Rahul Goel

West Orange, NJ and open for NYC, NY

Executive, Technology, Risk & Security
Successfully leading IT innovation for high-growth organizations
Accomplished global executive with expertise in technology risk, operations, business, controls, and cyber
security strategy with deep subject matter knowledge leveraged to improve operational efficiency with
minimum resource expenditures. Experienced in launching programs for technology risk & controls
management, IT security awareness training, management development, regulatory compliance & privacy,
vendor risk management, Cyber security & IT risk governance. Adept at forging solid relationships with strategic
partners with strong ability to successfully complete large-scale projects, including hands on tasks. Diverse
experience of working & dealing with stake holders & IT regulators North America, EMEA and ASIA PAC regions.
Highlights of Expertise
Digital Banking/Cryptocurrency/Wallet Cloud computing strategy
Strategic IT Risk Governance Identity & Access Management
Cyber Security Data analytics, protection & privacy
Vendor & Supplier Risk Management IT Risk frameworks & policies Business Process
Control automation/Artificial Intelligence Reengineering
Regulatory exams & Compliance Operations Management

Professional Experience
UBER (Director – Security Assurance) - San Francisco, CA Mar 2022 - Present
 Conceptualized and delivered service delivery model for cyber security organization to provide security
and compliance around the tech stack.
 Developed and rolled out a Global Cyber Security program to deliver Governance, Risk, Compliance,
and regulatory commitments.
Meta Platforms Inc. (Novi Wallet), KPMG (Director) - New York, NY Dec 2018 – Dec 2021
 Specialize in Information Protection, Cyber Security, and broad-based technology transformation and
delivery which includes designing and implementing a wide variety of technology-based security
solutions to secure digital assets.
 Conceptualized and operationalized Information Security Compliance program for Crypto based Wallet
product which included technology and business prioritized decisions in partnership with business,
technology, and operations teams.
 Strategized and implemented various business initiatives leveraging new technological developments
such as centralized ERP platforms, robotics biometric data, emerging technologies, AI in order to
improve customer onboarding, run due diligence checks and perform ongoing monitoring to help in
delivering a convenient, immediate and effortless customer experience.
 Lead various regulatory compliance initiatives (US and International 40+) such as operations,
compliance, and data protection/Cyber/privacy by developing a comprehensive risk framework and
implementing controls to ensure full compliance for crypto based wallet product.
JP Morgan Chase (Business Information Control Officer) - New York, NY Jan 2015 – Dec 2018
 Managed teams responsible for technology controls, cyber, security, and business resiliency programs
that provide services to multiple line of businesses. (Supporting ~50k end users & ~700 applications).
Provide executive level support to leaders and staff, and spearhead IT Risk, Controls, Cyber Security &
Business Resiliency programs (BCP) for business processes, applications, infrastructure, third parties
and user tools, which resulted in improving IT risk posture and strengthening the controls environment.
  Conceptualized, developed, and executed information security initiatives to boost security and
controls, focused on domain risk, identity, and access management, reducing the known risks and
improving the stability and availability of the technology environment.
 Improved the transparency of risk related to vendor utilization and giving the organization expert
guidance on engaging vendors for service delivery through a rigorous approach to managing the
controls requirements for all vendors used by the company.
 Established the 2nd line of defense risk support model across the organization to implement the risk
framework strategy and philosophy to support all business initiatives. Enhanced and optimized risk
governance among 1st and 2nd line of defense.
 Created and implemented an assessments program which improved IT risk posture and fortified the
controls environment. Introduced security programs which reduced known risks and improved
technology stability and availability.
 Reviewed, assessed, and monitored various payment systems such as Fedwire, ACH, Payment Credit
Card, SWIFT, and Clearing and settlement.
 Oversaw numerous regulatory and internal audits/MRA with a successful result.
 Strategize cloud readiness for internal and vendor computing environment.
 Ensure all businesses, applications and infrastructure have appropriate RTOs, DR/BCP documents and
resiliency tests were completed according to plan, by teaming with staff to improve business resiliency
and disaster recovery capabilities for technology functions which support ~700 applications.
 Improved IT risk governance and helped create transparency to the leadership team by putting
together a business control committee to review IT risk posture on a regular basis.
 Responsible for establishing & implementing assessment programs focused on Business processes
(RCSA), Applications, Infrastructure, Third parties & User tools.
 Recruited and mentored global vice presidents as technology control offices to support organizational
needs. Developed teams of Information Risk Managers to help support & sustain the focus Risk
management program.
 Led the Technology Associate program within JPMC including selection, training, and placements under
various lines of business.
Vice President (IT Audit Director – Capital Markets/Asset Wealth Management) Dec 2012–Jan 2015
 Led IT audit teams focusing on Information risk policies, standards, guidelines, processes and metrics
based on ISO 17799/27001, NIST, ITIL, COSO/COBIT, GLBA, 21 CFR, FFIEC, PCI DSS, Basel I&II, NYDFS,
etc.
 Planned, organized, and performed information systems technology audits, integrated audits focused
on key business processes, including applications and general controls, IT SOX Compliance, SDLC's,
telecommunications, project management reviews, pre and post implementations and LANS/WANS.
 Prepared comprehensive risk-based, long-range program of audit coverage for assigned area.
 Review and approve written internal audit reports to ensure clear communication of risks and core
audit issues and presented audits reports to senior management.
 Developed and maintained partnerships with senior executives to achieve business results, analyze
audit activities, transparency on all risk-related matters, and ensure timely assessment & escalation
 Performed technical/specialized audits of infrastructure, internet, intranet, firewalls, SAP, PeopleSoft
configurations, networks, and routers.
 Drive the bank’s regulatory ‘risk’ agenda and position as competent reliable partner vis-à-vis regulatory
authorities
 Integrated and internal controls reviews with the Financial and Operational Audit Group.
 Planned, organized, directed, and monitored internal audit operations and took staff management
responsibilities by hiring, training and evaluating staff.
Vice President (Lead Third Party Risk Director) July 2010 – Dec 2012
Led teams to manage the global operations and technology risk management framework to improve risk
posture with third party vendors.
Rolled out the third-party risk management program that created transparency of risk associated with vendors
focusing on Legal and compliance.
Managed global team to assess 3500~ legal/compliance vendors bringing decisions to closure and building
consensus through collaborations with Line of Business, regulators, and vendors
ING Clarion - New York, NY Jan 2009 – June 2010
Global Head of Information & Operations Risk, and Regulatory Compliance
Managed a coordinated and cross-discipline response team to external regulatory examinations, corporate
audit engagements and conducting diagnostic reviews for the identification and corrective action against
systemic and risk-based control deficiencies.
Merrill Lynch, Technology Risk Management - New York, NY Jan 2008 – Dec 2008
Global Head of Technology & Operations Risk & Regulatory Compliance (Vice President)
Developed and implemented a risk and control self-assessment practice, including a structured assessment
framework and methodology.
Deloitte, Audit Enterprise Risk Services - Baltimore, MD 2006 – 2008
Head of Project Risk Services (Manager)
Led audit teams focusing in SOX (302, 404), regulatory & risk compliance, financial & operations, etc. Managed
and conducted IT audits ranging from application to Infrastructure (pre & post-implementation) reviews,
Networks (perimeter & remote access) audit, Middleware (TIBCO RV & EMS, Weblogic, Grid Computing) audit,
Business Continuity & Disaster Recovery audit, Data Center audit, FTP Audit, EDI Audit, Database audit,
Windows/UNIX Security Review (Role Based Access Controls (RBAC)). Specialize in COBIT, ISO 17799/27001,
ITIL, COSO, BS 7799, regulatory compliance (HIPAA, GLBA, 21 CFR, FFIEC, JFMIP, Basel I&II), vendor compliance,
AICPA’s Trust frameworks, and Technology risk management processes.

Computer Skills
Platforms: Cloud (AWS, GCP AZURE), UNIX (Solaris, AIX, Linux), Distributed, and client server
Education
Baruch College (Zicklin School of Business - MBA), New York, US
Professional Certifications
Certified Information Systems Auditor (CISA), Payment Card Industry Data Security Standards (PCI DSS),
Certified in the Governance of Information Technology (CGEIT), ITIL V3 Certified, Certified in Risk and
Information Systems Controls (CRISC)