Worked with clients to assess their privacy and compliance risks and to define strategic and tactical privacy initiatives that will help meet the varied requirements of GDPR, CPRA, CDPA, PIPEDA, LGPD, HIPAA, GLBA, etc.

Secure Compliance Solutions is the trusted security advisor for Chicagoland’s small-to-mediumbusinesses. We offer a variety of services that promote a strengthened security posture and a culture of compliance. Our solutions include: risk advisory services, strategic cybersecurity planning, security and privacy awareness, regulatory guidance, penetration testing, and managed security services. We tailor our engagements and solutions to align with your cultural needs and business objectives; not the other way around. We keep your appetite for risk, budget constraints, and timeline in mind to define strategy and operational tactics that maximize your return on investment. At SCS, we champion a Strategy of Readiness and Resilience. Our core services:• Interim External CISO and CISO Advisory Services• Information Security Strategy – Road Map, Architecture and Streamlined Program Development and Governance, Risk and Control Implementation• NIST CSF and 800 series, FISMA, ISO 2700x, COBIT, HIPAA, PCI DSS and GDPR compliance – we know how to get you compliant• Cybersecurity Risk and Privacy Impact Assessments• Policy, Standards, Plan and Procedure documentation• Self-assessments and preparation for 3rd party and client audits • Security and Privacy Awareness Training curriculum and delivery• Innovative and cost effective technical solutions to protect your information assets:• Penetration Testing• Access Control in line with organizational risk• Identity and Authentication – including multi-factor authentication• Firewalls, IDS/IPS, Network and Systems Monitoring• FIPS-compliant encryption and PKI solutions • Data Center Planning, Design and Implementation • Managed Security Service Provider

Process and governance-driven IT and Information Security Executive. Directed and aligned enterprise programs with security compliance and risk mitigation initiatives critical to achieving revenue cycle goals, while protecting ERS’ information assets and technologies, in a highly regulated environment. • Chaired ERS’ Information Security Task Force; responsible for oversight of security program and the handling of security-related incidents.• Authored and continuously maintained system security plans, policies, risk assessments, processes and IT Governance controls to ensure adherence to NIST 800-53, PCI-DSS, TCPA and other data privacy and regulatory standards.• Facilitated 3rd party assessor, QSA and client security audits; Designed ERS’ audit tools & conducted vendor/partner security assessments. Managed programs to remediate findings and maintain optimal security. Served as the security SME for all client RFPs and information requests. • Developed and delivered semi-annual, company-wide Security Awareness Training. • Led application development and infrastructure initiatives to automate workflows, enable analytical decisions, and minimize security vulnerabilities and threats.• Implemented a regulatory compliance management framework and designed enabling governance processes to support ethical operations and successful CFPB examination results. • Executed the vendor management process: contract negotiation, performance monitoring and ongoing assurance of compliance to laws and security controls.• Drove all Business Continuity / Disaster Recovery efforts; Author of contingency, recovery & continuity plans; Managed alternate site relationships and coordinated DR testing; Conducted BC/DR training. • Directed activities related to facility infrastructure and security controls • Facilitated annual business growth from $13M to $92M with a 35% EBITDA in just five years. Controlled annual $4M budget and led 40-person organization.

Managed a call center migration project, including all facilities planning, vendor coordination, IT infrastructure and systems integration.Currently managing an IT process assessment and IT strategy development project to improve overall service in support of significant forecasted growth for a collections company, based on IT Service Management and Project & Portfolio Management best practices. Implementing initial processes... Change Management, Portfolio Management and Incident Management. Defining IT roles and responsibilities as well as performance management practices and key operational metrics.

Responsible for development and delivery of Project and Portfolio Management (PPM) solutions for this IT Service Management consulting firm. Created and managed all PPM intellectual property, including process guidebooks, marketing materials, whitepapers, training materials and templates for use in PPM and governance related work. • Formulated strategy for converged IT Service Portfolio Management, integrating PPM, ITIL, ITAM and outsourcing best practices• Led & participated in client engagements to implement Project and Portfolio Management & IT Service Management• Published whitepaper on PPM Tools assessment, selection and implementation in PMI’s Virtual Library

Led a Clarity PPM implementation and associated process development for the new Nuveen PMO.

Managed 200+ internal, 3rd party and offshore Associates across three cross-functional enterprise software delivery project teams; responsible for $12M in software development and regulatory compliance program budgets.

Designed and executed PMO standards, procedures, and metrics; implementing Clarity project and portfolio management (PPM) software; drove project management and SDLC process adherence; led Sarbanes Oxley compliance efforts in IT/Systems; implemented standard IT governance systems and reporting infrastructure; managed outsourcing transition program.

Managed projects, programs and organizational changes; monitored operational activities; developed metrics, policies and processes; created training materials and facilitated training; wrote long and short tem departmental budgets.

Directed IT program and knowledge management, systems and infrastructure development, process design, research support, vendor selection and negotiation.