Profiles search

Zulfi Fanuswala

Cybersecurity | Cloud | Operational Risk Management | Security Assurance | Regulatory Management
Belle Mead, NJ, United States

Details

Education: M.S

Information Technology

Rochester Institute of Technology

2001 : 2003

CFA - Registered Level 3 Candidate

Finance, General

CFA Institute

2009 : 2013

B.E

Electrical Engineering

University of Mumbai

1997 : 2001
Experience: 2022 : Present

BNY Mellon

Director, Cyber Risk

2020 :

Indiana University Bloomington

IU Cybersecurity Advisory Council Member

• Globally own the strategy and execution of Cloud Risk Management Oversight. Developed the Cloud Risk Management Framework for Morgan Stanley.

• Partner with CIOs and enterprise technologists with accountability for delivering effective operational risk and cyber security management routines.

• Implemented a technology risk management practice for supporting Cloud functions, providing effective second line of defense capabilities with managing process, risk, control and cyber security requirements for Cloud strategy enablement, governance, application onboarding, and hosting capabilities in a Hybrid Cloud environment (Microsoft Azure, AWS, Google Cloud Platform). Built out and lead a dedicated team of risk managers to support required risk advisory, monitoring, and control assessment routines supporting Cloud services (PaaS, IaaS, SaaS, Public, Hybrid).

• Lead various risk assessment activities to affirm current control environment risk posture and inherent/ residual risk levels, validating sustainment of existing processes, controls, and compliance policies for effective technology operations and cyber security, and identifying improvement opportunities informed by industry-recognized frameworks (NIST, FedRAMP, CCM, FFIEC).

• Oversight of technology governance programs to ensure aggregate risk view across production services, with focus on monitoring and assessment of technology risk and cyber security vulnerabilities, risk reduction initiatives, policy compliance, and actionable reporting backed with KRI/KPI metrics.

• Management of financial regulatory relations, including execution of critical remediation commitments, with accountability for ensuring consistent and timely response delivery to regulators.

2021 : 2022

Morgan Stanley

Senior Team Lead - Cybersecurity Risk

• Responsible for the Risk and Control definition for Agile and the Enterprise Pipeline (CI/CD) deemed as strategic initiatives.

• Responsible for Change the bank initiatives like implementation of Agile tools and methodologies towards Risk Management. Leverage extensive engineering and software development background in working with engineering and IT teams to design and test controls.

• Guide engineering teams to enhance risk management with the goal of achieving compliance.

• Collaborate with external/Internal audit teams on risk assessment scoping, control designs, control testing, deficiency evaluation and remediation.

2020 : 2021

Wells Fargo

Control Sr. Officer - Technology and Architecture Risk

• Responsible for RCSA program buildout, execution and development for Technology at MUFG USA including regulatory response with OCC and FRB.

• Responsible for the Transformation Risk management program (AWS, O365 & Agile methodologies) at MUFG USA including reporting to senior management, board of directors and regulatory agencies. (OCC and FRB).

• Risk culture change ambassador, implementing the overarching goal of “Risk & Compliance should not hinder engineering and business team's productivity”.

• Responsible for the automation of Control testing and a continuous assessment strategy.

2017 : 2020

MUFG

Director - Technology and Operational Risk
Company: BNY Mellon
Years of Experience: 19

Skills

Active Directory, Business Intelligence, Cloud Computing, Cloud Risk , Cyber Security Risk, Databases, Disaster Recovery, Enterprise Architecture, IIS, Integration, ITIL, IT Management, IT Strategy, Leadership, Lync, Lync Server 2010, Management, Microsoft Certified Professional, Microsoft Exchange, Microsoft Office Sharepoint Server, Microsoft SQL Server, Operational Risk Management, RCSA, Risk Assessment, Risk Management, SharePoint, SharePoint Server, Software Development Life Cycle (SDLC), Strategic Planning, System Deployment, Team Leadership, Thought Leadership, Vendor Management, Virtualization, VMware, Windows Server, Microsoft Office, Microsoft Certified

About

Successfully bridging the worlds of Cloud Engineering | Operations and Security, Risk, Governance & Compliance one regulated entity at a time.



Cyber, Tech and Operational Risk Measurement (Quantitative Risk favoring) & Management

Regulatory Management

Board Risk Reporting

Emerging Risk Management

Cloud Technologies enthusiast