Leadership:• Develop and maintain a metrics package for senior leadership which accurately depicts the current state of the Enterprise OT Cybersecurity program. • Create cybersecurity framework training and provide training to OT field and cybersecurity professionals.• Coordinate monthly management updates with members of the Enterprise OT Cybersecurity team. • Manage relationships between Enterprise OT Cybersecurity and business unit executive management and management teams.• Coordinate monthly Enterprise OT Cybersecurity Threat Briefings with MPC Red Team. • Brief third-party partners on current and future state of Enterprise OT Cybersecurity. Operational:• Generate and continually evolve the MPC cybersecurity framework comprised of standards, processes/procedures, guidelines, assessments, site cybersecurity plans, and controls for over 365 of the company’s CI/OT environments utilizing NIST 800.53 and 800.82 control sets.• Manage the integration of cybersecurity framework into each CI/OT business unit while maintaining alignment to overall organizational mission and cost optimization.• Align cybersecurity assessment and architecture activities to the MPC cybersecurity framework on an ongoing basis.• Stay current on all applicable industry frameworks and best practices and integrate applicable pieces into the MPC cybersecurity framework.• Continually assess maturity of each CI/OT business unit in order to assure continued growth and development. • Created a system commissioning process which significantly reduces the probability of introducing risks into the secure OT environment.• Ensure major projects within the CI/OT environment are compliant with the MPC cybersecurity framework.

Leadership:• Led the implementation of the companies Vulnerability Management tool for the Business environment and performed associated maintenance activities. • Created a vulnerability management program and presented the resulting metrics monthly to all IT Directors and the Vice President of Information Technology. - Resulting in overall decrease in risks to environment• Facilitates and provides representation for all Information Technology teams in the 2017 SOX audit. Operational:• Managed gap remediation resulting from acquisition.• Facilitated the completion of Risk Assessments for Data Hosted Externally and Network Firewall Rules.• Created process and procedural level documents based on NIST 800-53 and 800.82 for use in the company’s BLAN and Critical Infrastructure environments. • Assisted and provided guidance in the security implementation of the separation of the BLAN environment from the Critical Infrastructure environment. • Implemented the Inventory Management tool used in the Critical Infrastructure environment.• Analyzed existing business processes to identify compliance gaps in current operations.

Leadership:• Maintained compliance controls as extension of Account Team over User ID validations, Health Checking, Vulnerability Scans, System Activation and Deactivation, Risk Management, and Software Purchasing and Licensing. • Managed and report weekly progress of compliance activities to up line management and overall service line. • Coordinated compliance actives and drove resolution of noncompliance issues. Operational:• Provided audit and compliance support to Cloud Managed Storage Services team. • Documented procedures, with an emphasis on efficiency, which furthered overall compliance of the account and services provided.• Created criteria for, and performed, audit spot checks on teams providing services to the account.• Provided audit representation for the CMSS account to internal and external audit teams.

Operational:• Performed Quarterly User Access Reviews on supported applications (75).• Created process and procedures which meet all SOX/PCI/SOC controls for execution of Quarterly User Access Reviews (QUAR).• Created schedule for QUAR execution in alignment with audit testing cycles and control requirements.• Created milestone tracking system to assist in easily identifying execution issues. • Established and documented effective escalation process for QUAR.• Established and documented checklist and control points increasing quality assurance and ensuring compliance objectives are met.• Created templates to be used in all processes and process communications resulting in improved streamlining. • Revisions made to QUAR process resulted in estimated savings at time of departure of $50,000 annually. • Created central data/evidence storage template for use in clear and concise audit representation.

Leadership:• Represented & provided leadership for IAM team on over 50 external accounts in SOX/HIPAA/SSAE16/PCI/SOC/Corporate audits (internal & external).• Supervised & provided leadership support for 30-60 employees performing secondary control activities.• Created and lead numerous projects which resulted in efficiencies to local and global teams and increased overall compliance posture across the global business.• Furthered and redesigned the Global Delivery Framework structure based on the lean methodology for the Boulder IAM team which organized the team’s workload to be distributed equally and most efficiently based on role and expertise. o At the time of departure, the structure had been successfully adopted and implemented across multiple locations in the US within the competency. • Trained new hire employees and executive level management on IAM practices and implementation. • Implemented an automated IAM solution, including identification of requirements and documentation of proper execution and integration to current environments.• Created and presented many projects to up line management regarding process and procedures, resource assignments, training packages, as well as general best practices to be used by North America and Global teams. • SME for Identity and Access Management global competency and lead weekly educational and informational meetings which furthered standardization across the geographies. • Lead the Boulder Social Ambassadors team which trained and implemented internal and external social networking to IBM executives.

Leadership:• Created and implemented improvement projects which resulted in successful turn arounds of noncompliant accounts.• Created and documented procedures for newly acquired requirements/ controls and user administration/access review activities.• Created and administered new hire training for all new team members.• Facilitated satisfactory relationships between external Customers, internal Customer management teams, and the Identity & Access Management team. Operational:• Provided governance and project management over secondary controls (user access reviews) and user administration activities for approximately 15 external accounts.• Provided IAM representation and successfully pass all audits on supported accounts (internal & external).