Stephen Costello

• Implemented external SailPoint reporting system on SQL Server, resulting in improved compliance measures and enhanced data quality.
• Designed, built, and implemented automated compliance testing for multiple applications, greatly increasing testing frequency from quarterly to daily.
• Developed robust queries and processes to ensure the data integrity of critical platforms and systems.
• Streamlined metrics reporting process for key governance team processes.
• Developed Power BI dashboards presenting crucial data points to different departments within the organization.
• Automated various time-consuming manual tasks using SQL, Powershell, VBA, and MS Access.
• Assisted and guided team members at all levels in learning and executing application governance procedures.
• Maintained oversight over multiple governance testing processes, implementing improvements for streamlined operations.

• Made recommendations to improve security procedures and systems.
• Performed reviews on various systems in order to ensure compliance.
• Reviewed annual SOX/SOC-2 reports to ensure vendor compliance with the bank's controls.
• Utilized KnowBe4 to manage company wide phishing and spearphishing simulations.
• Processed and logged external vulnerability alerts, and tracked any required patching to completion.
• Performed various social engineering and pretext call testing scenarios.

• Oversaw various data governance projects from conceptualization to completion
• Conducted analysis to address potential security risks which led to a more secure IT environment
• Designed, built, and carried out different IT governance processes in order to govern various platforms
• Automated various existing governance processes in order to reduce time spent on manual data validation
• Managed user access certification kickoff, reporting, and troubleshooting using SailPoint
• Provided leadership and audit teams with detailed reports and metrics
• Created dashboards for metric and progress reporting in Power BI.
• Governed user access to Active Directory, and hundreds of applications in order to verify users only had access required for their job responsibilities and nothing more

Learned many skills for operating in a corporate IT environment such as how to properly run meetings, send emails, plan projects, give presentations, and keep data safe.