Profiles search
Mario Phillips, CISA, CRISC, CISM, CDPSE
IT Governance, Security & Audit Professional
Charlotte, NC, United States
Details
Experience:
• Leads cross functional teams to strategize, plan, and execute a variety of programs, services, and initiatives to support Commercial Real Estate
• Drives accountability for assigned initiatives, limit risk exposure, and create efficiencies as appropriate.
• Reviews strategic approaches and effectiveness of support function and business performance.
• Performs certifications and assessments through fact finding and data requiring creative approaches to solving complex issues, and develop appropriate solutions or recommendations
• Provides guidance and advocacy regarding the prioritization of LOB investments that impact IAM
• Advises management and business on risk issues related to IAM and recommend actions in support of the bank's wider risk management and compliance programs
• Supports business with IAM audits and exams
• Participates in CIB and Tech forums and meetings to coordinate IAM program activities and to drive IAM control-solution and process adoption.
• Connects clients with appropriate IAM subject matter experts
2023 : Present
Wells Fargo
CIB Information Security Group Lead
• Ensures compliance with the execution of the issue management and incident loss reporting risk standards for CS&T.
• Supports the identification of control gaps, incidents and assist CS&T management in creating and documenting necessary remediation steps,
• Assesses the cause of incidents to understand risk drivers, themes, trends and where similar exposures may exist in other areas of the business.
• Proactively monitors issue resolution and risk acceptance levels and escalates issues to CS&T management and Enterprise Risk Management (ERM as needed
• Ensures that required evidence and documentation is maintained within the eGRC system of record.
• Supports the compilation of management reporting for incidents and issues.
• Establishes an integrated and collaborative relationship with 2nd and 3rd line of defense partners from ERM, Compliance and Audit to ensure continued compliance with ERM requirements.
2019 : 2023
TIAA
Manager, Business Unit Risk & Control
• Works with key stakeholders to develop and/or update Information Security Policies Standards and system-level controls.
• Conducts risk assessments for several areas to help the organization understand risk from policy deviation.
• Works with key leadership to determine key risk information security metrics and manages the collection, development and dissemination of information security metrics.
• Designs and maintains various request workflows and applications within RSA Archer as needed.
• Documents standard operating procedures and processes utilized by the security governance team.
• Provides security advisory assistance to Lowe's IT and Business members.
2018 : 2019
Lowe's Companies, Inc.
Information Security Analyst II
•Monitors and governs regulatory compliance with applicable federal and state regulations in US and country specific regulations in EMEA and APAC regions.
•Provides guidance on IT regulatory requests and identifies key stakeholders to aid management’s response as well as guide the organization in the establishment of requisite controls.
•Reviews Audit findings to ensure governance bodies have end-to-end visibility into audits across the enterprise.
•Monitors and governs MRIA/MRA remediation efforts and provide credible challenge where necessary.
•Conducts review meetings with various internal IT groups such as IT risk, IT security and compliance, Legal, Finance and Business teams.
•Reviews and communicates current and emerging IT regulatory developments and inform senior management on the impact to IT operations.
•Coordinates regulatory exams and inquiries.
2016 : 2018
AIG
Senior IT Audit Governance Analyst
• Responsible for demonstrating professional skepticism while performing major components of audits within WF business activities
• Identify and develop compensating controls that mitigate audit findings and make recommendations to management
• Perform audits of application development, support processes, and related activities
• Conducts IT operational audits identifying and establishing controls, ensuring compliance with best practices.
• Communicates and reports issues between technology, financial business units and Senior Management.
• Execute and document work in accordance with Wells Fargo Audit Services policy
2014 : 2016
Wells Fargo
Senior IT Auditor
• Drives accountability for assigned initiatives, limit risk exposure, and create efficiencies as appropriate.
• Reviews strategic approaches and effectiveness of support function and business performance.
• Performs certifications and assessments through fact finding and data requiring creative approaches to solving complex issues, and develop appropriate solutions or recommendations
• Provides guidance and advocacy regarding the prioritization of LOB investments that impact IAM
• Advises management and business on risk issues related to IAM and recommend actions in support of the bank's wider risk management and compliance programs
• Supports business with IAM audits and exams
• Participates in CIB and Tech forums and meetings to coordinate IAM program activities and to drive IAM control-solution and process adoption.
• Connects clients with appropriate IAM subject matter experts
2023 : Present
Wells Fargo
CIB Information Security Group Lead
• Ensures compliance with the execution of the issue management and incident loss reporting risk standards for CS&T.
• Supports the identification of control gaps, incidents and assist CS&T management in creating and documenting necessary remediation steps,
• Assesses the cause of incidents to understand risk drivers, themes, trends and where similar exposures may exist in other areas of the business.
• Proactively monitors issue resolution and risk acceptance levels and escalates issues to CS&T management and Enterprise Risk Management (ERM as needed
• Ensures that required evidence and documentation is maintained within the eGRC system of record.
• Supports the compilation of management reporting for incidents and issues.
• Establishes an integrated and collaborative relationship with 2nd and 3rd line of defense partners from ERM, Compliance and Audit to ensure continued compliance with ERM requirements.
2019 : 2023
TIAA
Manager, Business Unit Risk & Control
• Works with key stakeholders to develop and/or update Information Security Policies Standards and system-level controls.
• Conducts risk assessments for several areas to help the organization understand risk from policy deviation.
• Works with key leadership to determine key risk information security metrics and manages the collection, development and dissemination of information security metrics.
• Designs and maintains various request workflows and applications within RSA Archer as needed.
• Documents standard operating procedures and processes utilized by the security governance team.
• Provides security advisory assistance to Lowe's IT and Business members.
2018 : 2019
Lowe's Companies, Inc.
Information Security Analyst II
•Monitors and governs regulatory compliance with applicable federal and state regulations in US and country specific regulations in EMEA and APAC regions.
•Provides guidance on IT regulatory requests and identifies key stakeholders to aid management’s response as well as guide the organization in the establishment of requisite controls.
•Reviews Audit findings to ensure governance bodies have end-to-end visibility into audits across the enterprise.
•Monitors and governs MRIA/MRA remediation efforts and provide credible challenge where necessary.
•Conducts review meetings with various internal IT groups such as IT risk, IT security and compliance, Legal, Finance and Business teams.
•Reviews and communicates current and emerging IT regulatory developments and inform senior management on the impact to IT operations.
•Coordinates regulatory exams and inquiries.
2016 : 2018
AIG
Senior IT Audit Governance Analyst
• Responsible for demonstrating professional skepticism while performing major components of audits within WF business activities
• Identify and develop compensating controls that mitigate audit findings and make recommendations to management
• Perform audits of application development, support processes, and related activities
• Conducts IT operational audits identifying and establishing controls, ensuring compliance with best practices.
• Communicates and reports issues between technology, financial business units and Senior Management.
• Execute and document work in accordance with Wells Fargo Audit Services policy
2014 : 2016
Wells Fargo
Senior IT Auditor
Company:
Wells Fargo
Spoken Language:
English
About
Manager Business Unit Risk & Control with more than several years of demonstrated history of working in the banking industry. Skilled in the areas of Compliance, Information Security, Information Security and CISA / Assurance roles including Sarbanes Oxley (SOX), Third Party Oversight Review, Application Control Management, Risk Based Auditing & Testing processes. Proficient in managing projects through the project life cycle as well as providing leadership and support to team members throughout all phases of a project lifecycle by utilizing leadership and communication skills along with analytical, organizational abilities
Profile Photo
