Tina Le Boeuf

Vendor Management, Disaster Recovery Plan Documentation Owner, and IT Governance

• Third-party vendor management through review of SOC reports, certifications, testing, contracts, and other critical documents necessary to derive information on data flows for preparation of risk assessments to minimize the Bank's risk appetite. Extract CUEC information to implement controls.
• Coordinate and document disaster recovery plan for Optum Bank
• GLBA Risk Assessment, FFIEC CAT tool, Secure sync file administrator, Application provision and deprovisioning (Fiserv and FIS), Access Audit and Reviews, Gather audit documentation and evidence for SOC and HiTRUST certification

• Create and implement an Information Security Program (IS Policy and Plan, Incident Response Plan & Testing, Vendor Management, Strategic Plan, GLBA annual review and Disaster Recover/Business Continuity Plan & Testing, CAT Tool, Risk Assessment, and Employee and Board Training). Charged with IT Steering Committee, presentation, and documentation. Charged with managing audit engagement both external and regulatory and tracking findings to completion.
• Implement Vendor Management program including policies and risk assessments. Onboarding utilizing programs such as Tandem and Quantivate. Documentation gathering and review including contracts (attorney redlining and vendor negotiation), SOC security controls, financials, insurances, pen test, disaster recovery/business continuity, incident response, and CUECs. Categorized vendors according to risk and services provided. Continued monitoring of mission critical vendors for security assurance and service evaluation to maintain according to SLA. Analyze vendor risks and report to senior management listing any exceptions.
• Member of InfraGard- partnership between FBI and private sector to share intelligence.
• Member FS-ISAC a shared vulnerability and threat sharing forum that provides financial institutions with known security issues affecting common hardware and software.

• Maintain all information technology policies including the following: Information Systems and Security Policy, Enterprise-Wide Risk Assessment, Disaster Recovery and Business Continuity Policy, Incident Response Policy, and Employee Usage Policy
• Third-party vendor management through review of SOC reports, contracts, and other critical documents necessary to derive information on data flows for preparation of risk assessments to minimize the Bank's risk appetite. Extract CUEC information to implement controls.
• Coordinate and document disaster recovery and incident response exercises and events that occur during the year which include follow-up with lessons learned
• Coordinate and prepare documents for Parish and State Re-entry acquiring credentials from state agency and distributing during emergency preparedness situations
• Manage GETS and WPS communications portal
• Prepare Cybersecurity Assessment Tool (CAT) to determine the Bank's risk appetite and track maturity levels making changes dictated by strategic planning and infrastructure changes
• Prepare Board and employee information security training including phishing campaigns
• Prepare documents for vulnerability tracking and provide mediation recommendations
• Responsible for the documentation of Information Technology Minutes
• Handle internal and external audit request documentation
• Coordinate disaster recovery with business unit managers to develop business continuity strategies
• Research GDPR and provide policy to management with guidelines on implementation
• Member of FS-ISAC a shared vulnerability and threat sharing forum that provides financial institutions with known security issues affecting common hardware and software.
• Firewall VPN Log reviews
• Provided financial core system (FIS) and Active Directory user rights reviews
• I consolidated the Information Security Policies, Risk Assessments, Incident Response Policies, and Disaster Recovery/Business Continuity Policies for five banks deriving one cohesive policy to represent the lead bank. I created a Cyber Security Assessment Tool (CAT) capable of monitoring the inherent risks and maturity levels of each bank at a glance until the banks consolidate. I was also looking he FIS come administrator and spearheaded the streamlining of core security groups creating one bank with the concept of least privilege.

• Preparation of ITC Minutes, Policies, & Risk Assessments for Board Presentation
• IT Policies, Audit Engagements and Document Request Preparation
• Third-Party Vendor Management Documentation gathering and review including contracts (attorney redlining and vendor negotiation), SOC security controls, financials, insurances, pen test, disaster recovery/business continuity, incident response, and CUECs. Categorized vendors according to risk and services provided. Continued monitoring of mission critical vendors for security assurance and service evaluation to maintain according to SLA. Analyze vendor risks and report to senior management listing any exceptions.
• Responsible for the Bank’s network equipment, phone systems, cameras, and DVRs
• Responsible for backups administration (hardware, software, & recovery)
• WSUS and Patch Management
• Microsoft Exchange and IronPort email encryption device.
• Active Directory Administration and various financial application rollout and management
• Help Desk Support both remote and on-site
• Asset management and hardware rollout
• ATMs (hardware & software)

• Same responsibilities listed above for Synergy Bank IT Administrator