Profiles search
John Young
Assistant Vice President, Global Information Security at Bank of America
Chicago, IL, United States
Details
Experience:
2019 : Present
Bank of America
Assistant Vice President, Global Information Security
- Led and supported numerous IT and cyber risk improvement initiatives for companies in the financial services sector
- Served as a fieldwork leader across engagements by directing daily progress, informing supervisors of engagement status, proactively communicating project risks and delays, and effectively managing engagement budget and staffing resources
- Designed and implemented various program frameworks, methodologies, operating models, processes, communication plans, risk metrics and reporting capabilities across the 1LoD and 2LoD
- Functioned as a key resource on a 3rd party risk assessment client engagement through improving program processes, assisting in the development of methodologies and program-related products, building strategic relationships with the client, and executing numerous onsite assessments as part of the startup 3rd party risk assessment program
2016 : 2019
EY
Cyber & Technology Risk Senior Associate
Provided services for engagements focused in Information Security, Application and General Technology Controls testing, Governance, Risk and Compliance (GRC), and Business Consulting.
INFORMATION SECURITY :
- Led several external and internal penetration tests involving various project teams, both national and international locations, and thousands of systems across these locations.
- Developed a testing framework used when managing social engineering (SE) engagements where various attack vectors were used to assess company’s resiliency to SE attacks.
- Assessed the security level of various networks, web applications, and mobile applications to determine the client's exposure level to an external/internal attack.
- Provided valuable improvement suggestions (in both a technical capacity as well as a business process capacity) to clients as their trusted adviser.
- Coordinated and led Grant Thornton's national monthly technical security meeting since October 2014.
APPLICATION & GENERAL TECHNOLOGY CONTROLS :
- Served two years as the lead IT auditor on numerous private and public companies (including accelerated filers).
- Assisted in the development of firm methodologies related to IT Assurance.
GOVERNANCE, RISK, & COMPLIANCE :
- Worked on a large project to establish a quality control function for a Fortune 50 Mortgage Bank. Performed control development in an overall effort of the quality control function. The quality control function was established to help ensure compliance with industry-wide guidance issued by the Treasury Department for loan modifications, known as the Making Home Affordable (MHA) Program.
- Led and managed several IT SOX and Internal Audit engagements across various industries.
BUSINESS CONSULTING :
- Developed and implemented imperative IT controls for a large international pharmaceutical corporation.
- Assisted in the alignment of various IT controls between two companies.
2012 : 2016
Grant Thornton LLP
BAS Senior Associate
Bank of America
Assistant Vice President, Global Information Security
- Led and supported numerous IT and cyber risk improvement initiatives for companies in the financial services sector
- Served as a fieldwork leader across engagements by directing daily progress, informing supervisors of engagement status, proactively communicating project risks and delays, and effectively managing engagement budget and staffing resources
- Designed and implemented various program frameworks, methodologies, operating models, processes, communication plans, risk metrics and reporting capabilities across the 1LoD and 2LoD
- Functioned as a key resource on a 3rd party risk assessment client engagement through improving program processes, assisting in the development of methodologies and program-related products, building strategic relationships with the client, and executing numerous onsite assessments as part of the startup 3rd party risk assessment program
2016 : 2019
EY
Cyber & Technology Risk Senior Associate
Provided services for engagements focused in Information Security, Application and General Technology Controls testing, Governance, Risk and Compliance (GRC), and Business Consulting.
INFORMATION SECURITY :
- Led several external and internal penetration tests involving various project teams, both national and international locations, and thousands of systems across these locations.
- Developed a testing framework used when managing social engineering (SE) engagements where various attack vectors were used to assess company’s resiliency to SE attacks.
- Assessed the security level of various networks, web applications, and mobile applications to determine the client's exposure level to an external/internal attack.
- Provided valuable improvement suggestions (in both a technical capacity as well as a business process capacity) to clients as their trusted adviser.
- Coordinated and led Grant Thornton's national monthly technical security meeting since October 2014.
APPLICATION & GENERAL TECHNOLOGY CONTROLS :
- Served two years as the lead IT auditor on numerous private and public companies (including accelerated filers).
- Assisted in the development of firm methodologies related to IT Assurance.
GOVERNANCE, RISK, & COMPLIANCE :
- Worked on a large project to establish a quality control function for a Fortune 50 Mortgage Bank. Performed control development in an overall effort of the quality control function. The quality control function was established to help ensure compliance with industry-wide guidance issued by the Treasury Department for loan modifications, known as the Making Home Affordable (MHA) Program.
- Led and managed several IT SOX and Internal Audit engagements across various industries.
BUSINESS CONSULTING :
- Developed and implemented imperative IT controls for a large international pharmaceutical corporation.
- Assisted in the alignment of various IT controls between two companies.
2012 : 2016
Grant Thornton LLP
BAS Senior Associate
Company:
Bank of America
About
John has over 7 years of experience helping clients design, develop and continuously improve their people, processes and technologies in support of organization objectives. John has served banking and capital markets, insurance, life sciences, consumer & industrial products, and manufacturing & distribution industry businesses with IT risk program strategy & transformation, third party risk management, IT risk and control framework design & implementation, IT & cyber regulatory management, controls advisory, quality assurance & quality control program design, cyber risk, organizational technology alignment, operating model design, and cloud strategy initiatives.
Profile Photo
