CISO and head of IT Risk for Altria and its family of companies globally, including Philip Morris USA, Ste. Michelle Wine Estates, US Smokeless Tobacco, John Middleton Co., Nu Mark, and Nat Sherman.

Encourage technology innovation and collaboration in the greater Richmond area.

As the Chief Information Security and Risk Officer, responsible for the departments managing Information Security, Operational Risk, Vendor Risk Management, Business Continuity, and Model Risk Management. Report directly to the Chief Risk Officer with matrix reporting to the Chief Operating Officer, Board Audit Committee, and Board Enterprise Risk Committee. In conjunction with the CIO, led the digital transformation of the bank.• Creating the Operations and Technology Risk Management department, including all policies, procedures, and staffing requirements; bringing together all domains related to IT and Operational Risk.• Developing the bank’s future Enterprise Risk Management framework which integrates all IT, Operational, Market, and Credit Risk into one end-to-end process for senior management and board consumption.• Launched an eGRC platform to manage and automate the functions of IT & Operational Risk, including Information Security and RCSA.• Develop and oversee critical IS functions including Incident Management, Application Security, Network Security / Intrusion Detection, Training & Awareness, Vulnerability Management, Identity Management, Data Loss Prevention.• Launched a comprehensive Security Information & Event Management (SIEM) platform and program through-out the bank's IT environment.• Developed a continuous improvement assessment methodology, based on regulatory requirements and industry standards, to ensure the bank’s risk management processes continue to address emerging risks.• Represent Operational and IT Risk on the New Product Committee.• Present to the Board Audit Committee and Enterprise Risk Committee quarterly on the overall state of IT and Operational Risk within the bank.• Interface with internal and external auditors as necessary as well bank regulators for examination; provide periodic updates for ongoing remediation efforts.• Provide risk management expertise on critical outsourcing and SaaS initiatives.

Program Manager – Enterprise Supplier Risk Management (ESRM) Strategic Enhancement Program (StEP)Manage 50+ full time employees, contractors, and consultants who support the Program Office (PO). The StEP portfolio directs 30+ tactical and strategic projects to improve Supplier Risk Management at Citi.As the StEP Program Manager, work closely with senior leaders as well as partners in Supplier Risk, Information Security, Business Continuity, Technology, Enterprise Risk, Privacy, Compliance, Legal, Anti-Money Laundering, and Procurement.• Provided Subject Matter Expertise for the development of the risk scoring methodology for process which identifies Citi’s cross-discipline IT / Operational risks and tiers them based on materiality.• Developed an industry quantitative leading Risk Tiering model to determine a Supplier’s Inherent and Residual risk.• Establishing quantitative and qualitative Risk Tolerance measures, thresholds, and breach responses, in alignment with COSO.• Oversaw the development of several critical enhancements which will be implemented in 2013, including:o Restructuring of the Supplier Risk Management Governance Modelo Design and development of a future-state ESRM platformo Establishing Key Performance Indicators (KPI) / Key Risk Indicators (KRI), ando Designing processes to monitor levels of Supplier concentration and over-dependence.• Successfully established the StEP PO, including budgeting and business justification to O&T senior leadership, which:o Oversees all aspects of program and project executiono Sets strategic risk management objectives and ensures alignment of project scope and timelineo Identifies and addresses emerging risks, including 4th parties and cloud computingo Ensures the successful closure of internal audit issues and regulatory findingso Provides financial forecasting as projects move through the lifecycleo Continues to operate on-track and under-budget by 10%.

Lead IS and IT Risk Management initiatives for Citi Technology Infrastructure (CTI), which supports systems and network connectivity for Citigroup business lines globally. Prepared financial forecasts for IS projects. Developed and oversaw Information Security Risk Assessment (ISRA) program worldwide, derived from ISO, NIST 800 and FFIEC guidelines. Represented CTI at corporate steering committee level. Served as liaison during regulatory audits.• Dramatically reduced risk, with significant projected resource savings, by standardizing risk management across all business units and incorporating into an event driven ISRA process supporting annual GLBA attestations and SOX / PCI compliance. • Established and consistently maintained compliance with ISO 27001 certification requirements for GIS. Achieved certification through improvements to internal and governance processes.• Subject Matter Expert (SME) for ISO 27001 certification of data centers worldwide. Developed and implemented repeatable programs. Played key role in Citi becoming one of the first financial industries to achieve ISO 27001 certification for all data centers.• Represented CTI and worked with Engineering and corporate governance groups to set Infrastructure Defense Program’s tactical and strategic goals. Objectives through 2011 included: security for Virtualization, Cloud Computing, Remote Access, and advanced Firewall/Proxy services.• Produced productivity increases as large as 30% and reduced defects as much as 95% for programs, by developing KPIs to measure and trend IS programs globally.• Worked with Security Engineering and Operations groups to lead project expected to deliver multi-million dollar savings, after 2011, by automating Security Incident and Event Monitoring and identifying budget reductions. • With the Citi Security Engineering function, assisted development of end-to-end risk assessment methodology embedded into the Technology Development Life-Cycle (TDLC) for Infrastructure.

Department Head, Security Managed ServicesSecurity Operations Center ManagerCreated and led Managed Services division for large security products VAR. Hired and supervised multiple direct reports. Managed issue identification / escalation. Led Level 1-3 support plus product / service engineering. Administered budgets, negotiated vendor contracts, and procured hardware and software.• Built group into reliable revenue stream and managed products on behalf of customer via Security Operations Center (SOC), either remotely through data center or at client locations.• Developed all SOC policies and procedures, including incident response, reporting, KPIs, and SLAs.• Increased sales and led development of packaged security offerings, including managed 3rd-party firewalls, intrusion detection systems, e-mail, virus scanning, web proxies, and more.• Assisted with sales by preparing and conducting technical presentations.

Senior Systems & Security EngineerActed as Director of Security and Director of Technology Infrastructure. Oversaw network and IS operations management. Managed vendor relations to support hardware, software, support, and 3rd-party services. Negotiated ISP agreements and contract renewals. Served as Technical Lead for corporate IT projects. Worked closely with Microsoft, Sun, Oracle, Cisco, and other vendors.• Reduced ISP costs 15% and achieved larger decreases in Oracle, Sun, and Cisco support.• Managed complete corporate network and data center network redesign initiatives.• Improved and updated all security and disaster recovery policies and procedures.• Designed successful Sun Server Farm for distributed processing of financial applications.• Improved efficiency by implementing uptime monitoring for 24x7 production data center.

Data Center Operations and Security Team Lead Directed data center operations at ISP/telecom/internet company. Coordinated multiple engineers. Planned and managed technology upgrades. Provided security policy management for entire network and systems environment. Managed hardware, software, and facilities vendor management functions.• Designed and implemented 24x7 enterprise e-commerce data center to provide global support.• Played major role in 2 data center migration initiatives.• Enhanced functionality of an ad-serving environment handling >2 billion impressions per month.• Carried out design and implementation of web hosting/co-location environment that processed more than 10 million unique visitors per month.• Implemented VPN, firewalls, and IDS for multiple data centers.• Consistently met SLA of 99.7% availability and maximum business continuity for all systems.