Oversee Product Security through Vulnerability Management (VM), Penetration Testing (PenTest) and Application Security (AppSec) functions.Lead a team of 13 employees consisting of 6 direct individual contributors and 1 manager with 5 direct reports.Cultivate and maintain a strong business and IT partnerships to advance the security posture of Paychex through strong cyber hygiene, security best practice, and innovative new security technologies. Identify key security gaps/opportunities, execute work prioritization, and conduct executive-level reporting in close collaboration with peers and leaders inside and outside of the Enterprise Security Organization.Collaborate on quarterly enterprise security updates for chief executive officer (CEO), chief financial officer (CFO), and chief legal officer, as well as the security governance council and the Audit Committee.Act as a business information security officer (BISO) for one of the subsidiaries to communicate security efforts and assist with prioritization into roadmap.Championed and guided the AppSec Team in creating and executing a multi-tiered security training program for developers.Contribute to the facilitation of key security initiatives to promote continued forward progress of the company's security posture.Sponsored a multi-year project to improve vulnerability management practices, including enhanced patching frequency, enrollment in automated patching workflows, and expanded authenticated vulnerability scanning on servers/hosts/endpoints.Led a team in charge of reviewing, executing a technical POC, gaining alignment, and onboading a NextGen WAF technology on legacy web applications.Managed the department's budget planning process for current budget year.

Led Vulnerability Management (VM) and Penetration Testing (PenTest) functions.Cultivated and maintained a strong business and IT partnerships to advance the security posture of Paychex through strong cyber hygiene.Created and presented vulnerability management metrics to key senior leaders each month.Drove innovation for new security testing technologies and critical process growth, with the goal of promptly identifying critical vulnerabilities early in the development process.Implemented a program to prioritize annual and release-based penetration testing for all Paychex internal and external applications.Supervised minimum security baseline criteria for core infrastructure platforms and communicated progress reports to senior leadership.Collaborated with key resources to redesign the vulnerability exception workflow and approval process.Led the transition of the organization from a custom vulnerability management module in ServiceNow into the industry standard ServiceNow Vulnerability Response module.Developed a strategy for pre-production application testing in collaboration with key development resources, including SAST and DAST testing earlier in the CI/CD pipeline.Championed key efforts in reducing the service-level agreement (SLA) standard for security vulnerability remediation.Published standard operating procedures, organized training, and supported initiatives to streamline the team’s work management process to two-week Agile sprints for better organization and reporting.Received a Paychex Employee Recognition Award for exemplifying outstanding performance. Earned selection to participate in the Paychex High Potential Leadership Program in 2020 and received a promotion to Senior Manager during the six-month program.

Assumed full responsibility, aligned support, and drove the vulnerability management program forward within Paychex through custom team-specific reporting.Utilized several security tools to configure and conduct network host and database security assessment scans.Accountable for executing and analyzing monthly vulnerability reports using network-based vulnerability scanning tools and assigning vulnerability tickets to remediation teams.Prepared and presented reports on vulnerability management progress to senior leadership Designed a custom reporting and ticketing module within ServiceNow for Vulnerability Management.

Provided key infrastructure support for internal and client facing applications by utilizing Security appliances and applications. Work with IT partners to troubleshoot and diagnose application issues affecting our clients and internalemployees.Key Achievements: Worked with firewall, proxy and IDS vendors to secure the infrastructure against various security threats. Worked with SIEM and NBA products to detect and alert on network abnormalities and security risks. Worked with other IT partners to design new technology solutions that comply with Security requirements.

Provided support to 3rd level IT teams requiring privileged access to business critical systems and employees requesting access changes for new hires, department transfers, or separated employees within their department.Key Achievements: Worked with development to support and maintain a central logging and auditing tool for privileged accessto critical systems as a requirement to the Sarbanes-Oxley legislation. Worked with our IT and business partners to create a more streamlined process for requesting user access tothe systems and applications for that support the business.Support for employees requesting access changes for new hires, department transfers, or separatedemployees within their department.Create, modify and delete user accounts across various UNIX and database platforms to support anemployee base of 13,000 employees. Created role-based templates for Managers to use when requesting access for new hires. This allowed allemployees within a department to have consistent and equal access to meet their job responsibilities.

Provided custom programming for medical practices to ensure that they were compliant with the HIPAA regulations.Medical practices were running billing software than ran on an AIX platform, which had built-in forms which needed to be updated, coded and tested between the practice and the insurance companies prior to the HIPPA laws taking effect.