Karen Aldini
Overview
12
12
years of professional experience
Work History
Senior Technology Business Services Consultant
Wells Fargo
Des Moines, IA
02.2019 - 12.2023
- Plus years of Experience in all aspects of Third-party risk management, security programs & operations for financial organizations
- Relationship/Engagement Manager - 72 relationship records/116 engagements, variety of technologies and applications, domestic and international
- Proficient in performing, evaluating, providing/closing findings,creating remediation plans for all types of
- Third Party information security risk assessments
- Efficient conducting risk analysis
- Identifying risk, performing the risk assessment, analyzing, development/implementation of risk management plan
- Relationship/Engagement Manager - 72 relationship records/116 engagements, variety of technologies and applications, domestic and international
- Managing all aspects of applications and hardware vendor records., SaaS environment, network, host configurations, application security, cloud services, data center
- Building synergy across the enterprise, legal, procurement, Information Security, Cyber Security, Privacy
- Compliance,Third Party Risk Management
- Respecting, utilizing the knowledge provided from different areas across the enterprise
- Cultivating, maintaining strong connections with internal/external Business, and Stakeholders
- Comprehension of network testing, providing feedback/remediation, Penetration testing, vulnerability testing, SOC reporting
- Perform risk analysis, risk assessments on all stages of an engagement, projects in the infancy stage to active engagements, annual reviews collecting required documentation, technical assessments/testing, conducting meetings with internal/external businesses
- Based on observations such as interviews, documentation review, and technical assessments
- Evaluation, development, improvements to Third Party life-cycle, Third Party policy and procedure increasing efficiency and effectiveness
- Providing guidance to all segments across enterprise
- Experience with NIST CSF, SOX, ISO27001, bowtie model, COBIT principles,Metadata, Risk Heat Map, and process, network and host configurations, application security, cloud services, third-party risk management access management
- Relationship/Engagement Manager for 72 relationship records/116 engagements
- IT records were both domestic and international
- Managed 5-7 critical relationships, including: Hitachi, EPC, HPE, Spunk, BMC among others
- The remaining engagements landed in the high, moderate, and low area depending on the inherent risk rating
- Managed the entire auditing/assessment process, depending on the inherent risk of the relationship or engagement with up to 11 assessments per engagement
- Communication of policy management life-cycle processes, security policies, and control standards to both technical and non-technical internal business partners to identify and manage risk associated with policy violations, tracking risk decisions and remediation plans
- Perform risk analysis, risk assessments on all stages of an engagement, projects in RFP stage to active engagements, annual reviews collecting required documentation, technical assessments/testing, conducting meetings with internal/external businesses
- Based on observations such as interviews, documentation review, and technical assessments.
SR. Third Party Officer, Analyst
Wells Fargo
Des Moines, IA
01.2017 - 02.2019
- Maintained security policies including developing, implementing, and managing communication of policy management life-cycle process and existing security policies and control standards
- Communicating risks to both technical and non-technical internal business partners to identify and manage risks associated with policy violations, tracking risk decisions and remediation plans
- Initiating, facilitating, and promoting Cyber-security awareness and education within the organization and collaborating with business partners to manage Cyber-security needs with an understanding of information security risk management and/or audit practices
Senior Information Security Specialist
Voya Financial
Des Moines, IA
01.2012 - 12.2017
- Responsible for defining scope, assessing, developing, and managing vendor relationships across
- Technology & Operations Line of Business
- Coordinates with Lines of Business, risk partners, i.e., Corporate
- Information Security, Legal, financial crimes, operational risk, audit, credit risk, market risk, IT systems security and Corporate Procurement for effective management of third-party relationships
- Performed detailed security and technical risk assessments to ensure vendor compliance with information security controls and policies for the business engagement and type of data being accessed and stored; complete multiple Vendor Risk Assessments; ensuring compliance with ISO standards and Voya security policies
- Worked with stakeholders/business unit and Technical Security Officers (TSO) within a business to develop and implement solutions to mitigate risks and maintain appropriate controls for Vendor engagements
- Communicated with the business unit to ensure all security requirements met and the vendor complies with company policies and standards before a business engagement is an active Third-Party Vendor
- Created a new VRO final report to ensure that key risks were remediated and provided to the VRO
- Created a new Sourcing final report that includes all the vendor responses to the VRA attached to the contract for new vendor engagements.
Education
Currently completing CISA certification - undefined
2011
undefined
East High School, Kaplan University
1986
Skills
- Software Skills
- Microsoft
- Google Docs
- Archer
- Ariba
- Salesforce
- Tableau
- Beeline
- Process Unity
- Service Now
Additional Information
- Privacy Workforce WG_NIST NIST Privacy Workforce Working Group (PWWG) meets monthly discussing policy changes. NIST Workshops Brings together industry, academia, and government to discuss secure software development practices. Providing insight into major cyber-security challenges as well as recommended practices for addressing those challenges.
Timeline
Senior Technology Business Services Consultant
Wells Fargo
02.2019 - 12.2023
SR. Third Party Officer, Analyst
Wells Fargo
01.2017 - 02.2019
Senior Information Security Specialist
Voya Financial
01.2012 - 12.2017
Currently completing CISA certification - undefined
undefined
East High School, Kaplan University
Similar Profiles
PATRICIA M. SCHERERPATRICIA M. SCHERER
Regional Bank Private Banker II at Wells Fargo Bank / Wells Fargo AdvisorsRegional Bank Private Banker II at Wells Fargo Bank / Wells Fargo Advisors
Andrew S. HollenbachAndrew S. Hollenbach
Collateral Valuation Analysis at Wells Fargo Home Mortgage and Wells Fargo Bank NACollateral Valuation Analysis at Wells Fargo Home Mortgage and Wells Fargo Bank NA
Laxmikanth ChittampallyLaxmikanth Chittampally
Senior Operational Processor at Wells Fargo India Solution PVT Ltd, Wells FargoSenior Operational Processor at Wells Fargo India Solution PVT Ltd, Wells Fargo
Mayank OberoiMayank Oberoi
Financial Accounting Associate/ Alteryx SME at Wells Fargo International Solutions Private LTD (Wells Fargo)Financial Accounting Associate/ Alteryx SME at Wells Fargo International Solutions Private LTD (Wells Fargo)
Christopher A DelanoitChristopher A Delanoit
Senior Technology Business Services Consultant at Wells Fargo Enterprise PC Lifecycle Program (Workforce eXperience and Productivity Solutions (WXPS))Senior Technology Business Services Consultant at Wells Fargo Enterprise PC Lifecycle Program (Workforce eXperience and Productivity Solutions (WXPS))