Infinitive used a cross-referenced, blended framework consisting of industry standards and best practices to evaluate risks and controls for 25 processes, identify and validate issues, and address deficiencies in its portfolio of controls. Our team engaged with associates at all levels of the organization to drive cross-functional collaboration, address risk management imperatives, strengthen governance and monitoring, and establish action plans to remediate gaps in operational processes and oversight. Specifically:
- Leveraged industry standard frameworks (NIST 800-53, NIST CSF, FFIEC) and Cloud-related standards (FedRAMP) to complete a deep-dive evaluation of 25+ processes.
- Developed, implemented, and managed a controls inventory for the Bank’s cloud operating environment to track and report on the lifecycle of gaps from identification through closure.
- Designed and developed control implementation plans to address operational gaps in the bank’s identity and access management (IAM) program.