• Manage and lead a diverse cybersecurity team of 8 individuals.• Develop and manage an enterprise security risk program. Conduct yearly security risk assessments and mature processes to effectively manage and mitigate cybersecurity risk at scale.• Develop and execute quarterly risk, audit, and compliance roadmaps, monitor progress, coordinate improvement efforts internally and externally, and assess process-improvement effectiveness.• Deploy GRC tooling, OneTrust, to help triage risks accurately. Identify, assess, monitor, and report risks to executive management. • Support documentation, review, and enhancement of the risk management standard, methodologies, policies, and operating procedures.• Design, develop, and execute an enterprise access review program. Ensure timely completion of User Access Reviews for the enterprise.• Manage & deliver various security compliance certifications such as SOC2 and ISO 27001 for all products.• Conduct related ongoing security compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions.• Deploy third party risk management tool Blackkite. Identify key vendor risks and create remediation roadmap with key stakeholders. • Support IT risk, audit, and compliance reporting via consolidated dashboards to aid in executive management decision making process. Identify and report metrics to IT leadership on a monthly basis.• Manage and deploy Drata Compliance automation tool utilizing status and accountability methods to centralize compliance control automation & unified control framework. • Design, present, and obtain business input on a Security Unified Control framework that meets FedRAMP requirements and incorporates best practices from multiple security frameworks.• Fully integrate Vendor Risk Assessment modules through OneTrust with MTTC in <2 weeks for all vendor risk assessments.

● Revise & create IT Security policies & procedures based on new certification efforts such as ISO 27001 & SOC 2.● Lead ISO 27001 & SOC 2 certification efforts. ● Collaborate with IT & Engineering staff to configure AWS cloud environment to meet certification standards including ISO 27001, SOC 2, & PCI.● Created control mapping scheme for ISO 27001 & SOC 2 for the cloud infrastructure. ● Create & manage company-wide Risk Management Program, including the creation of a Risk Matrix for categorizing company risk.● Manage the OneTrust platform for the InfoSec team. ● Engage directly with Legal, Project Management, & other key stakeholders to manage the privacy efforts for all vendors/assets to identify risky vendors.● Manage & communicate vendor risk & remediation plans to management.● Implement the Ombud GRC platform to enable a streamlined process for completing information security reviews & questionnaires of all customer requests reducing mean-time-to-close by 800%.● Create library of security questionnaire answers to be used for automation in Ombud. ● Track and remediate product vulnerabilities based on third-party pen test.

● Create and manage a new process for completing the annual PCI assessment.● Complete annual PCI assessment by engaging engineers, collecting evidence, and reviewing business practices to complete test responses.● Revise and create IT Security Policies based on current government regulations and standards such as, but not limited to, PCI, SOX, HIPAA, SOC 2. ● Review Trustwave and InsightVM vulnerability scans monthly. Work with engineers to remediate any vulnerabilities.● Successfully complete annual SOC 2 gap assessment with external auditors in order to obtain a SOC 2 certification for the company.● Conduct company-wide bi-annual user access reviews of all financial critical systems based on SOX audit requirements.● Collaborate with Internal Audit in designing four new SOX controls. Complete bi-Annual SOX assessment with external auditors using AuditBoard.● Create over a dozen detailed data diagrams displaying key business workflows for external auditors.● Manage and maintain a company-wide certification management program.● Introduce and manage the creation of an online certificate management system using ServiceNow certificate manager in order to track certificate expirations and health throughout the infrastructure.● Document and evaluate user access review processes and implement automation steps for improvement and efficiency.● Manage the creation and record of various encryption keys used for the business.● Manage SANS security awareness program and conduct regular security awareness training for the company.● Manage implementation of a new SIEM auditor tool called Netwrix. Identify critical applications for logging and monitoring and create alerts and reports for SOX logging and monitoring control.● Manage the creation of two automated processes used in the bi-annual user access reviews using UiPath.● Provide assistance in auditing internal applications for security holes and process improvement.

Revised and created IT Security Policies based on current government regulations and standardssuch as but not limited to PCI, FERPA, HIPAA, GLBA○ PCI and PII compliance● Created Data Incident Security & Recovery Plan● Managed Incident response for various security breaches and concerns within the University● Worked with third party Audit company to determine any data breaches● Introduced various remediation steps such as multi-factor authentication and single sign-on to ensure future safety of sensitive data● Nessus Scans and Rapid7 Vulnerability assessments● Reviewed and remediated any security vulnerabilities within the University network● Created IT security awareness program for Faculty and Staff● Launched a phishing campaign as well as multiple live seminars regarding relevant security topics such as: malware, ransomware, password security, tax/wire fraud, phishing and more● Configured and deployed school wide Identity finder application called Spirion○ Application to scan and detect any PII information that may be on computers owned by the University and be able to eliminate those files and documents● Deployed a school wide multi-factor authentication solution called Duo○ Worked with Duo to install/configure and implement Duo on ADFS server○ Launched a campaign to introduce MFA to university faculty/staff○ Provided multi-factor authentication guides and training to university employees● Analyzed various log files such as firewall, active directory, office 365 to determine potential databreaches

● Security Analyst & Auditing Team● Penetration Testing○ Patched client servers against vulnerabilities○ Used Social Engineering tactics to find and exploit weaknesses with client systems○ Testing client networking security against various Pen Testing tools using Kali Linux■ Intrusion Detection, Phishing Attacks, Email Spoofing, Firewall vulnerabilities, Port Security, Server vulnerabilities, SSL vulnerabilities■ Using the above vulnerabilities to gain access into client systems and documenting the process for audit reports○ Successfully implemented security patches on various domain servers○ Created audit reports with detailed explanation on the IT audit and compliance standards○ Documented industry best practices and security standards in reports for clients● Server Administration● Windows Server patching against vulnerabilities● Group Policy setup for client systems● Configuration and setup of CentOS servers as well as Windows 2008-2012 servers● Research and Dev Team Project Lead○ Lead a research project for the company which involved the creation of an ERP plugin analytic tool for E-Commerce platform Magneto● E-Commerce Team Lead○ Consulted and managed client’s launch of e-commerce website.○ Managed client’s Amazon and EBay accounts using personalized analytics as well as the analytics provided by Amazon and EBay○ Delivered various account insights on a weekly, monthly basis ○ Optimization of E-Commerce, Amazon, and EBay accounts using SEO to maximize ROI