Profiles search
Aminci Fompun, CISSP
Cybersecurity & Technology Controls Leader.
Columbus, OH, United States
Details
Experience:
2023 : Present
JPMorgan Chase & Co.
Executive Director, Cybersecurity & Technology Controls
Director – PB&WMT – Head of Security and SDLC Controls Transformation
2021 : 2023
Citi
Director, PBWM - Engineering, Risk & Controls and Transformation at Citi
Recruited, trained and managed geographically dispersed teams of Cybersecurity and Technology Controls professionals responsible for managing the risk posture for multiple lines of business (LoB) within JP Morgan Chase’s Consumer and Community Bank.
Key security leader in 131 audits designing and implementing sustainable control readiness practices for aligned LoBs to test and strengthen design and execution of controls while working with 3rd line of defense audit functions to manage the successful completion of RFIs during Fieldwork. Results when departed from JPMC : 0 failed audits, 0 failed (or late) audit issue closures, 0 open audit issues.
Led monthly Technology Control Risk Committees which provided the aligned CIOs and Technology Leadership teams with an accurate view of the LoBs threat landscape, changes to KRIs and KPIs relative to the firm’s risk appetite and how to adapt dev practices to protect key assets. Provided clear explanation of technology risk to supported critical business processes with plain English descriptions of inherent versus residual risk postures post mitigating or compensating controls.
Had direct accountability to CIOs. Provided risk guidance or input to CIOs, CTOs and CISOs/BISOs on business risk, enterprise release Go/No Go recommendations, LoB wide thematic control gap remediation or implementing LoB wide tech control frameworks. Voting member in architecture review boards advising the CIO of business risk to the product providing risk mitigation ROI recommendations. Redesigned CIO reporting to provide risk views relative to impact to Business product lines.
Updated the firm wide data protection standard to address and mitigate the risk of unauthorized bulk exporting of PII, Confidential and Highly Confidential data at the app layer and worked with that control domain authority to implement firm wide. Directed team to successfully mitigate the risk of unauthorized bulk exporting of data for over 400 applications.
2017 : 2021
J.P. Morgan
Lead Information Security Manager & LOB Lead Information Security Manager
Served as the Application Development Manager and Cybersecurity Risk Officer for a portfolio of SOX and other applications for JP Morgan Chase’s Workforce Management group responsible for managing their risk profiles within the firm's risk tolerance and communicating the risk posture to aligned business and technology stakeholders.
Responsibilities included providing risk guidance to application owners and business product owners, completing application control assessments, completing and testing Resiliency plans (DR, SR), completing business operational controls reviews, completing vendor risk assessments and working directly with vendors to remediate control gaps, cyber threat intelligence reviews and response, IAM controls reviews and remediation (inclusive of onboarding functional accounts to password vaults), cyber event remediation inclusive of root cause analysis and post event updates to standards and controls. Planned and contributed to monthly Technology Control Risk Committees which provided the aligned CTO, Business partners and other stakeholders (i.e., 2nd and 3rd line of defense partners) with the comprehensive risk posture for the line of business.
2013 : 2017
J.P. Morgan
Technology Controls Officer/Application Portfolio Manager
Had multiple roles in Business Systems Analysis and Technology Project Management.
2005 : 2013
J.P. Morgan
Investment Bank - Treasury & Securities Services Professional
JPMorgan Chase & Co.
Executive Director, Cybersecurity & Technology Controls
Director – PB&WMT – Head of Security and SDLC Controls Transformation
2021 : 2023
Citi
Director, PBWM - Engineering, Risk & Controls and Transformation at Citi
Recruited, trained and managed geographically dispersed teams of Cybersecurity and Technology Controls professionals responsible for managing the risk posture for multiple lines of business (LoB) within JP Morgan Chase’s Consumer and Community Bank.
Key security leader in 131 audits designing and implementing sustainable control readiness practices for aligned LoBs to test and strengthen design and execution of controls while working with 3rd line of defense audit functions to manage the successful completion of RFIs during Fieldwork. Results when departed from JPMC : 0 failed audits, 0 failed (or late) audit issue closures, 0 open audit issues.
Led monthly Technology Control Risk Committees which provided the aligned CIOs and Technology Leadership teams with an accurate view of the LoBs threat landscape, changes to KRIs and KPIs relative to the firm’s risk appetite and how to adapt dev practices to protect key assets. Provided clear explanation of technology risk to supported critical business processes with plain English descriptions of inherent versus residual risk postures post mitigating or compensating controls.
Had direct accountability to CIOs. Provided risk guidance or input to CIOs, CTOs and CISOs/BISOs on business risk, enterprise release Go/No Go recommendations, LoB wide thematic control gap remediation or implementing LoB wide tech control frameworks. Voting member in architecture review boards advising the CIO of business risk to the product providing risk mitigation ROI recommendations. Redesigned CIO reporting to provide risk views relative to impact to Business product lines.
Updated the firm wide data protection standard to address and mitigate the risk of unauthorized bulk exporting of PII, Confidential and Highly Confidential data at the app layer and worked with that control domain authority to implement firm wide. Directed team to successfully mitigate the risk of unauthorized bulk exporting of data for over 400 applications.
2017 : 2021
J.P. Morgan
Lead Information Security Manager & LOB Lead Information Security Manager
Served as the Application Development Manager and Cybersecurity Risk Officer for a portfolio of SOX and other applications for JP Morgan Chase’s Workforce Management group responsible for managing their risk profiles within the firm's risk tolerance and communicating the risk posture to aligned business and technology stakeholders.
Responsibilities included providing risk guidance to application owners and business product owners, completing application control assessments, completing and testing Resiliency plans (DR, SR), completing business operational controls reviews, completing vendor risk assessments and working directly with vendors to remediate control gaps, cyber threat intelligence reviews and response, IAM controls reviews and remediation (inclusive of onboarding functional accounts to password vaults), cyber event remediation inclusive of root cause analysis and post event updates to standards and controls. Planned and contributed to monthly Technology Control Risk Committees which provided the aligned CTO, Business partners and other stakeholders (i.e., 2nd and 3rd line of defense partners) with the comprehensive risk posture for the line of business.
2013 : 2017
J.P. Morgan
Technology Controls Officer/Application Portfolio Manager
Had multiple roles in Business Systems Analysis and Technology Project Management.
2005 : 2013
J.P. Morgan
Investment Bank - Treasury & Securities Services Professional
Company:
JPMorgan Chase & Co.
About
Business focused security leader with extensive experience in building diverse and inclusive teams. Demonstrated expertise in implementing risk-based strategies aligned with cutting edge DevSecOps models to transform businesses and minimize the impact of technology risk to product lines and aligned processes.
Profile Photo
