I oversee the information security and compliance programs at Conversica, an AI-based SaaS company serving enterprise customers.

As Director of Compliance at LIfeOmic, I provided leadership over a compliance program that included HIPAA compliance, HITRUST certification, NIST CSF, SOC 2, FedRAMP Moderate (achieving the ready status), and others.This responsibility included:• Enterprise Risk Management and oversight of the corporate Risk Registry.• Mapping Requirements to Controls across multiple sources (contractual, standards and frameworks, regulatory, etc)• Encouraging a shift-left mentality in control design by providing guidance during the development or acquisition of new technologies or features• Providing ongoing guidance to internal control owners regarding new or expected changes to compliance requirements• Overseeing the ongoing review and testing of internal controls• External and Internal Audit program management including scheduling, communication, evidence gathering, generation of relevant deliverables, and managing audit stakeholder relationships• Overseeing Corrective Action Plans or process improvements identified by the compliance program• Generating compliance metrics and reporting for senior leadershipI also managed the Information Security Program’s policy documentation, ensuring it remained current with requirements, received appropriate review and approval, and was included in relevant employee training.

My experience over nearly 13 years at ExactTarget/Salesforce is highly varied and deeply valued. I began as ExactTarget's first and only Information Security employee. ExactTarget was a start-up and I got to build a team, get them ISO27001 certified, and became a part of Salesforce when it acquired ExactTarget.Within Salesforce, I remained a Security Manager for its Marketing Cloud offering for some time and then transitioned to a Global Security and Compliance group.A throughline of my experience, which I greatly enjoyed, was providing security and compliance expertise about our services to our external stakeholders including both auditors and our customers or partners.

As a forensics investigator with AmbironTrustWave, I used specialized techniques and tools for ‘forensically sound’ recovery, authentication, and analysis of electronic evidence investigating a wide range of cases. I traveled extensively to acquire a forensic image of suspect systems, examine networks and physical locations, and interview key personnel in order to establish an understanding of how a compromise/incident may have occurred, what data/assets were at risk, and the extent of any exposure.

At Aon I had four main responsibilities: • Responsible for the research, design, implementation, initial configuration and testing of both technical and physical security controls of Aon’s shared global IT security infrastructure; including firewalls, intrusion detection systems, desktop security, URL filters, router ACLs, 3rd party connections, remote authentication, virtual private networks and anti-virus.• Serve as a core member of the CIRT (Computer Incident Response Team), specializing in cyber-investigations and computer/network forensic analysis including remote digital evidence acquisitions, event correlation and investigation utilizing tools such as Encase Enterprise Edition.• Provide the main Aon/CICA business units and CSG IT Infrastructure groups with security consulting services such as design/architecture review and security assessments.• Conduct periodic internal audits to ensure global security polices are properly in place and enforced.

Assumed this position as a promotion with expanded responsibilities including: process controls, process engineering, document management, knowledge management, and internal and external training for ISS’ global managed security services. I served as the global subject matter expert for our partners, clients, and across departments within ISS. One significant contribution was collaborating with the partner integration team to ensure operational impact was considered in discussions to expedite a partner’s ability to go to market. Other regular contributions included standardizing procedures; ensuring that they were uniformly documented, updated and made globally available to internal and external parties.I traveled internationally to meet with partners and help them bring our services to market as resellers. These meetings ranged from product offering discussions with sales and marketing groups to training sessions for deployment and support staff.

Performed network security consulting, engineering, and project management; i.e., finalizing network design, creating network security policies, configuring network security devices, scheduling resources, implementing and testing solutions and transitioning clients to ISS’ security operation centers.