Virtual Cyber Risk Office (vCRO) is a dynamic vCISO advisory and service shop highly specialized in cyber risk management, cyber security, and compliance. At vCRO, we deliver exceptional fractional Chief Information Security Officer (vCISO) to small to mid-size companies. As the vCISO of your company, we provide specialized expertise, improved security program management, and stronger organizational security posture for less than the cost of a full-time CISO.Our services are highly customizable for your organization's needs. Please check us out at https://www.virtualcyberriskoffice.com/

I am serving as a cyber security and GRC advisor at vCSO.ai.

Under the umbrella of vCRO, I am serving as fractional Chief Information Security Officer at Meridian, a fin-tech startup. I am developing and implementing Meridian's security program, policies, standards and tooling based on cyber security best practices. I oversee Meridian's compliance stance with various cyber security regulations required for a company operating in the financial services eco-system.A little bit more about the company: Meridian brings the world closer together so friends and family can send more money home. Meridian empowers people to send remittances across borders with carriers and wallets they already know and trust. We’re creating a unified network of telecoms and digital wallets to make sending money seamless.The team behind Meridian is made up of technology, finance, and risk experts from Apple, Square, Revolut, and Visa.

Under the umbrella of vCRO, I am serving as vCISO and Chief Compliance Officer at RateFast. In this role, I oversee compliance with key regulations such as HIPAA and CCPA, and provide advice to RateFast to enhance its security and compliance posture. RateFast is a healthcare technology company that designs web applications, mobile applications, and writes content for managing workers’ compensation claims and calculating impairment ratings.

I established a new function to oversee SVB's 1st Line of Defense regulatory engagement model and interactions with bank examiners. My team was responsible for facilitating bank-wide regulatory examinations and directing all interactions with regulatory agencies across various domains.

Side by side with my amazing team (about 40 people at its peak), I managed SVB's company-wide programs around technology, security, business continuity and vendor risk while contributing significantly to the enterprise-wide risk management efforts. We ensured compliance with US and international regulations in our domain and govern the bank's relationship with regulators. I oversaw and ran governance committees, prepared and presented executive reports to C-level executives, the Board and regulators. As Head of Governance, Risk & Compliance, I assumed additional responsibilities for Business Continuity Management (BCM), and Vendor Management. My role has also become increasingly global spanning across the US, EMEA, and Asia, and my team continued to grow in various SVB locations.

In this role, I developed, ran, optimized and oversaw governance, risk and compliance processes for the Chief Operating Officer (COO) and the functions that report into him. My areas of responsibility:- Strategic Planning & Goal Setting- Regulatory Compliance with global and US regulations and standards (FFIEC, SOX, GDPR, GLBA, PCI, SWIFT etc.)- Risk Management (Risk Identification, Assessments, Treatment, Reporting)- Cyber Security & IT Governance - Operations Risk- Vendor & Client Risk Management- Regulatory Exam & Audit Management (Federal Reserve, SOX, PCI, GLBA etc.)- Performance Management, Measurements & Reporting - Global Governance (Committees, Policies/Standards, RACIs, Working Models)- IT Service & Process Optimization- Technology Business Management & Cost Transparency- Solution Delivery Lifecycle (SDLC) Process Governance - Talent Development & Training- Communications & Organizational Change ManagementI led and participated in SVB-wide committees/councils including the IT Steering Committee (founding member), Corporate Compliance Committee, Risk Management Committee, Identity & Access Management Council (co-chair) and Transformation Office Advisory Committee.

In my previous leadership role at SVB, I developed and ran a highly effective IT Governance, Risk & Compliance team and function. My key accomplishments included: - Team Building: Hired and mentored the IT GRC team. - Strategic Planning: Set the strategic direction and vision for the IT governance processes with a focus on proactively managing risk, maturing key IT processes and improving overall governance. Provided strategic recommendations to executives.- Executive Reporting & Presentations: Prepared and presented a consolidated strategic view of key risk and performance indicators (KRIs and KPIs), status updates, and risk mitigation strategies for executive review and oversight. - Key Risk & Performance Indicators (KRIs & KPIs): Defined and operationalized an IT performance management framework. Led a team that collected, analyzed and reported key KRIs and KPIs for IT. - IT Steering Committee: Helped establish SVB’s inaugural Executive IT Steering Committee with delegated authority from the Board and responsible for providing oversight, guidance and monitoring for IT-related activities.- Federal Reserve, DBO & FDIC Exams: As the primary IT contact for the bank, facilitated the end-to-end IT Exam process working with federal and state regulators. - Risk Identification & Management: Evaluated over 100 key bank projects and implementations to identify key security and data risks related to PII/NPPI, SOX, and other regulations. - Policy & Procedure Program: Stood up a comprehensive program to develop, approve, and maintain IT policies, procedures, and standards. - IT Risk Assessment Guidelines & Standards: Created a risk assessment methodology and corresponding standards for risk assessments.- Security Framework: Led a cross-functional project team and implemented the OCTAVE risk-based information security framework, thereby enhancing SVB’s capabilities to evaluate and act on security risks.

- Key clients included Google, Facebook, Apple, PayPal, Intel, Xilinx, and Juniper Networks - Extensive experience in compliance audits including Sarbanes Oxley 404 and WebTrust, system implementation reviews, risk and control assessments, and IT organization realignments. - Served a combination of several Fortune 100 and pre-IPO clients, primarily in the high-tech sector. - Managed in an executive capacity multi-million USD advisory & audit engagements with culturally diverse engagement teams of up to 10 team members on each project. - Additional areas of focus include developing and pursuing new business opportunities, creating marketing strategies, recruiting new team members, mentoring senior consultants, and leading training sessions.

While completing my full-time MBA Program at UC Berkeley, I was a Graduate Student Instructor (MBA Teaching Assistant) to college seniors at the Haas School of Business. I taught audit methodology and techniques applicable to both financial and IT auditing. I also helped the students prepare for their job interviews with Big 4 companies hiring from Haas.

- Led WebTrust online security certification reviews, IT audits, strategic IT investment reviews and attack & penetration testing in mainly financial services, high-tech and government sectors.- Worked between 2000 and 2002 at Arthur Andersen LLP which was acquired by Ernst & Young LLP in 2002.