• Standardizing API Governance: Improved interoperability and developer productivity by authoring U.S. Bank REST standards in partnership with Enterprise Governance

• Enforcing API Design Standards: Improved API design consistency, enhanced developer experience, and ensured adherence to U.S. Bank REST Standards by conducting API design review sessions

• Establishing API Lifecycle Management: Set a structured framework for versioning, deprecation, and support and enhanced consumer experience by creating API product lifecycle standards

• Streamlining API Launch Processes: Reduced integration friction for external customers and improved adherence to standards by defining and enforcing a checklist-driven process prior to product launch

• Standardizing API Documentation: Reduced manual overhead by integrating governance checks into the API deployment pipeline

• Enabled teams to maintain consistency, improved API documentation quality and enhanced developer efficiency by developing reusable YAML templates

AUDIT AND ISSUES MANAGEMENT:

· Improved upon the issues management process by accounting for review timelines leading to timely upgrade and completion approvals by Audit and keeping CFT past due issues less than 2% of GT&O

· Coached application team response to FAST Audits resulting in fewer Audit identified issues for the organization

RISK ANALYTICS PLATFORM (RAP):

· Designed the Deliverable Tracking module for the RAP tool which enabled milestone-level tracking resulting in the ability to identify exceptions and outliers early on in the remediation timeline for appropriate escalation

RISK CONSULTATION AND REMEDIATION:

· Provided risk oversight and guidance for the organization including:

· Developing and implementing risk mitigation strategies

· Due diligence and compliance as per GIS defined policies, standards and controls

· Consulted on appropriate information security policy adoption for organization-wide remediation leading to significant risk and cost reduction. Remediation efforts included CFT applications complying with the following policies:

· Consistent logging and monitoring of security logs

· Centralized access request and management

· Alignment to bank recognized data retention codes and subsequent design of purge processes

RISK REPORTING:

· Designed and built reports for the organization's quarterly review with the Regulators (OCC & FRB)

RISK GOVERNANCE – IDENTITY AND ACCESS MANAGEMENT (IAM) PROGRAM:

· Coordinated Access Control Testing (ACT) assessments and resolved gaps in application’s access management, authentication and governance processes

· Monitored and reported on metrics around access policy adherence

RISK GOVERNANCE – COMPLIANCE PROGRAM:

· Managed the Secure and Confidential Data Governance programs focused on securing confidential data in all application environments by either sanitizing or implementing a minimum set of controls to ensure confidentiality and integrity of data

· Drove the first information security assessment for the organization geared around Payment Card Industry Data Security Standards (PCI DSS). The effort focused on:

· Identifying PCI DSS gaps within applications dealing with card data

· Remediating risks consistently across the organization in a sustainable manner