Chuck Barbee

Experience

• 

  US Army

  May 1985 - May 1990

  Commissioned Officer

  Field Artillery Officer, 1/35 FA and 1/41 Field Artillery

• 

  Morgan Stanley

  Oct 1990 - Sept 2012

  Assessed applications for compliance with regulatory and firm policies, standards, and procedures covering the following areas: Information Security; Change Management; Disaster Recovery; Incident and Problem Resolution; Data Retention; and Systems Development Lifecycle.• Developed risk based assessment program, conducted substantive evidence gathering sessions to measure control effectiveness with Technology personnel (including management and support staff) and summarized results of assessment.• Prepared management reports for review and sign-off for over 125 applications.• Improved efficiency and effectiveness of technology risk assessments by implementing metrics and dashboard. This centralized assessment findings tracking and remediation process streamlined management reporting and issue tracking, follow-up, and escalation for over 3500 issues identified in assessments. Monitored project progress for issue remediation.• Assisted in providing advice and support to senior technology systems owners throughout Institutional Securities and Asset Management departments. o Communicated firm and regulatory policies regarding the Firm's Technology Risk and Information Security requirements for new systems (~ 500). o Assisted with annual compliance and re-certification of in-scope systems (~ 2000+). o Assisted in review of external client facing systems to ensure compliance with Information Security Policies. o Assisted with gathering information for regulators during regulatory exams/inquiries/sweeps.• As the Subject Matter Expert for the team, reviewed policies and standards including Disaster Recovery, Authentication, Authorization, and Audit Trail, Change Management, Data Management, and Data Security to ensure certification process complied with current Firm requirements as well as FFIEC guidelines. Show less SA CoordinatorSenior member of team that coordinated expansion of Sarbanes Oxley controls program to critical technology applications. Coverage included Company, Investment Management, Enterprise Data, Retail Brokerage, and Investment Banking.• Executed extensive analysis of application base to identify potential in-scope applications.• Negotiated with senior management and colleagues who owned potential applications to confirm and agree to application inclusion into the project.• Assisted with management reporting to track progress of initiative to date.• Responsibilities included both front office and back office groups at the firm. Show less SOX CoordinatorSenior member of team that coordinated IT SOX response across all business units to ensure compliance with Sections 302 and 404 of the Sarbanes Oxley Act of 2002.• Coordinated IT SOX response across Company, Asset Management, Enterprise Data, and Retail Brokerage business units for the firm.• Ensured timely response to questions and concerns while serving as the point of contact for external auditors.• Merged Retail Brokerage IT onto the centralized IT SOX process with E&Y consultants. Show less

  • Vice President - New Applications Certification

    Jun 2008 - Sept 2012

  • Vice President - Sensitive Applications Team

    Jan 2007 - May 2008

  • Vice President - IT SOX Team

    May 2005 - Dec 2006

  • Multiple

    Oct 1990 - May 2005
• 

  Citi

  May 2013 - May 2014

  Consultant – Application and Technology Business Continuity Risk Team

  Assessed applications for compliance with regulatory and firm policies, standards, and procedures covering the following areas: business recovery, application recovery, data recovery, technology infrastructure recovery and supplier / vendor recovery as part of a holistic approach to continuity risk management and business resiliency. • Developed process to execute reviews for Franchise Critical Applications. • Conduct Business, Application, Data, and Infrastructure risk assessments.• Document gaps and present summary to senior technology management.• QA check reviews to ensure compliance with program guidelines and standards.• Confirm remediation plans address the risk identified in the gap before closure.• Produce and improve management reporting used by senior Citigroup technology management and internal / external regulators and auditors.• Train, develop and manage new team members.• Gather and vet information for use in OCC Reviews. Show less

• 

  JPMorgan Chase

  Jun 2014 - Nov 2014

  Consultant

  Senior member of team member tasked with the build out of the compliance function the organization.

• 

  JPMorgan Chase & Co.

  Jan 2015 - Nov 2021

  Provided oversight and coordination for multiple long-duration action plans, creating best practices forums where owners could ask questions and leverage best practices. Executed Personal Account Dealing recertifications, creating procedures and job-aids to improve process execution time. Managed and coordinated work initiatives within a Data Ecosystems team, including Issue and Action Plan Management and Application Control and Risk Assessments.Managed and coordinated planned and unplanned work initiatives within an IAM team, including Risk and Control Self-Assessments and Access Management Audits. Led team tasked with the governance and standardization of the Control Self Assessments process for Infrastructure Platforms and Tools across a line of business.

  • Vice President

    Dec 2019 - Nov 2021

  • Vice President

    Jan 2015 - Nov 2019
• 

  Charles River Development

  Aug 2022 - now

  Assistant Vice President - SOC Coordinator

  Leading coordination efforts with internal and corporate groups and external auditors to help ensure proper control walkthroughs, population and evidence submission, follow-up of outstanding questions, and Points of Focus (PoF) coverage throughout the process as well as providing support to the corporate reporting organization for production of the final report.