• Document, communicate, and consult on enterprise Information Risk Management policies, processes, procedures, standards, and requirements• Provide executive level reporting and summarization of IGRC program• Enhanced and maintain enterprise document management systems• Develop strategies to address security awareness and training across a global enterprise including remote staff and geographically separated locations - year around and with extensive Cybersecurity Awareness Month program• Perform exception management activities related to enterprise policies and directives• Interface and interact with business leadership to include Legal, Compliance, IT, and Operations

Helped ensure the successful execution of enterprise-wide Security programs and projects• Owned the security program’s roadmaps for the 25+ person department and communications to disseminate throughout the organization• Drove forward and matures security programs, such as vulnerability management, application security, service and privileged account management• Managed information security projects and procurement from inception to successful completion, fully understanding the purpose of projects, technologies, and their value-add to the organization• Worked in tandem with the CISO, information security management, and other technology leaders on financial planning and analysis and additional fiduciary responsibilities, including identifying reductions within the original $11M budget• Defined and compiled key performance indicators (KPIs) and metrics that align with business initiatives and are deliverable to non-technical individuals• Promoted a strong security culture organization-wide via training assignments, communications, and internal phishing campaigns, resulting in a decrease in the phishing click rate from between 28% and 18% (in 2019) down to under 10% in recent quarters plus an increase in reporting via the phishing button

Responsible for security operations – the tools, their maintenance and maturity, their program and procedures documentation, and event/ incident response• Matured and maintained the security operations program supported by a team of four, including high-quality tools for security information and event management (SIEM), endpoint protection, email security, phishing awareness training, web content filtering, web application firewall, and threat and brand intelligence, including program documentation development• Managed the deployment of two SIEMs (including over 20 log source types, hundreds of analytics, and their tuning) and the threat and brand intelligence tool (including eight watch lists and 50 alerts)• Owned vendor relationships for all Security Operations’ tools plus the incident response retainer – including negotiation of terms and costs, onboarding, and ongoing coordination• Redesigned the Information Security Policy and supporting security standards (including but not limited to the Cybersecurity Incident Response Standard) by revising existing documents and creating new standards for historical control gaps prior to the establishment of the IT Risk Team• Established and maintained the Cybersecurity Incident Response Plan to provide a foundation for guiding responses to a real or perceived incident impacting computing assets, data, or networks from preparation through lessons learned• Developed the Cybersecurity Crisis Management Plan, which provides a framework for enterprise wide, strategic management of a cyber-related crisis, and annually coordinated a simulation exercise to identify subsequent plan enhancements• Collaborated closely across IT to identify security risks and drove assigned risks and audit findings to thorough closure ahead of schedule• Executed security operations strategy while staying on budget ($3.5M)

Designed, articulated, and governed security policies, standards, processes, and procedures at the corporate entity• Collaborated with senior business leaders to appropriately protect and risk assess information technology decisions relative to company and shareholder objectives• Designed and directed security operations program and team that drives accountability and quality to properly govern information security, including continuous Security Operations Center (SOC) monitoring• Negotiated $500k annual contract to transition managed security service providers• Maintained state-of-the-art security software solutions including the acquisition, deployment, and contract negotiations with vendors• Established, monitored, and enhanced the vulnerability management program resulting in the elimination of over 14,000 critical and high vulnerabilities (99% reduction) and consistently meet SLA of addressing all such vulnerabilities within 30 days of release• Redesigned and oversaw the security risk assessment process to provide visibility for senior leadership on all exceptions and identified gaps with security policies and standards• Partnered with and influenced cross-functional teams to ensure successful implementation of security strategies and architectures to all applications and infrastructure• Executed security operations strategy while staying on budget for a $2M P&L

Led Alliance Data Corporate’s Global Audit team in charge of technology, financial, and operational audits including Information Security, SEC reporting, T&E, FCPA, Ethics, and Data Governance audits• Engaged and influenced 20+ Corporate senior leaders on a quarterly basis to guide audit plan development and risk management activities• Analyzed business processes and controls to identify risk areas to be considered for audits that could increase effectiveness and efficiency of operations or reduce risk• Planned and performed financial, operational, and technology audits to deliver executive reports to the Board of Directors on time and under budget• Consulted senior leadership to efficiently respond and remediate audit observations to successfully improve controls, efficiency, procedures, and policies• Conceptualized and executed the department-wide internal quality assurance reviews and managed the external quality assurance review• Implemented the company’s first continuous audit for identifying risks and issues with travel and entertainment expenses, resulting in the recoupment of $5k to $25k excess charges quarterly • Department Chairperson for annual planning conference, uniting a department of 30 from five locations to plan and train for the upcoming fiscal year

Consulted on identity and access management and tested controls as a part of external audit and outsourced internal audit• Led multiple engagements for global enterprises with budgets ranging from $250K to $1.2M and delivered on time and on budget• Increased services revenue from $320K to $1.8M in fourteen months while supervising up to eleven project resources• Built a standardized role-based access control (RBAC) security model to manage Active Directory (AD) and mainframe (RACF) access • Developed and implemented role governance processes to support account access lifecycle for a Fortune 10 enterprise• Managed onshore and offshore resources to deploy an identity and access management solution and the service automation of client’s access request system, including requirements and design documentation, testing coordination, and implementation• Chairperson of Deloitte’s inaugural Identity and Access Management conference with 100+ attendees• Designed and performed general IT and business controls testing for energy sector companies, including testing technology infrastructure, datacenter, applications, database, change management, physical security, business continuity and disaster recovery, and IT operations controls testing

• Assisted the students, faculty, and staff at the university with their information technology questions in person and via phone and email• Preformed operating system reinstalls, virus removals, and other software related support and administered hardware diagnostic tests

• Helped organizations identify and manage both risks and opportunities to enhance business performance, fortify controls, and improve corporate governance• Examined records, documenting observations for the clients in a team of 2 to 15• Communicated with and interviewed clients at various levels