► Lead and mentored global team of security professionals responsible for functions to include: IT, GRC, Application and Product Security, Security Operations, Supplier Security, Incident Response, Vulnerability Management,, Pen Testing and Sales Enablement► Responsible for defining, driving and maintaining a comprehensive strategy that addressed security, risk and compliance requirements, to include SOC 2, HIPAA, ISO 27001, and FedRamp► Established a mature SDLC security process resulting in measurable decrease in vulnerabilities; authored, obtained consensus, and drove adoption of a contextual exploitability blueprint and narrative► Managed internal and outsourced Security Operations functions used to monitor corporate and production resources► Managed and optimized the security budget, negotiated discounts and other creative cost saving initiatives► Developed, maintained and presented security metrics, scorecards and key performance indicators (KPI) for both interdepartmental and exec leadership► Responsible for sales enablement activities to include customer meetings and escalations, attendance at industry conferences, defining and presenting customer facing security strategy, roadmap and other relevant materials► Served as a trusted consultant to the business on topics of security, risk management and corporate strategy► Implemented a Security Champions program to extend security visibility and responsibility across the enterprise► Participated in corporate strategy meetings that enabled revenue generation and maintained cash flow

Recruited to establish strategy and manage a world class information security program in preparation for IPO or acquisition. Senior Director, Information Security and Privacy Officer | Head of Security► Established and managed the Information Security Program, budget and security personnel.► Collaborated with operations, engineering, IT, HR, legal and other business units to manage risk.► Identified, established and audited security requirements for migration and use of AWS environments. Deployed technology to audit and identify AWS specific security events.► Developed and managed data governance programs for AI / ML initiatives and other business processes.► Managed PCI-DSS (Full ROC), SSAE 18, SOC 2, GDPR and HIPAA compliance to include identification of controls, generation and collection of evidence and engagement with audit firms.► Partnered with Product Management to drive and enhance security related product features and bug fixes, provided security requirements and oversight to the Agile Software Development Lifecycle (SDLC).► Represented Intacct during sales engagements and responded to inquiries related to security and privacy.► Presented on various security topics at both company, partner and industry events.► Chaired security, risk and governance steering committees to prioritize to drive change to decrease risk.► Authored security policies, processes and standards and obtain appropriate executive support/approval.► Drove global security awareness and training for workers, developers, and partners.► Established and managed a vendor/supplier security program to manage risks to corporate and customer data.► Executed and managed internal and third-party vulnerability management and pen testing engagements.► Established and managed the Incident Response process and conducted exercises to test and measure effectiveness.► Served on the Mergers and Acquisition team providing security due diligence for potential targets.

Responsible for the global Information Security program. Defined and authored security standards/policies, provide security oversight, and drive security projects that reduce risk.► Established a Data Handling program to identify, control and minimize loss of corporate and customer sensitive data.► Identified, deployed and managed the following technologies: Data Leak Prevention (DLP), Two-Factor Authentication, Security Incident and Event Management (SIEM), File Encryption, End Point Protection.► Established and managed a 24x7 Security Operations Center responsible for Incident Analysis and Response, Audit/Compliance and Vulnerability Assessments.► Represented security at Change Control, Architecture Review Boards and Customer Engagements.► Review and responded to customer security RFI's and contracts.► Managed both internal and external third party (SOX, PCI, HIPPA) audits and associated remediation.► Responsible for providing security requirements and guidance on NAC, Mobile Device Management, BYOD/BYOPC, Hybrid Cloud, Virtual Machine Management, E-Commerce integrations.► Established, implemented and maintain a global security awareness and training program.► Established, maintained and presented metrics which measure the security function and corporate risk.► Led, conducted security reviews and defined requirements for Mergers and Acquisitions.► Identified protection goals, objectives and metrics consistent with the corporate strategic plan.► Maintained relationships with local, state, federal and international law enforcement agencies.► Responsible for incident response planning as well as the investigation of security breaches.

Hired as KLA-Tencor’s first Information Security Officer, charged with maturing and building an information security program, hiring staff and implementing technology, policies and processes to minimize risk.► Created and managed the information security function to include operations, engineering and architecture.► Responsible for product selection, testing and rollout of Disk Encryption, Digital Rights Management, Two-Factor authentication, content monitoring and filtering, SOX automation tools, SSL-VPN, IDS/IPS.► Responsible for addressing Intellectual Property protection initiatives to prevent the theft of sensitive data.► Researched and tracked new and emerging technologies used to respond to business and customer demands.► Developed security architectures that supported goals of end-to-end authentication, authorization, confidentiality, transactional integrity, non- repudiation and availability of key critical business applications.► Served as the Information Security Project Manager for all information security initiatives.► Perform end to end information security assessments on existing, new and purchased applications, systems and networks to include PLM, CRM, Blackberry, IP Telephony, M&A Activity.► Created information security balanced scorecard metrics to effectively measure ROI, risk reduction and provide status.

Responsible for planning, installation, configuration, maintenance and support of various security applications.► Planned and conducted audit, assessments and penetration testing of core enterprise infrastructure and applications.► Conducted research and tracked new and emerging technologies to respond to business and customer demands.► Served as key member of Sarbanes Oxley team: identified IT control objectives, test and recommend solutions.► Built, configured and managed the Veritas enterprise RSA SecureID multi-factor authentication environment.► Utilized EnCase forensics software to support forensics analysis for internal investigations.

Consulted with various business units to provide security direction, recommend methods and procedures to secure CSAA assets.Technical lead for various security initiatives. Performed security design review and assessments regarding all third party engagements. Served as the approval authority for all security related service requests. Reviewed and ensured compliance with current mandates to include HIPPA, Graham Leach Bliley, AICPA attestations (i.e. Webtrust, Systrust)

Built, from ground up, the Information Security program to satisfy both IT and external customer requirements. Developed strategic and tactical roadmaps. Implemented and enforced security policies.Supervised team of Security Engineers, analysts and other cross-functional assets

Special Agent | Computer Crime InvestigatorInvestigated computer intrusion (hacker), child pornography, espionage, fraud and other felony Computer Crime investigations for the Mid-Atlantic States. Provided court testimony, trained DOJ US Attorney’s on Network Security, and conducted computer forensic media analysis on seized evidence. Selected to assist in the Lewinsky/Clinton matter by providing forensic analysis of evidence.