Documente Academic
Documente Profesional
Documente Cultură
201-638-2737 brent.potter@outlook.com
https://www.linkedin.com/in/brentjpotter
Application Risk Management: Designed and implemented Mandated FFIEC assessment program for Morgan
Stanley, initiated a pilot to refine and implement the program. Received executive sponsorship for this endeavor,
across technology groups and risk management. Resulted in Firm compliance, improved risk posture and customer
confidence. Data currently being used for the 2016 FFIEC Cyber Security readiness review.
GRC Custom Implementation: Designed and managed the customization of the Archer GRC dashboard for Morgan
Stanleys C-level executive team. Participated in the analysis and customization of other reporting features that
incorporated network and application security components.
Strategy Development
Executive Planning
HIGHLIGHTED ACCOMPLISHMENTS
2000-2016
2010-2016
Lead a team of Technical Professionals located in New York and Manila, providing vulnerability management oversight and
process efficiency. The team is responsible for daily monitoring of the VeriSign security feed, penetration program output
and Qualys scanning results. Review and security controls assessment is performed to determine environment impact
and a risk rating/priority is assigned. This is through interaction with our Asset Inventory and common CVSS scoring.
Asset owner is notified with a timeline for remediation. Initiated weekly follow up using our GRC dashboard to verify that
issues are being actively addressed and remediated, through team work and intergroup governance.
Provide security and application process services, including GRC reporting customization and security testing platforms.
Conduct ongoing process and implementation improvements while focusing on expediting mitigation efforts.
Analyzed overall company security vulnerabilities and responded with action plans for expediting time-to-live
and vulnerability process management. This improved the company security posture which enhanced our
Regulatory standing.
Provided input for new vendor tools, automation and security feed enrichment while developing and maintaining
vendor relationships- this improved the effectiveness and efficiency of the program.
Conduct Asset Management reviews of company network and application portfolio based on Asset Risk Ranking.
Company testing program was structured and built around the risk ranking effort to address security risk and
compliance initiatives which improved company risk posture and protection of the Firm brand.
Provide Penetration Testing program guidance and uniformity which improved program effectiveness.
Provide program management and reporting services to upper management, identifying major risk remediation
themes and compliance concerns/impact - this aligned and improved remediation timelines.
201-638-2737 brent.potter@outlook.com
2006-2010
Established and managed the Global Entitlements Solutions Operations team. This strategic and tactical group operated
and managed the global platform that consisted of all in-house and vendor products including the Aveksa Entitlement
Management platform. Maintained budget responsibility for capital and operational services.
Led all strategic discussions with multiple business units and system groups within the company.
Participated in SOX controls implementation through the Firms Risk Control Framework.
Created a global portal that provided strategic operational alignment and continuity among all corporate
business units for assets under review.
Participated in security audits, assessed regulatory requirements, and provided guidance on discovery for
remediation.
Chaired RFP and vendor selection for commercial entitlements review platform. Ensured that SLAs and
performance metrics were being met for internal customers as well as vendor support.
2005-2006
Led company selection and implementation for the strategic messaging compliance archive. Managed team that
delivered the review process and determined the best solutions available while working with legal group to ensure
requirements were satisfied in the recommended solution identified.
Served as primary catalyst for determining the best solution for a strategic messaging compliance archive that
contained budgetary and policy requirements.
Managed the RFP process and vendor relationship during pilot phase. Negotiated contracts and determined SLAs
necessary for successful implementation and service and addressed Regulatory and Compliance objectives.
2000-2005
Acted as lead
Led an international desktop engineering team to support and deploy an enterprise-wide security program built
around specific messaging applications. Delivered long-term strategy and execution plan by conducting key
stakeholder interviews, documenting as-is state, developing conceptual to-be, and distilling strategy into
features/requirements.
ADDITIONAL EXPERIENCE
JP MORGANCHASENew York, NY
1997-2000
1986-1997