Theresa A.

Kupchinski

7 Blackwood Drive
Lewes, De 19958
Cell (302)250-3076
Home (302)945-5176

EXECUTIVE PROFILE

Information Security Risk Analyst with 9 year’s experience of demonstrated success

in the planning, coordination, and execution of effective, cost efficient, technical
and business security solutions.

Skills and Experience

▪ Strategic Planning and Execution of Projects ▪ Risk Management

▪ Team Leadership ▪ Security Controls - Issues and Resolutions -
▪ Collaboration and Influencing Skills ▪ Audit Reviews and Intermediary Process
▪ Organizational ▪ Internal and External Security Assessments
▪ Disaster Recovery and Business Resiliency Mgmt. ▪ Analytical and Problem Solving
▪ Security Awareness Training
Professional Experience:

JPMorgan Chase – Newark, DE

Information Risk Analyst – July 2007 – December 2009
Responsible for the planning and coordination of Security Compliance Assessment reviews for critical
Third Parties within the Retail Financial Services sector. Review and evaluate the risk levels of issues
revealed during evalutation of Third Party.. Coordinate the review findings with Senior Management to
report on deficiencies. Effectively coordinated all additional vulnerability testing as required .Assist in
developing action plans and risk acceptances to manage potential risk exposure. Produced corporate
metrics, utilizing Excel and WEBI reporting tools, to assist management in strategic project planning.

Information Security Analyst -January 2005- July 2007

Responsible for ensuring the coordination and completion of application security reviews for existing and
new development projects, throughout JPMorgan Chase Insurance Group.
Identified and managed the Compliance Risk Assessments for all Third Parties, utilized with the business.
Conduct on going risk assessments and demonstrated a proactive approach to managing risk within the
business.
Provided Disaster Recovery, Business Continuity Planning and Sarbanes Oxley testing support, as
needed.
Provide consulting services to the business to resolve audit issues in a timely and cost efficient manner.
Provided IT Risk support and managed the decommissioning project and system disentanglement project
throughout the business turnover and acquisition process.

First Data Resources - Wilmington, De

Sr. Information Security Analyst -January 2004 - December 2004
Audit Compliance liaison working with internal corporate audit, internal business units and external audit
reviews (i.e. OCC, FDIC, and VISA). Assisted management in the development of processes and
procedures for identified non -compliance issues and coordinating the implementation of remediation
plans. Successfully closing over 100 audit issue within a 1 year period. Independently prepared Risk
Assessment project plans for all platform reviews. Perform periodic evaluations of all UNIX, and
ORACLE systems to ensure compliance of company standards
Instrumental in the completion of PCI compliance review process.

Bank One -Wilmington, De

Supplier Technology Risk- Lead Analyst- March 2001- December 2003
 Instrumental in the development of a sound information security program that identifies, measures,
monitors, and manages potential risk exposure of customer personal information.
Consult external service providers on security issues. Recommend implementation of appropriate security
and access controls. Conduct on- site Information security audits of all third party suppliers for all lines of
business across the bank to ensure the security of information systems and protection of customer personal
information.
Perform on-going risk assessment of threats and vulnerabilities surrounding networked and/or Internet
systems. Review high level network diagrams pertaining to a wide variety of system platforms, including
mainframe. Midrange and client server environments, examine data flow and transmission of the supplier
to ensure compliance with bank standards for data security. Review policies, procedures and guidelines of
the supplier and report on deficiencies in their security program. Report on any issues in need of
corrective action
Coordinate the scheduling and communication of audit findings, action plans and follow up between the
supplier and Business Relationship manager. Provide recommendations for measure available to support
and enhance the system security and security program. Research and evaluate new security products to
ensure that they meet the banks standards.

JPMorgan Chase Insurance Group – Wilmington, DE

Information Security Analyst - December 1999- March 2001
Independently responsible for monitoring existing and proposed security standard setting groups, State
and Federal regulation and regulations for internal and external staff and vendors. Administer and monitor
system access on all platform levels. Developed and implemented the Security Program, including
recommending and implementing security policies and procedures. Established and managed the security
awareness program and training for staff
Identify and address security risks and requirements for production and development environments and
provide management, staff and outside service providers with resolutions. Evaluate, test and implement
security products, including data encryption and security reporting software and recommend solutions to
multilevel security issues
Work with developers to implement security of new and existing applications and processed

Technical Support Specialist - February 1998 - December 1999

Co-Network Administrator of a Windows/NT environment operating under a Novell platform supporting
150 users
Developed technical standards and identified and deployed software and hardware upgrades. Provided in-
depth technical support to business units for project planning, documentation and implementation of
existing and proposed hardware and software

St Francis Hospital - Wilmington, De.

Management Information Systems Analyst- July 1990 - December 1997

EDUCATION:

College: Delaware Technical Community College - Information Systems Management Courses 1999-
2004

High School: Delaware Technical High School - 1980-1982

Certifications: Actively preparing for the CISSP Exam

References: Upon Request