Lisa A. Cobb

• Key Accomplishments are:
• Assist Templar Shield clients with developing, implementing, and strengthening TPRM programs
• Work with GRC stakeholders to help them articulate their business requirements and how those requirements translate into features and functionality in the GRC tool
• Transition GRC/TPRM/Cybersecurity strategy and roadmap into key objectives and outputs, technical requirements, and resource requirements to drive a stream of projects
• Plan and manage project execution and delivery of large, complex GRC/TPRM projects
• Establish Project Management Office (PMO), to provide the reporting, oversight, and management as projects become more complex with connections between various GRC/TPRM processes
• Assign clear individual accountability to each team member for managing and monitoring each aspect of the GRC/TPRM projects to identify analyze and address changes more effectively
• Identify gaps and stimulated improvement plans that fed back into the project funnel
• Ensure projects are delivered within the budget outlined in the SOW
• Support internal sales and client account teams in identifying GRC/TPRM/Cybersecurity opportunities
• Create proposals, effort, and cost estimates and submitted responses to Request for proposals (RFP's)
• Prepare client presentations, practice artifacts, conducted a proof of concepts/workshops in IT governance, risk and compliance domain and led client interactions
• Provide subject matter expertise, oversight, and direction on GRC/TPRM/Cybersecurity projects, and practice management .
• Coach, mentor and provide candid, meaningful, timely feedback to team members to build/strengthen competencies in security, risk, and compliance domains
• Oversee revenue targets for the assigned projects to ensure project profitability
• Lead sales pursuits and proposals and assist growing Templar Shield practice areas

• The IT TPRM Consultant role is responsible for the coordination of activities associated with the Global IT Third Party Risk Management Program within MetLife’s IT Risk and Security Organization
• Conduct vendor risk assessments over third party vendors, including but not limited to: determining the scope of the service provided by interacting with MetLife Senior Management; administering risk assessments directly to vendors using our online tool; examining responses to determine the extent of risk the relationship represents to MetLife; offering recommendations to MetLife Management on how to respond to any risks; and generating formal findings
• Assess and respond to risk findings, including pursuing action plans to completion and negotiating due dates with vendors
• Perform security assessments of systems, applications, data centers, and service providers using an established framework and tools to evaluate vulnerabilities
• Research new and developing technologies and standards to help contribute to the continuous improvement of the risk assessment process
• Act as a subject matter expert in understanding why certain risks a threat to the company are and how compensating or mitigating processes affect that risk
• Assess and respond to risk findings, including pursuing action plans to completion and negotiating due dates with vendors
• Perform security assessments of systems, applications, data centers, and service providers using an established framework and tools to evaluate vulnerabilities
• Research new and developing technologies and standards to help contribute to the continuous improvement of the risk assessment process
• Read and interpret the results of audit reports (SSAE16, PCI ROC, etc.), security assessments (penetration tests, vulnerability scans, etc.), and/or continuity tests (Disaster Recovery, Business Continuity, Security Incident, etc
• Work with the Legal team on completing the IT Security Requirements (Redlining) during Contract negotiation discussions
• Understanding and knowledge of information security standards and laws (e.g., ISO 27001/27002, NIST, FFIEC, etc.), and commonly used concepts, practices and procedures within the information security and privacy field.

• Manage the day-to-day production environment within an Inbound/Outbound Customer Support Call Center
• Coach associates daily to recognize high performers and address performance issues
• Complete annual and bi-annual performance evaluations
• Monitor and evaluate randomly selected calls to assess associates' service level standards and complete online evaluations of client calls
• Review and approve employee’s time; maintain FMLA reporting
• Resolve escalated calls and client account maintenance to include immediate feedback to associates
• Conduct training involving associate development, promotional products and services, etc
• Maintain proper staffing and training and offer opportunities for employee growth
• Recommend process improvements to management
• Facilitate bi-monthly team meetings to discuss various issues, services, policy and procedures, technical changes, and process improvements
• Key Accomplishments are:
• Ensures adherence to Company Policies and Procedures in addition to compliance with state and federal regulations
• Reviews work and monitors phone calls of team members to verify adherence to Company Policies and Procedures and ensures that customer service objectives are met
• Analyzes queue and process management workflow to ensure department production and performance goals are met
• Train and coach team members to support the business objectives of the department
• Approves and reviews accounts within the queues as assigned
• Handles escalated calls from team members and may initiate outbound calls and receive inbound calls when needed
• Assesses team member development needs, drafts team member development plans, and monitors team member performance
• Provides recommendations for hire, advancement, promotion or termination of employment
• Coordinate onboarding of staff hired within DDA Collections Department
• Full execution of the recruitment process (including job posting, phone interviewing, job interviewing, regular communication with candidates and managers) including the
• Manages posting of job vacancies at the best performing recruitment channels (responsiveness, quality and costs)
• Develops pool of internal and external talents
• Cooperates closely with the Career Development specialist as internal talents are promoted

Lead Security Consultant and Information Security Project Coordinator responsible for the assessment of Vendor Information Security risk, and negotiation of risk mitigation. Information Security Team Resource Manager responsible for assignment of projects and risk assessments, tracking work progress and reporting results to Management. Facilitate and coordinate Internal and External Audits as required by the business and participate in Corporate Governance Meetings.

Key Accomplishments are:

● Risk assessments for technology and applications based on SOX, SAS70 (now known as SSAE16 SOC 1&2) and ISO standards. The threats and vulnerabilities noted by these standards and guidelines were set forth in the RBC assessment procedures to identify gaps and deficiencies in systems and application solution. Remediation of those area lacking to comply with these standards was actioned according to the overall risks to the product or company data.

● Facilitate and maintain relationships between RBC Bank and vendors/partners, negotiating contracts, creating standards for the vendors.

● Ensures compliance with regulations and controls by examining and analyzing records, reports, operating practices, and documentation; recommending opportunities to strengthen the internal control structure.

● Conducts regulatory, policy and compliance audits for management to assess effectiveness of compliance procedures and controls, accuracy, and timeliness of documentation.

● Prepare and maintain audit work papers and audit reports; prepare recommendations for improvement and communicate compliance audit findings and recommendations to department/ functional management for management development of a corrective action plan.

● Audit remediation action taken on non-conformities and issues brought up during previous audits.

● Conduct Vendor Assessments for existing and new vendors.

● Assist with both internal and client requested audits.

● Identifying possible security threats and determining the best security measures.

● Implementing, and maintaining security protocols, policies, plans, and systems to cover all possible security threats.

● Completing risk assessment and security tests and designing countermeasures to eliminate as many potential risks as possible.

● The assessment process required technical knowledge to adequately lead project teams to complete and accurate results.

● Worked extensively performing technical risk assessments for technology providers, system implementation and software development. the primary tool used to complete assessments internally was a Security Control Document (SCD)

● Perform the identification of assets, asset vulnerabilities, their associated risks, and any risk mitigating controls in place.

● Conduct investigative activities research & discover risks and the associated IS assets.

Project Manager who successfully managed Technology projects from Idea Creation to deployment in production. Initiated projects, defined scope, accurately developed estimates, negotiated for resources, established schedules and commitments and persistently managed scope, budget, time, quality and hitting the targets. Maintained communications with all levels of management regarding project success and risks and ensured Corporate Project Management Framework was enforce throughout the life of each project.

Key Accomplishments are:

● Maintained organization's effectiveness and efficiency by defining, delivering, and supporting strategic plans for implementing information technologies. Directs technological research by studying organization goals, strategies, practices, and user projects.

● Completed projects by coordinating resources and timetables with user departments and data center.

● Led change management efforts including stakeholder engagement, impact analysis, and business readiness. Both the communication and change management efforts supported ongoing business needs, as well as a large transformation program of technology applications.

● Verified application results by conducting system audits of technologies implemented.

● Preserved assets by implementing disaster recovery and back-up procedures and information security and control structures.

● Recommend information technology strategies, policies, and procedures by evaluating organization outcomes; identifying problems; evaluating trends; anticipating requirements.

● Accomplished financial objectives by forecasting requirements; preparing an annual budget; scheduling expenditures; analyzing variances; initiating corrective action.

● Maintained quality service by establishing and enforcing organization standards.

● Maintained professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; participating in professional societies.

● Contribute to team effort by accomplishing related results as needed.

• Who successfully managed Technology projects from Idea Creation to deployment in production
• Initiated projects, defined scope, accurately developed estimates, negotiated for resources, established schedules and commitments and persistently managed scope, budget, time, quality and hitting the targets
• Maintained communications with all levels of management regarding project success and risks and ensured Corporate Project Management Framework was enforce throughout the life of each project
• Key Accomplishments are:
• Maintained organization's effectiveness and efficiency by defining, delivering, and supporting strategic plans for implementing information technologies
• Directs technological research by studying organization goals, strategies, practices, and user projects
• Completed projects by coordinating resources and timetables with user departments and data center
• Led change management efforts including stakeholder engagement, impact analysis, and business readiness
• Both the communication and change management efforts supported ongoing business needs, as well as a large transformation program of technology applications
• Verified application results by conducting system audits of technologies implemented
• Preserved assets by implementing disaster recovery and back-up procedures and information security and control structures
• Recommend information technology strategies, policies, and procedures by evaluating organization outcomes; identifying problems; evaluating trends; anticipating requirements
• Accomplished financial objectives by forecasting requirements; preparing an annual budget; scheduling expenditures; analyzing variances; initiating corrective action
• Maintained quality service by establishing and enforcing organization standards
• Maintained professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; participating in professional societies
• Contribute to team effort by accomplishing related results as needed
• Monthly monitor and report status of action plans against established savings, Responsible for RBC Bank Information Technology contract maintenance, during payment cycle
• Key Accomplishments are:
• Ensure all IT billing is in line and accurately being charged to the correct electronic GL accounts and transits
• Provide updated reporting and status of project phases (breakdown) on all invoices that are NIE or Capital
• Provide analysis and reporting of information regarding bill payment and expense tracking
• Provide administrative support to IT units regarding vendor invoices paid and contract expiry dates
• Provide updated reporting and status of project phases (breakdown) on all invoices that are NIE or Capital
• Produce and provide an analysis for monthly Chargeback’s for all leased equipment, outsourced services, and telephone service
• Managed and maintain vendor relationships
• Provide a daily tracking log of expenses and capital items hitting the general ledger system
• Provide a monthly analysis to Finance, advising the new lease status as Operating or Capital Leases Operating or Capital
• Leases
• Provide analysis and reporting of information regarding bill payment and expense tracking
• Provide administrative support to IT units regarding vendor invoices paid and contract expiry dates.