customer details and funds were correctly migrated to the new core banking version. Duties included using ACL data analytics tools to analyze and manage up to four million records.
- Provided data analytics technical support of the EY Performance Improvement delivery team, by collecting data, analyzing it and developing reports for the team.
- Part of the team that worked on a World Bank funded study on promotion of interoperability of card switches in the East African Commerce region. It was an initial study that will build a case for regional card interoperability and involves preliminary requirements gathering and documentation.
- Conducted and Managed IT audit support for the Financial Audit of several clients in the East African banking, insurance, and Telecom industries.
- Assignments involved a review of the IT policies to ensure they are up to the recommended standards, application controls review and testing, IT general controls review and testing, technical reviews of the operating system and database, information security review, and executive reporting for all of above mentioned.
- Acted as a liaison between the Assurance team, client and the IT team, lead planning and review procedures for the audit.
- Successfully navigated through internal review IT audit inspection processes.
- Assisted clients to optimize their risk mitigation and internal control activities.
- EY – EMIA
Manager Advisory Services – IT Risk & Cybersecurity
Ernst & Young “EY”
05.2017 - Current
- Company Overview: EY – New York/ New Jersey
- Lead post breach investigations for clients as part of cybersecurity forensics activities.
- Lead cybersecurity program maturity assessments and provide relevant recommendations to clients across varied industries.
- Review and oversee the evaluation of cybersecurity controls attestation reports (i.e. SOC 2, and SOC for Cyber).
- Lead the execution and develop work plans for cybersecurity audits against ISO27001, NIST and CIS security frameworks, including network, and Operational Technology (OT).
- Perform cybersecurity audit remediation for cloud environments (i.e. AWS and Azure).
- Perform data protection, privacy and GDPR readiness assessments for clients undergoing mergers and acquisitions.
- Conduct security incident table-top exercises for client executives and technology teams.
- Design and recommend security control gap solutions for clients, including the use of security tools.
- Assist with identifying cybersecurity opportunities, creating proposals and leading oral presentations with clients. Involved in winning and delivering subproposals worth $2.4 M.
- Lead internal initiative to develop cybersecurity service delivery for audit clients, that includes providing technical support to audit teams during cybersecurity breaches.
- Provide guidance and share knowledge with teams on current security trends, best practices and technologies.
- Provide on the job cybersecurity coaching and mentorship to junior team members.
- Develop and provide executive security awareness training to clients across varied industries.
- Maintain a working knowledge and understanding of national and international regulatory compliance frameworks and controls such as ISO (International Organization for Standardization), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry/Data Security Standard (PCI DSS) and NIST Cybersecurity, OWASP Top 10, and CIS Top 20.
- High level of technical experience with multiple Security, IT tools and technologies including but not limited to: CheckPoint, Cisco, Juniper, Palo Alto, Fortinet, Symantec, McAfee, FireEye, Splunk, CrowdStrike, AlienVault, Tanium, Prisma Cloud, Tripwire, Tenable, Qualys, Rapid7, Defender, Zscaler among others.
- EY – New York/ New Jersey
Senior Consultant – Financial Services IT Risk & Advisory Services
Ernst & Young “EY”
11.2013 - 07.2015
Education
Bachelor of Arts - Politics: Business Admin Minor
Messiah College
PA, USAMaster of Science - Information Management
Syracuse University
Skills
- Cyber risk capability builder and leader
- Cyber program development
Certification
- CISA
- ISO27001 Auditor
- EY Cybersecurity badge
- CISSP – in progress
Languages
- English
- Kiswahili
Summary Of Experience
IT Risk & Cybersecurity, New York/New Jersey, New York, NY, Lead post breach investigations for clients as part of cybersecurity forensics activities., Lead cybersecurity program maturity assessments and provide relevant recommendations to clients across varied industries., Review and oversee the evaluation of cybersecurity controls attestation reports (i.e. SOC 2, and SOC for Cyber)., Lead the execution and develop work plans for cybersecurity audits against ISO27001, NIST and CIS security frameworks, including network, and Operational Technology (OT)., Perform cybersecurity audit remediation for cloud environments (i.e. AWS and Azure)., Perform data protection, privacy and GDPR readiness assessments for clients undergoing mergers and acquisitions., Conduct security incident table-top exercises for client executives and technology teams., Design and recommend security control gap solutions for clients, including the use of security tools., Assist with identifying cybersecurity opportunities, creating proposals and leading oral presentations with clients., Lead internal initiative to develop cybersecurity service delivery for audit clients., Provide guidance and share knowledge with teams on current security trends, best practices and technologies., Provide on the job cybersecurity coaching and mentorship to junior team members., Develop and provide executive security awareness training to clients across varied industries., Maintain a working knowledge and understanding of national and international regulatory compliance frameworks and controls., IT Risk & Cybersecurity, New York/New Jersey, New York, NY, Managed the execution of audit strategy over each engagement by leading both US and offshore teams., Acted as a liaison between the Assurance team Managers and Senior Managers, client executives and the IT audit team., Managed planning and review procedures for IT General controls and application controls., Lead team members in internal IT audit inspections., Assisted clients to optimize their risk mitigation and internal control activities.
Timeline
Senior Manager Cyber Risk
Ernst & Young
01.2022 - Current
Senior Consultant Advisory Services – IT Risk & Cybersecurity
Ernst & Young “EY”
10.2019 - Current
Senior Consultant – IT Advisory Services
Ernst & Young “EY”
01.2019 - Current
Manager Advisory Services – IT Risk & Cybersecurity
Ernst & Young “EY”
05.2017 - Current
Senior Consultant – Financial Services IT Risk & Advisory Services
Ernst & Young “EY”
11.2013 - 07.2015
Bachelor of Arts - Politics: Business Admin Minor
Messiah College
Master of Science - Information Management
Syracuse University