•Responsible for leading the strategy and execution of Information Systems, Product and Cloud Operations security consistent with the company’s regulatory requirements, strategic objectives and risk appetite •Lead the design and implementation of the Office of the CISO vision and strategy to optimize the organization’s overall security posture in alignment with Hyland’s corporate cloud vision •Lead the maturation of Hyland’s risk management program by identifying, evaluating and reporting on security risks aligned with compliance and regulatory requirements •Serve as the internal and external advocate for information security and responsible for the company’s security program, implementation of Hyland’s information security risk assessment programs, maintaining and consolidating information security policies and procedures and oversight of information security audit programs•Provide regular reporting on the status of the information security program to enterprise risk teams, senior business leaders and the Cybersecurity Committee of the Board of Directors as part of a strategic enterprise risk management program supporting business outcomes•Serve on Hyland’s ESG Executive Steering Committee to design and implement Hyland’s ESG program•Serve on Hyland’s AI Executive Steering Committee to design and implement Hyland’s AI policy and approve AI enabled technology use cases for implementation•Reduced Hyland’s cybersecurity deductible by 50% year one and significantly reduced Hyland’s premiums during year 1 and 2 with the improvements made to Hyland’s cybersecurity program•Led security tooling consolidation program resulting in substantial cost reductions, while centralizing reporting and tracking•Lead the maturation of Hyland’s application security program while minimizing disruption through the development of enterprise application security standards, gates and automation throughout the SDLC

•Led Benefitfocus' security vision and strategy; to protect against emerging threats and to ensure alignment with corporate polices and standards, market demands, and compliance with regulatory/security standards such as HIPAA, PCI, and SOX•Led the Cybersecurity Executive Steering Committee to regularly update the Benefitfocus Executive Leadership Team and board members on Cybersecurity leadership observations and recommendations, operational status, and policy decisions•Presented security posture and risks to Benefitfocus’ Board of Directors and Audit Committee•Led the organization through a corporate restructure and reduction of force•Led our Integrated Risk Management function and served as a member of our Enterprise Risk Management Team•Matured Benefitfocus’ security posture by increasing security vulnerability testing scope coverage from 65 to 100% coverage during year 1. Continuously achieved a YoY drop in vulnerability counts, including a 75% drop in year one. Reduced security operating expenses by 50% year 1. Improved team NPS score from 0 to a company high of 87 during year 1. Automated manual processes and maintained non-qualified third-party assessment and audit reports while continuously increasing control coverage. Managed security budget to about 6% of technology spend •Positioned security as a sales and client partner leading to increased engagement throughout the pre/post sales cycle through client security assessments, and contract negotiations to help secure revenue •Served as a technology lead for M&A due diligence, responsible for 2 acquisitions•Matured Benefitfocus' BCPD program ensuring no business interruptions during weather events and a seamless transition to a remote workforce during COVID•Matured the company’s GRC program, including third-party risk management and compliance programs including HITRUST, PCI, and SOC1 and SOC2 Type II audits

•Led IBM's Talent Management Solutions' security vision and strategy; to protect against emerging threats and to ensure alignment with IBM’s polices and standards, market demands, and compliance with regulatory/security standards such as ISO27001/2, EU Privacy Directive, Privacy Shield, GDPR, FFIEC, and FISMA/FedRAMP•Led the FFIEC regulatory compliance of the brand’s SaaS offerings and annual reporting to the FFIEC examiners•Served as brand technology lead for SaaS sales and client contract negotiations pertaining to security, and privacy•Provided continuous monitoring and maintained the confidentiality, integrity, and availability of customer SaaS offerings, PII/SPI and business data across an infrastructure consisting of 18 global datacenters, encompassing 40+ Talent Management SaaS offerings•Conducted regular risk assessments and reviewed security risks with the GM to provide recommended control implementation or business risk acceptance •Responsible for developing and maintaining the brand’s information security, application security and privacy programs and ensuring compliance by establishing partnerships and converging security across applicable IBM business units, such as CIO, Cloud, and Analytics•Led the brand’s BCPDR program•Led the brand’s security assessment program, including infrastructure and application vulnerability and penetration testing and remediation •Led the brand's GRC function, including SOC2 audits, ISO 27001 certification, FedRAMP and application penetration testing engagements•Developed, maintained, and published brand information security standards, guidelines, and procedures•Coordinated activities of internal investigation and incident response through IBM CSIRT and managed third party SOC•Led third party risk management program for supplier and partner security reviews

•Led Kenexa’s security vision and strategy; to ensure alignment with business objectives, market demands, and compliance with regulatory/security standards such as PCI, Safe Harbor, and ISO27001/2, maintain partnership with industry experts, and protect against emerging threats•Led M&A security due diligence, responsible for technology review, documenting control gaps, and providing integration strategy and budgetary requirements for approximately 9 acquisitions and a joint venture in China.•Created and led Kenexa’s security and privacy committees•Served as Kenexa’s technology lead for SaaS sales and handled client contract negotiations pertaining to security and privacy •Maintained the confidentiality, integrity, and availability of Kenexa and customer systems, applications and PII/SPI and business data across an infrastructure consisting of 40+ global sites and 9 datacenters (US, Asia, Europe) encompassing over 40+ Talent Management SaaS offerings•Established corporate and third-party risk management program. Provided updates to Kenexa’s Board of Directors as requested •Designed and implemented Kenexa’s BCPDR program•Established Kenexa’s security assessment program, encompassing application and infrastructure vulnerability and penetration testing and remediation•Established and led the Governance, Risk and Compliance function, including obtaining Kenexa’s first SOC2 Type II, FISMA compliant offering, TRUSTe privacy certification and EU/Switzerland SafeHarbor Certification. Served as technical contact for third party SOX audits•Coordinated activities of internal investigation, incident response and manage third party SOC•Provided leadership, in a high growth environment, for an IT and security organization of 25+ reports, including hiring, termination, time tracking, goal setting, reviews and management of the capital and operating expense budget

•Led BrassRing’s security vision; ensure compliance with existing security and regulatory standards and protect against emerging threats•Designed and implemented BrassRing’s first information security program, including the creation, review, and enforcement of security and privacy policies and practices throughout BrassRing to ensure the security of all existing business units, products and services•Achieved PCI compliance with Level 4 merchant requirements for BrassRing’s e-commerce site•Designed and implemented a risk assessment and vulnerability management and testing program, implemented appropriate safeguards, and developed a comprehensive security plan to drive the ongoing security standards and process improvement to satisfy Cybertrust Perimeter and Application Certification requirements and those of insurance auditors, customers, and the BrassRing leadership team•Established an internal privacy council and served as privacy leader working closely with the executive management team to ensure adherence to global privacy regulations and achieved TRUSTe and SafeHarbor certification•Provided pre/post-sales support for BrassRing’s SaaS offerings through completion of RFPs, contract review, security assessments/audits, and meeting with clients and prospects to present BrassRing’s security posture•Designed and implemented BrassRing’s application security program to be a competitive differentiator•Developed, implemented, tested, and maintained a BCPDR program •Established a third-party risk management function to ensure supplier compliance with BrassRing security standards•Administered and maintained multiple security platforms including firewalls, intrusion detection, virus control, and encryption to protect the confidentiality and integrity of corporate and client data, while maintaining 99.9%+ uptime.

•Provided expertise and input on emerging security technologies, issues, and direction to develop effective security solutions for clients

•Served as the technical security lead on the Boston Scientific account•Designed and maintained the security of a 28-site global infrastructure comprised of 600 servers and over 12,000 users, including 24/7 security infrastructure coverage and escalations

•Supervised 80+ software engineers developed syllabus, curriculum, lectures, and presentations for Microsoft training classes•Diagnosed problems, offered advisory services, and provided solutions for Microsoft Exchange Server in secure enterprise environments utilizing internet connectivity and co-existence with foreign messaging systems

•Performed data input and quality testing for secure web-based financial software