- Leading a team of four overseeing security and compliance operations.- Developed and executed a robust governance program with continuous internal audits to enhance security posture.- Coordinated compliance efforts with ISO27001, SOC-2, PCI, and FedRAMP-Moderate standards.- Strengthened access controls through Okta automation, transitioned from LastPass to Bitwarden, and enforced MFA protocols.- Streamlined developer training with successful onboarding of Secure Code Warriors.

- Managed a three-person team for security and compliance operations.- Established and enforced security policies, managed compliance, conducted audits, and implemented controls to ensure adherence and mitigate risks.- Implemented Jamf and Crowdstrike solutions for device security

- Implemented Okta, Jamf, Snyk, and Sumo Logic for improved access, endpoint security, code development, and compliance control.- Established automation tools enhancing SOC-2 and PCI control management for increased efficiency and compliance.- Partnered with Product teams to develop tailored compliance solutions for smaller organizations seeking initial SOC-2 reports.- Introduced a comprehensive third-party risk program to assess service providers and monitor potential vendor security issues.

- Established a comprehensive security program adhering to industry standards like SOC-1/SOC-2, ISO27001, PCI, and NIST.- Implemented new policies, prioritizing improved user access controls, system configurations, and infrastructure.- Addressed critical vulnerabilities and decommissioned end-of-life systems in just six months.- Bolstered incident response capabilities through protocol development, regular testing, and engaging incident response expertise.

- Led the first Sarbanes-Oxley (SOX) audit for Zendesk IT with a small team, resulting in zero IT deficiencies in our initial 10K filing.- Achieved 20% recurring audit cost savings by negotiating evidence reliance strategies with auditors.- Launched a robust corporate vulnerability management program utilizing Tenable and Jamf, while decommissioning all outdated IT systems. Also, established organization-wide processes for patching and system hardening.- Managed security awareness & phishing campaigns.

- Led a $14 million proposal to transition to Salesforce, the company's first major cloud implementation, effectively addressing significant security concerns.- Prioritized and conducted in-depth assessments on the extensive US application stack of over 2,000 systems to enhance security measures.- Negotiated favorable security and data privacy terms with various vendors and service providers.

- Implemented reporting and metrics systems, reducing server vulnerabilities across a network of 200,000+ systems, even during substantial population growth. Facilitated reduction in open vulnerabilities by over 90% over the course of one year.- Extended critical system component lifespans in 700+ retail branches through new vendor relationships, and ensured seamless transitions to newer supported platforms.