Parin Jayendra Gogri

Responsible for supporting security risk assessments for different lines of business to ensure Third Party providers are in compliance with the JPMorgan Chase Third Party Oversight standard and processes. Our team is tasked, in partnership with the line of business Relationship Managers, to ensure that JPMorgan information and operations are suitably managed while using an external provider. Specifically, I:  Engage with Relationship Managers to ensure their Third Party Providers are reviewed in accordance with JPMorgan Chase standards.  Drive aspects of risk assessment of third party providers  Doing security risk assessments for Tier 2 and Tier 3 risk rated vendors which may be through onsite visit to vendor premises or through telephonic discussions.  Work with assessors in security risk assessments of the Third Party providers, either through use of external assessors, remote/onsite reviews.  Provide recommendations to the Relationship Managers for use of the Third Party Providers and remediation of issues.  Drive Quality Assurance (QA) program for Tier 1 engagements - Remediation Plans (RP) or Non Compliance Acceptance (NCA) that are identified in assessments and making sure they have the right structure and verbiage which helps in creating efficiency and provides clear understanding when and how it needs to be closed.  Analyze and validate support documents that are provided by vendors in response to questions or queries raised before or during assessment. This includes reviewing policy documents provided by vendors and evaluating if they fall in line with JPM requirements.  Escalate issues associated with third parties  Work and publish metrics and reports using tools like Phoenix, Archer and MS SharePoint.  Identify opportunities for stream lining or automation of processes to deliver increasing operational efficiency.  Worked exhaustively on applications like Phoenix, Archer and MS SharePoint.  Closely work with Relationship Managers to close any open control gaps found in review conducted in timely manner.  Support internal education and best practices sharing with peers and colleagues, as well as third party education & awareness, as needed.

 On-site testing done to evaluate the effectiveness of IT General Controls for various business entities in scope for a client.  Assistance in preparation of SOX documentation involving Risk and Control Matrices and process maps, performance of Test of Design (ToD) and Test of Operating Effectiveness (ToE).  Performance of Test of Design (ToD) and Test of Operating Effectiveness (ToE) for – IT Control Environment, Change management, Program development, Operations and Access to Program and Data  End to End project experience from RFI preparation to reporting Service Organization Control (SOC) Reports:  Providing Quality Assurance support to client over controls relating to Logical and physical access, System Operations and Change Management

Support client which are global banks and financial institutes to assess risk and controls of their vendors with respect to Information Security and IT General controls.  Handled clients like JPMorgan, Standard Chartered, BNY Mellon, ICICI to name a few  Conduct onsite/offsite reviews based on risk category and requirement of the client.  The vendors were followed up for any remediation plans suggested by during assessment review.  Lead a team of 7 assessors for supporting a client  Providing regular status updates to client