Jack
Blair

Serve as principal second-line risk leader for enterprise technology domains at one of the nation's largest housing finance institutions, with oversight responsibility spanning a $4.1T mortgage guarantee portfolio and critical national infrastructure. Provide independent challenge and oversight of control environments supporting system availability, SDLC, change management, incident management, configuration governance, and operational resilience.

• Lead independent oversight of technology risk and control environments across key operational domains including system availability, SDLC, change management, incident response, and resiliency.
• Assess design and operating effectiveness of technology controls, identifying gaps, weaknesses, and remediation priorities across critical enterprise systems serving national mortgage markets.
• Conduct risk-based reviews aligned to NIST 800-53 control families with focus on strengthening control execution, documentation, and sustainable operational discipline.
• Advise executive leadership and the Board on material technology risk themes, control effectiveness, and operational exposures impacting resilience, service delivery, or compliance outcomes.
• Monitor and report on technology risk trends, issue remediation, and control maturity improvements for senior management and governance audiences.

Served as lead cybersecurity risk manager responsible for overseeing cyber and technology risk operations, compliance with applicable regulations, and managing adherence to enterprise policies and risk tolerances across one of the most scrutinized financial institutions in the country.

• Subject matter expert in cybersecurity risk oversight — independently evaluated information security risk domains and conducted design and operating effectiveness assessments of cybersecurity processes.
• Served as independent cybersecurity advisor, informing Board and Senior Leadership of emerging threats including social engineering, vulnerability exploitation, and lateral movement / insider threat risks.
• Oversaw cybersecurity risk reporting and escalation frameworks supporting enterprise risk governance and regulatory examinations.

Served as lead technology risk manager for a critical national financial market infrastructure firm, responsible for risk and control compliance across an enterprise-wide technology portfolio spanning information security, cybersecurity, cloud infrastructure, access management, business resiliency, and disaster recovery in a cloud-native application environment.

• Directed full-cycle risk and control management including control testing oversight, issue management, KRI/KPI monitoring, and compliance reporting to executive and regulator stakeholders.
• Managed cloud-native technology control environment covering AWS and Azure infrastructure with supporting GRC tooling and automated compliance monitoring.
• Served as primary point of contact for regulator engagement on technology risk matters, coordinating examination responses and ongoing supervisory communications.

Led and supported IT compliance, IT controls, audit readiness, and risk management engagements for Fortune 50 financial services clients and large U.S. intelligence agencies. Served as Senior Consultant and acting Manager specializing in IT compliance, with additional responsibilities as project manager for technology control and risk management engagements supporting multiple large U.S. intelligence agencies. Top Secret security clearance with Counterintelligence Polygraph.

• Performed assessments of IT General Controls, application controls, and financial systems control environments, evaluating control design, operating effectiveness, and remediation needs for major financial institutions.
• Supported SOX-aligned and pre-IPO readiness efforts — strengthening control documentation, testing rigor, and sustainability of audit-ready environments for Fortune 50 clients.
• Conducted risk assessments across complex systems and business processes to identify control gaps, rationalize control activities, and improve compliance posture.
• Managed cross-functional workstreams involving technology, security, finance, and business stakeholders, translating technical control issues into actionable leadership recommendations.
• Led technology control and risk management engagements for multiple large U.S. intelligence agencies under TS/CI Poly clearance, supporting audit strategies for complex financial and operational systems.
• Managed oversight considerations tied to third-party service providers and SOC reporting for major financial services clients.

IT and financial management consultant for financial institution clients on enterprise risk management, IT risk, audit readiness, and process improvement — working directly with executive banking leadership.

• Performed assessments of IT and business process control environments, identifying gaps and supporting audit readiness and governance effectiveness improvements.
• Worked with executive stakeholders to assess control environments and identify opportunities to improve governance, compliance, and operational efficiency.

IT and financial management consultant supporting audit readiness, enterprise risk management, and business process improvement engagements for federal and public sector clients.

• Designed, implemented, and tested internal controls over financial reporting and financial systems in support of audit readiness and control environment maturity.
• Evaluated IT-dependent and application controls, identified control deficiencies, and developed recommendations to improve technology control effectiveness.

Supported program management, budgeting, and financial analysis for highly complex national security aerospace development efforts within Lockheed Martin's Advanced Development Programs. Supported implementation of a large-scale, air-gapped SAP ERP environment, helping align financial management, business operations, and system deployment within a secure mission environment.

• Developed and maintained budgets, forecasts, and spend plans supporting leadership decisions across complex national security development activities.
• Performed cost, variance, and planning analysis supporting program reporting and resource alignment.
• Supported deployment of a secure, air-gapped SAP ERP system, coordinating financial management and operational activities within a classified program environment.