Recruited to establish the Deputy CISO function as well as the Collins Digital Technology Governance, Risk and Compliance (GRC) enterprise-wide 2nd line function. Charged with standing up a top tier Global GRC organization to ensure the confidentiality, integrity and availability of company assets within the context of Digital Technology. This is inclusive of monitoring of compliance to all corporate policies and standards, customer contractual requirements, as well as the development of the governing program inclusive of frameworks and standards, such as NIST, PCI, ISO, Cyber Essentials+, and others, as required or adopted. Coverage areas include: Governance, Risk Management, Audits (Internal/External), Regulatory (DFARS), Compliance and Control Testing, and Cybersecurity 3rd Party Risk Management. Completion of the tri-annual DIBCAC High Assessment with a 110/110 rating ensuring the ability to continue to bid on government contracts. Maturation of the comprehensive policy compliance monitoring program to ensure continuous audit readiness across all locations. Design and implementation of an Issues Management monitoring program to ensure remediation of known gaps based on risk prioritization. Enhancement of the Audit and Regulatory program to support global regulatory oversight. Expansion of team and coverage to address Global BU requirements in support of in support of new and existing business. Establishment of a bi-annual maturity assessment across internally identified controls for input into service capability roadmaps. Reboot of Supplier Risk Management program with a 200% increase in assessments from initial implementation.

CarolinaCISO is the preeminent peer leadership network for chief information security officers across the Carolinas. As part of the national Inspire Leadership Network, CarolinaCISO brings together CISOs in non-commercial, member-led programs that help foster meaningful relationships and leadership advantage.

Evanta fosters collaborative exchange among tech leaders in the Carolinas and works to grow the Charlotte into a top technical hub in the United States. As a member of the Governing Body, I provide thought leadership and assist in setting the agenda for the CIO and CISO Community.

Promoted to establish the Corporate Truist Cybersecurity Governance, Risk and Compliance (GRC) enterprise-wide program. Charged with standing up a top-tier GRC organization for Truist through the combination and enhancement of heritage bank processes. Ensured the protection and privacy of information assets within the context of the Corporate Cybersecurity Strategy and compliance to all corporate policies and standards, as well as the development of the governing program inclusive of frameworks and standards, such as NIST, COBIT, GLBA, Factor Analysis of Information Risk (FAIR), and others, as required or adopted. Coverage areas include: Cybersecurity Governance, Control Assessments, Audit (Internal/External) Assessments, Regulatory (FDIC, FRB, State) Assessments, Compliance Assessments and Control Testing (GLBA, NYDFS, PCI, SWIFT, HIPAA, SOX), Cybersecurity 1st Line Risk Management, and Cyber Third-Party Risk Management.

BB&T (now Truist) - Recruited to partner with the Chief Information Security Officer (CISO) in maintaining an effective enterprise-wide corporate information security program across one or more business units. Ensure the protection and privacy of information assets within the context of the Corporate Information Security (CIS) strategy and compliance to all corporate policies and standards, as well as governing frameworks and standards, such as NIST, COBIT, GLBA, FAIR, and others, as required or adopted. Provided leadership in delivery and governance of enterprise-wide information security architecture, risk management standards, best practices, and systems/processes to ensure information privacy/ protection across the business units. Development of the CIS strategy across various disciplines, while interacting with business unit management, to determine acceptable levels of risk as business models and risk profiles change, and subsequently align the security program accordingly. Achieved a thorough understanding of business processes and leadership models in order to promote a sense of shared ownership of information security objectives, while balancing the need to advocate for business strategies and initiatives. Defined and operationalized communications with the BIO teams as well as business unit management to offer transparency on matters pertaining to information security and how they relate to, or potentially impact. Developed regular updates to all CIS management on business unit strategies, critical projects and related risks, potential policy exceptions, and other items, as applicable. Acted as a liaison between the business unit executive and senior leadership and CIS functional leaders. Govern and seek compliance to CIS policies and standards within the business unit. Surfaced and execute upon remediation opportunities to improve business unit security risk posture. Engagement in internal and external audit and regulatory.

Establishment of a risk based Information Security Office (ISO) for a $3B organization with 19K employees spread over 225 locations. The ISO was built to support SOX, PCI & HIPAA compliance, Board of Directors Scorecard Reporting, Security Awareness, Architectural Reviews, Vendor Assessments, Customer Contract Reviews, Incident Response Planning, Vulnerability Management, and all other foundational security practices.COMPLIANCEA comprehensive set of policies and procedures ensuring compliance with SOX, PCI, and HIPAA while reducing overall compliance maintenance costs.GOVERNANCESecurity Advisory Council to oversee all security related decisions for the organization.PROTECTSecurity Information and Event Management (SIEM) solution, Threat Hunting, Penetration Testing, and a comprehensive vulnerability management program.RESPONDIncident response policies, plans and procedures from individual contributor up to the executive team. AWARENESSReduced phishing rates to 50% below campaign baselines on a consistent basis.ARCHITECTUREIntegrated security reviews into the enterprise architecture (cloud and on premise) review process to identify and address security concerns during the project initiation phase.VENDOR MANAGEMENTVendor review process to indentify potential introduction of 3rd party risk.CONTRACT MANAGEMENTReview of all vendor contracts with a focus on reducing overall organizational risk through mechanisms such as security provisions and liability coverages.

Leader of the Services Operational Excellence program initiative in an effort to influence and drive SGS and SunGard organizations toward consistency, scalability, and excellence in methods, project and account assurance, and PMO capabilities. PROGRAM MANAGMENTImplementation of the selected operational system implementation – Planview® Enterprise Portfolio Management Solution across over 700 users in the North Americas, EMEA and Asia Pacific regions. PROCESS IMPROVEMENTGap assessment and implementation of process improvements for internal Global Services Operations worldwide.VENDOR MANAGEMENTFacilitated Vendor Evaluations and Procurement Process through contract including the development of a Vendor Evaluation Methodology for use on client and internal initiativesGLOBAL STRATEGYEstablish and executive of plans to achieve Global Excellence direction and vision for Operations Excellence while balancing both short-term and long-term results. IT MANGEMENTOversight of all internal Global Services applications servicing offices globally (US, EMEA and Asia Pac).RESOURCE MANAGEMENTDirected a team both on-shore and off shore implementation resources as well as stakeholders.

Execution of the IT Project Portfolio for the domestic and corporate functions of the organization. Oversight of the decision-making process for optimizing and executing projects, deploying products and harvesting benefits, all based on the organization’s strategic plan and available resources. Demonstrate that the projects and timing in the portfolio are conducted within the capacity of the organization. Ensure stakeholder engagement and responsibility is assigned for securing actualization of intended benefits. Regularly report status and make recommendations. The portfolio would include product/service on-going operational management and projects that would enhance current products and/or services and would develop new products or services for the business line. DELIVERYSuccessfully delivery of 46 projects, spanning a total of four project portfolios of six months in duration, with a total approved budget of approximately $5M resulting in a variance of -1% under allocation. STRATEGYReview and modification of the IT strategic plan and ensuring the alignment of the plan to the corporate strategy .GLOBAL EFFICIENCYRedesign of the reporting and software delivery processes for the Canadian VP of Operations including Scorecard Executive Reporting, Agile development implementation, automation of the capital budget process, and enhancements to the disaster recovery procedures for the Canadian Market.

Merger integration of acquired systems. Promoted into two management roles. Oversight of IS planning and scheduling, developed project management practices and processes, managed entire SDLCs. Execution of Arbella’s disaster recovery (DR) program and architecture for assigned coverage areas.

Led a team of developers designing, developing, and implementing new Tax Assessment Software written in VB6. Radically improved existing software processes by defining and implementing a company SDLC in conjunction with the QA manager. The SDLC implementation resulted in a reduction in help desk calls of 75%.