Information Technology and Security Services

Share Article

Strategic Risk Associates (SRA), a leading financial services consulting firm, announces the launch of the Information Technology Services division.

Strategic Risk Associates (SRA), a leading financial services consulting firm, announces the launch of the Information Technology and Security Services division to help client banks and financial service companies address technology strategy, cybersecurity, IT audit/control, process assessment and development, and governance services. SRA’s Information Technology and Security services will help organizations optimize their technology by improving operating effectiveness, efficiency and internal control.

Brian Parker, Senior Managing Director, is leading The Information Technology and Security Services division and brings over 20 years of cybersecurity and IT consulting experience having served many leading global companies as the Executive Partner, Technology, Security and Risk Management with IBM and previously Partner, Technology Risk Management, Security and Privacy at Deloitte. Parker and the SRA staff specialize in front and back office technology transformations, with an emphasis on security and privacy risk, IT functions and services, applications, and infrastructure that drive efficiency and capability for the business. “The SRA team advises executives on developing innovative processes and solutions in analytics, cybersecurity, privacy, counter fraud & forensics, enterprise risk, audit, compliance, mobility, cloud, and others to effectively manage the content and data needed to run the business, monitor transactions and mitigate risks,” Parker said.

The SRA Information Technology and Security Services team is experienced and prepared to assist client organizations with the challenges associated with the effective management of technology to mitigate threats and risks. SRA works with clients to assess, design, develop and implement a broad array of internal controls tools and technologies to manage and protect the organization in the following areas:

Cybersecurity Strategy & Assessment – Is the Environment Secure?

Institutions are continuously challenged by threats that expose the organization to unauthorized system access, theft and unlawful transfers, disclosure of sensitive or private information (both corporate, customer and business partners, etc.), interruption of business, reputation risks and competitive trade secrets. Such threats put at risk the technology of the business, and the core business functions. SRA performs independent assessments to address these risks and provide guidance to proactively prepare for and remediate regulatory requirements of the FFIEC, OCC, CUNA, Sarbanes-Oxley, etc., and apply standards established by ISO 27002, NIST Cybersecurity Framework, SANS 20, FISMA, FIPS and other leading practices and cybersecurity methodologies. SRA helps organizations ensure compliance, remediate issues, and ultimately reduce the threat of cyber risk and threat exposure.

IT Audit Services – Is the Environment Compliant?

The requests of internal and external audit organizations place demand on internal resources responsible for establishing and sustaining internal controls in all functional areas with an increased emphasis on systems, application and process control. SRA helps organizations prepare for audits and examinations with the highest degree of confidence by performing full-scope or targeted reviews to determine the appropriateness and effectiveness of internal controls supported within the technology environments. Reviews can address datacenter environments, complex ERP applications and information security within applications, databases and network infrastructure; and other operational challenges impacting technology such as disaster recovery readiness, asset management and critical IT governance. Additional services include fraud prevention, detection, investigation and forensics. SRA’s approach conforms to regulatory requirements such as FFIEC, OCC, CUNA and Sarbanes-Oxley, etc., and applies standards such as ISACA’s COBIT, The IIA’s CBOK, PMI’s PMBOK, ITIL, PCI and other leading practices and cybersecurity methodologies. SRA helps clients build and sustain effective internal controls and address audit requirements on a proactive basis.    

IT Process Assessment and Development – Is the Organization Ready?

Organizations are challenged by processes and procedures supporting core business activities, and published governance documentation is often overlooked, inadequate or outdated. SRA helps the organization design effective and efficient processes that incorporate cybersecurity and audit related control requirements. SRA has extensive experience in developing documentation that graphically illustrates key process flows from inception to completion, clearly describes each process step and references the process to policies, standards, procedures and controls practices by the IT organization. Properly designed processes and supporting documentation facilitate regulatory and audit efforts resulting in reduced audit fees and greater confidence in the overall control environment. Clear, accurate and current process documentation has been proven to ensure better communication, compliance with process controls, improved completion and retention of process artifacts and greater acceptance of process standards throughout the organization. If individuals understand what is expected of them, they are more likely to comply and be held accountable. SRA also assists the organization with training and developmental efforts. SRA helps clients add clarity, eliminate ambiguity, educate responsible parties and ultimately satisfy cybersecurity and audit requirements.

Remediation Assistance - Is the Organization Making Progress?

IT organizations are challenged to ensure that timely and substantive remediation follows in response to regulatory and audit recommendations. Organizations that do not respond in a timely or appropriate manner are at risk for repeat findings, fines or penalties. SRA helps organizations design, test and implement corrective actions capable of satisfying regulatory and audit requirements. SRA is familiar with the daily challenges of sustaining a rigorous IT operation while meeting the demands of regulators and auditors. SRA works with the organization’s management to properly scope, plan, design and implement corrective actions that meet the recommended requirements. Where necessary, SRA assists with training and implementation efforts. In addition, SRA assists the organization with periodic independent reviews to ensure compliance with existing process controls, governance and remediation efforts implemented. SRA helps organizations ensure that corrective actions are effective, compliant and implemented in a timely manner.

General IT Strategy & Assistance – Is the IT Organization Operating Effectively and Efficiently?

Organizations often struggle with technology and process controls and determining their overall effectiveness and efficiency. Whether processes and technology are existing, new or enhanced, opportunities exist to improve overall competency, compliance and effective use. SRA conducts technology and operational assessments designed to help organizations with challenges related to project management, change control, ERP implementation, datacenter performance, physical security, environmental control, attack and penetration, threat monitoring, capacity planning, security administration, database administration, disaster recovery planning, high availability backup options and other areas where the implementation of cost effective best practices can help reduce cost, streamline the operation and enhance the overall control environment. SRA performs general or targeted assessments, makes recommendations for improvement and assists with efforts to implement new or improved technology, processes and controls. SRA helps organizations strengthen, simplify and improve the IT operation to better serve the current and future technological needs of the company.

About Strategic Risk Associates

Strategic Risk Associates is a national consulting and advisory firm specializing in the banking and financial services industry in the areas of Information Technology Strategy, Risk, and Security; Enterprise Risk Management; Merger and Acquisition Due Diligence; Internal Audit; Bank Integration; Credit Risk Management including Loan Reviews, Stress Tests, Credit Training, and Process Improvements; Regulatory Support for Bank Exams, MOUs, and Enforcement Actions; Management and Board Assessments; Strategic Plans; Capital Plans; and Board of Director Training, Succession Plans, and Staff Augmentation. SRA leaders have direct banking, specialty finance, and regulatory experience.

SRA provides a full scope of Information Technology and Security services (from assessment and improvement roadmaps; to remediation, implementation and operations) to help companies improve their technology risk profile. For more information on SRA’s Information Technology and Security services please contact:

Brian Parker, Senior Managing Director
Information Technology & Security Services
3420 Pump Road, PMB 130
Richmond, VA 23233
Phone: (804) 690-9645
Email: bparker(at)srabank(dot)com

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Brian Parker
Visit website