I lead technology / cybersecurity risk oversight for all things cloud (AWS/GCP/Azure) , network (SASE / Zero Trust), container (Kubernetes / EKS / ECS / GKE) , and serverless (Lambda) at Capital One.

Responsible for developing and owning the technology risk program including ensuring the successful execution of technology risk identification, assessments, and remediation prioritization for the GE enterprise as well as potential merger, acquisition and divestiture targets

Responsible for cloud and mobile security. Also accountable for technology assurance process used to vet enterprise / cloud projects. Chaired risk clearinghouse used to review changes with potential security implications across the enterprise.

• Lead team of security and audit specialists to perform IT security assessments/audits of third parties, build organizational capability and ensure goals and objectives are met • Define, maintain, and drive the third party security strategy across GE to ensure infrastructure (technology, process and resources) meet Business SLA’s • Led technology assurance process established to build security into enterprise technology and cloud projects • Partner with and build strong working relationships key stakeholders including but not limited to IT, Sourcing, Legal and functional teams to develop an assessment program which meets regulatory, compliance and business needs • Develop and maintain standard processes for evaluating third party risk • Maintain service documentation for all programs and establish clear SOPs • Oversee the preferred and global supplier audits as well as the supplier assessment program utilized across GE businesses• Coordinate integrated IT risk assessments of proposed technology solutions and/or business models • Run cross-business security steering committees or “Working Groups” • Manage budgets and supplier contracts associated with the team • Partner with key industry peers to conduct benchmarking exercises to provide perspective on GE’s maturity and to proactively implement best practices • Evaluate and communicate third party security risks and solutions to Business leadership • Maintain metrics, reporting and tracking program to ensure processes working as designed and risks are being tracked

• Performed all aspects of audit lifecycle including; oConducted risk assessment and analysis. oAnalyzed adequacy, reliability, security, and compliance of IT systems. oDeveloped and communicated audit presentations, and prepared professional, clear and concise reports of findings and recommendations to senior management oSpecialize in Data Security topics including application/software controls and best practices, privilege management, protection of sensitive data (PHI, Privacy Data), and network security.

•Security project lead accountable for developing and implementing plan to integrate IT security architecture of $10.3 billion acquisition of UST Inc. •Developed and implemented security control assessment tool and process (based on ISO 17799/27002) into the software development life cycle that resulted in 100% security compliance of 37 enterprise IT projects (web applications, treasury system, sales force automation system, scientific/laboratory/manufacturing applications)•Implemented a strategy to mitigate the risks of internet facing web applications that identified and remediated 24 critical vulnerabilities that could have led to security breaches•Conduct research and participate in security strategy sessions to assess impact from external security trends and implement cost effective controls to mitigate risk (mobile device encryption, web application and network vulnerability assessments, privileged and identity access management, and data leakage prevention)•Develop and provide interpretation of IT security policies, standards, guidelines, and procedures (privacy standard, file transfer standard, access control standard, DMZ guideline, and media disposal guideline) to ensure regulatory compliance•Analyze technical changes to ensure confidentiality, integrity, and availability of IT infrastructure•Performed administration of various network devices and security tools including Cisco and Checkpoint firewalls, PKI, and Active Directory

•Supported undergraduate, graduate, faculty, staff and alumni with a variety of technical support problems involving; hardware, software, operating system, security, and networking issues•Provided in person support for issues involving virus removal, hardware, operating system, and wireless networking •Research and analyze zero day virus and malware outbreaks and provide information to enterprise technology teams to mitigate risk to the university network •Assisted with university security awareness program and new student orientation for approximately 25,000 students•Served as Lead Consultant on Duty to handle escalated issues•Trained new help desk consultants