Profiles search
Eddy Sanders, CISA, CISSP
IT Cybersecurity Risk Specialist at the Federal Reserve Bank of Dallas
Virginia Beach, VA, United States
Details
Experience:
• Lead risk-focused IT assessments and examinations of financial institutions and service providers.
• Review IT audit and operations, information security programs, systems development life cycle processes, and management information systems for assurance of safe and sound practices and compliance with applicable banking laws, regulations, and policy statements.
• Partner with IT and safety and soundness examiners to plan and participate in supervisory events of financial institutions and service providers.
• Analyze an entity’s policies, procedures and controls related to IT strategy, risk, internal and external audit, development and acquisition, cyber and information security, business continuity management, and operational capabilities.
• Work with examiners, Reserve Bank management, and other federal and state banking regulators to recommend IT regulatory ratings and assessments.
• Develop work papers and accurate reports to document the analysis and support conclusions.
• Present examination conclusions to Reserve Bank management during vetting meetings and to institutions management during exit meetings.
• Develop surveillance briefings and research on emerging IT and cybersecurity threats.
• Participate in Reserve Bank and System IT workgroup initiatives.
• Maintain knowledge in information security, risk management, end point and server technologies, network management/architecture, intrusion detection and prevention systems, vulnerability/pen testing management, audit, and patch management systems.
2023 : Present
Federal Reserve Bank of Dallas
IT Cybersecurity Risk Specialist
2022 : 2023
Virginia State Corporation Commission
Principal Information Technology Examiner
Certified Information Systems Auditor
Leads and manages supervisory Information Technology/Information Security examinations of state-chartered financial institutions with assets of up to approximately $30B, including determining scope, ratings, resources required, and assignments.
Analyses institution compliance with law, regulation (including GLBA, FDIC, NCUA, FFIEC, and state), and industry best practices.
Ensures effective supervision of all information technology/information security risk areas, including management, audit, support and delivery, development and acquisition, cybersecurity, and electronic banking platforms (e-banking and mobile)
Drafts, reviews, organizes, and verifies supervisory examination work papers and reports of examination prepared by self and others.
Communicates, both verbally and in writing, examination findings and conclusions to institution and agency management.
Leads exit meetings with institution management, members of the board of directors, federal agency counterparts (FDIC, FRB, NCUA), and agency management.
Works closely with institutions' primary federal regulators, including leading joint examinations.
Performs follow-up supervisory contacts with regulated institutions to ensure ongoing compliance with prior examination findings.
Provides feedback to other examiners assigned to the examination team.
Ensures open, constructive, and effective communication with all stakeholders, including institution management, agency management, and examination team members.
Leads special projects as needed, including the maintenance of the examination team's SharePoint site.
Ensures all examination documentation is secured according to agency guidelines, laws, and regulations.
2019 : 2022
Virginia State Corporation Commission
Senior Information Technology Examiner
• Define the supervisory strategy of IT examination based on risk profile analysis
• Create the request list of documents needed to perform the examination review on banks with assets ranging from $300 million to $30 billion
• Perform examinations on complex banks following FFIEC guidelines, GLBA, FDIC rules and regulations Part 364 Appendix A and B, COBIT, and NIST framework
• Lead and assist in all phases of bank examinations for IT, including audit, support and delivery practices, risk management techniques, management information systems, development and acquisition practices, disaster recovery and business continuity planning, and internal controls associated with IT
• Participate in the vetting of examination findings
• Prepare reports to Board of Directors, executive management, and agency management detailing the scope of the review, deficiencies noted during examinations, and recommendations concerning corrective actions
• Develop examination plans, set timelines and milestones, assign duties and responsibilities to teammates from the Federal Reserve Bank, Federal Deposit Insurance Corporation, and Virginia Bureau of Financial Institutions, and ensure plan goals are achieved
• Conduct exit meetings with Board of Directors and executive management to present deficiencies involving complex issues and recommendations
• Mentor junior examiners during examinations, providing on-the-job training and constructive feedback
• Serve as a subject matter expert in IT operations and management, information security and identity theft red flags, cyber security, independent review programs, electronic banking, incident response, and emergency preparedness
• Maintain awareness of industry developments and banking regulations governing the examination process and technology tools
• Enhance professional and technical knowledge through on-the-job and outside training
2018 : 2019
Virginia State Corporation Commission
Information Technology Examiner
2016 : 2018
Virginia State Corporation Commission
Financial Institutions Financial Analyst
• Review IT audit and operations, information security programs, systems development life cycle processes, and management information systems for assurance of safe and sound practices and compliance with applicable banking laws, regulations, and policy statements.
• Partner with IT and safety and soundness examiners to plan and participate in supervisory events of financial institutions and service providers.
• Analyze an entity’s policies, procedures and controls related to IT strategy, risk, internal and external audit, development and acquisition, cyber and information security, business continuity management, and operational capabilities.
• Work with examiners, Reserve Bank management, and other federal and state banking regulators to recommend IT regulatory ratings and assessments.
• Develop work papers and accurate reports to document the analysis and support conclusions.
• Present examination conclusions to Reserve Bank management during vetting meetings and to institutions management during exit meetings.
• Develop surveillance briefings and research on emerging IT and cybersecurity threats.
• Participate in Reserve Bank and System IT workgroup initiatives.
• Maintain knowledge in information security, risk management, end point and server technologies, network management/architecture, intrusion detection and prevention systems, vulnerability/pen testing management, audit, and patch management systems.
2023 : Present
Federal Reserve Bank of Dallas
IT Cybersecurity Risk Specialist
2022 : 2023
Virginia State Corporation Commission
Principal Information Technology Examiner
Certified Information Systems Auditor
Leads and manages supervisory Information Technology/Information Security examinations of state-chartered financial institutions with assets of up to approximately $30B, including determining scope, ratings, resources required, and assignments.
Analyses institution compliance with law, regulation (including GLBA, FDIC, NCUA, FFIEC, and state), and industry best practices.
Ensures effective supervision of all information technology/information security risk areas, including management, audit, support and delivery, development and acquisition, cybersecurity, and electronic banking platforms (e-banking and mobile)
Drafts, reviews, organizes, and verifies supervisory examination work papers and reports of examination prepared by self and others.
Communicates, both verbally and in writing, examination findings and conclusions to institution and agency management.
Leads exit meetings with institution management, members of the board of directors, federal agency counterparts (FDIC, FRB, NCUA), and agency management.
Works closely with institutions' primary federal regulators, including leading joint examinations.
Performs follow-up supervisory contacts with regulated institutions to ensure ongoing compliance with prior examination findings.
Provides feedback to other examiners assigned to the examination team.
Ensures open, constructive, and effective communication with all stakeholders, including institution management, agency management, and examination team members.
Leads special projects as needed, including the maintenance of the examination team's SharePoint site.
Ensures all examination documentation is secured according to agency guidelines, laws, and regulations.
2019 : 2022
Virginia State Corporation Commission
Senior Information Technology Examiner
• Define the supervisory strategy of IT examination based on risk profile analysis
• Create the request list of documents needed to perform the examination review on banks with assets ranging from $300 million to $30 billion
• Perform examinations on complex banks following FFIEC guidelines, GLBA, FDIC rules and regulations Part 364 Appendix A and B, COBIT, and NIST framework
• Lead and assist in all phases of bank examinations for IT, including audit, support and delivery practices, risk management techniques, management information systems, development and acquisition practices, disaster recovery and business continuity planning, and internal controls associated with IT
• Participate in the vetting of examination findings
• Prepare reports to Board of Directors, executive management, and agency management detailing the scope of the review, deficiencies noted during examinations, and recommendations concerning corrective actions
• Develop examination plans, set timelines and milestones, assign duties and responsibilities to teammates from the Federal Reserve Bank, Federal Deposit Insurance Corporation, and Virginia Bureau of Financial Institutions, and ensure plan goals are achieved
• Conduct exit meetings with Board of Directors and executive management to present deficiencies involving complex issues and recommendations
• Mentor junior examiners during examinations, providing on-the-job training and constructive feedback
• Serve as a subject matter expert in IT operations and management, information security and identity theft red flags, cyber security, independent review programs, electronic banking, incident response, and emergency preparedness
• Maintain awareness of industry developments and banking regulations governing the examination process and technology tools
• Enhance professional and technical knowledge through on-the-job and outside training
2018 : 2019
Virginia State Corporation Commission
Information Technology Examiner
2016 : 2018
Virginia State Corporation Commission
Financial Institutions Financial Analyst
Company:
Federal Reserve Bank of Dallas
Spoken Language:
English
About
Highly motivated Certified Information Systems Auditor currently employed as a Principal Information Technology Examiner with the Virginia State Corporation Commission (Bureau of Financial Institutions).
Profile Photo
