Skip to content

Information Systems & Third-Party Risk Management

Support your institution’s resilience with independent IT audits and smart, scalable risk oversight.

Contact Us

Hero Banner

Proactive IT and Vendor Oversight for a Regulated Environment

Financial institutions face mounting pressure to prove that their IT and vendor risk programs are secure, compliant, and well-governed. Whether you're preparing for an exam or strengthening your internal controls, Saltmarsh helps you meet regulatory expectations with clarity and confidence.

We deliver thorough, independent assessments of your information systems and vendor risk practices. Our team combines deep technical expertise with a clear understanding of what regulators expect, helping you meet compliance obligations while strengthening your security posture.

A Dual-Lens Approach: Technology + Industry Insight

Saltmarsh’s Financial Institutions practice lives at the intersection of the banking industry and the technology world, pairing deep industry knowledge with technical expertise. 

Our team understands the tools, frameworks, and threats that shape today’s IT landscape, and we also understand the pressures facing banks, credit unions, trust companies, and fintechs. That means we don’t just test your systems: we evaluate your governance, help you prepare for regulatory exams, and uncover opportunities to reduce risk across your operations.

IMG_3056

Explore More Services:

Banks
Credit Unions
Fintechs
Regulatory Compliance
Internal Audit
FDICIA 363 Consulting & Readiness
Credit Quality Reviews
ACH Reviews & Risk Assessments
BSA, AML, OFAC, and CFT
Fair Lending & UDAAP Risk Reviews
CRA Services 
Asset Liability Management Review
Information Systems & Cybersecurity Audits
Trust Operations & Fiduciary Responsibilities
Advisory, Training, and Coaching
 

 

Our Services

Effective model risk management requires more than checking boxes. At Saltmarsh, we deliver thorough, regulator-ready reviews that go beyond validation to provide actionable insight. Whether you’re responding to exam findings, changing vendors, or enhancing governance, we offer support tailored to your institution’s unique structure and strategy.

Information Systems Audits

Comprehensive IT governance reviews to assess policies, access controls, procurement practices, change management, monitoring, and more.

Vulnerability & Penetration Testing

Simulated internal and external attacks designed to uncover potential weaknesses in your infrastructure, backed by actionable reporting.

Social Engineering & Phishing Testing

Assess how well your staff and systems respond to deceptive attempts to gain access or information.

 

Third-Party Risk Management Reviews

Evaluate how you onboard, monitor, and manage vendors and ensure alignment with FFIEC, OCC, and other regulatory expectations.

Framework-Based Risk Assessments

Reviews tailored to frameworks like NIST CSF or custom programs built around your operating model.

Board and Management Reporting

Clear summaries and visual reporting to help leadership understand current risks, gaps, and priorities for improvement.

 

People and Practices. The team is well trained, knowledgeable, experienced, accessible, and demonstraates good communication skills. Fieldwork, deliverables and presentations are first class. Our team at the bank always has good dialogue with Saltmarsh, and we learn something with each engagement.
Piedmont Federal Savings Bank NC

Beyond the Checklist: The Saltmarsh Difference

A strong audit tells you more than whether you passed. It tells you where you stand and where to go next.

Our focus isn’t just on delivering high-quality reports, it’s also on giving our clients the context and clarity they need to act on them. Our team understands the banking ecosystem and the technical landscape, so we can bridge the gap between IT teams and executive leadership.

Clients choose Saltmarsh because:

  • We understand what examiners look for and how to prepare.
  • We stay independent, offering honest insights without trying to sell implementation work.
  • We’re responsive, thoughtful, and focused on long-term relationships.

Meet the Team

Saltmarsh’s Information Systems and Risk Management specialists bring a unique mix of technical acumen and financial services knowledge. Each engagement is led by experienced professionals who understand the systems you use and the standards you’re held to.

Helms-Macbeth, Stephen

Stephen Reyes, CISA, CISSP

Shareholder

Stephen is a shareholder and leader of Saltmarsh’s Information Technology Services practice. With over 30 years of experience, he specializes in IT compliance, security audits, and system consulting for financial institutions. He holds multiple industry certifications, including CISA, MCSE, and CCNA.

Keith, Jason

Jason Keith, CIA, CISA

Senior Technology Risk Consultant

Jason is a senior technology risk consultant with 18 years of experience in financial institutions. He specializes in technology solutions and has served in roles spanning compliance, lending, operations, audit, and IT leadership.

Fyda, Charlene

Charlene Fyda, CISA

Senior Consultant

Charlene is a senior IT consultant with over 22 years of experience in financial services. She performs information security reviews and supports vulnerability assessments, drawing on her background as a former bank network administrator and her specialized certifications.

Maricelli, Michael

Michael Maricelli, CIA, AAP, CISA

Senior Consultant

Michael is a senior consultant with over 14 years of experience in financial institutions. He specializes in information security, Nacha compliance audits, third-party risk, and online banking assessments, with a background in lending and internal audit.

Let’s Talk

Whether you need a one-time IT audit or a comprehensive review of your vendor oversight program, we’re ready to help. Contact us today to start a conversation with our Information Systems and Risk Management team.

Let’s talk about how our team can help strengthen your risk management processes and support your institution’s long-term strategy.

Insights

Stay Up To Date with the Financial Institution Industry

Join our email list for banks or credit unions to receive quarterly insights and information on upcoming events from our team of experts to help you succeed in this ever-changing environment.

Banks    Credit Unions