Information Security Director for an $8 billion publicly traded technology company. Member of the CIO’s leadership team responsible for the design, implementation, and management of the Internal Global Information Security program. Global responsibility for all information and information systems security, protecting all corporate data and intellectual property.

Responsible for the design, implementation, and management of the enterprise-wide information security program. Served as the primary Information Security resource assisting all departments with the research and implementation of security-related technologies and processes• Led the entire Information Security organization, including Compliance, Physical Security, and Technology Controls functions• Managed a 5-million-dollar IT Security budget. that included commercial IT systems and services, IT security projects, and in-house IT systems• Established and managed the vendor risk management team responsible for the design and operation of the vendor risk management process including creating and reporting KPI‘s• Presented metrics to the C-Suite demonstrating successes and progress of the security program• Actively lead compliance initiatives around California Consumer Privacy Act (CCPA) and Payment Card Industry (PCI) • Developed the vendor management program performing vendor security reviews and working with Legal to establish mutually acceptable contracts and service-level agreements • Researched, recommend, and planned the implementation of new and updated information security hardware and software• Managed the security monitoring, prevention, and remediation systems including Symantec DLP, Endpoint protection, Splunk SIEM, Cisco IPS/IDS, Qualys, and Rapid 7 patch/security management, Azure cloud, and other related technologies• Led and managed a team of seven IT Security Engineers• Developed and maintained 100% of the organization’s Information Security & Technology Policy governance documentation sets• Maximized operational stability, regulatory compliance, and security oversight by establishing the first Change Advisory Board to handle change management and change controls

Responsible for performing information risk, security, and related compliance assessments, testing related controls, and building IT Security programs for clients based in the U.S.• Senior Consultant responsible for identifying enterprise information security and compliance related problems and provide technical solutions to assist with remediation• Led information risk and security discussions with technical and non-technical groups throughout all steps of the engagement • Provided guidance on the administration and maintenance of security systems infrastructure, applications, devices, tools, and software services• Developed and operationalized enterprise information security programs• Supported multiple client engagements ensuring compliance within industry statutes and regulations across multiple industries that are relevant to IT including PCI, HIPAA, HITRUST, GDPR, ISO 27001, and NIST

Maintaining and enforcing security processes, practices and policies throughout the organization to reduce risks, respond to incidents and limit exposure and liability in all areas of information-related, financial, personal and reputational harm. • Point person assigned to assist regulatory, internal and external auditors, providing management and technical knowledge in assisting with the complete audit cycle, planning, execution and finalization.• Primary contact responsible for ensuring compliance to regulatory and framework requirements with specific focus on PCI, EI3PA, and the GDPR regulation program• Evaluate and ensure the proper level of documentation for policies, procedures, standards and operational tracking throughout the organization to meet regulatory or framework requirements.• Headed the Risk Management and the Vendor Security Assessment programs.• Lead the execution and planning of assessments, audits and exams.• Responsible for 3rd party risk management program. Performing IT Security Reviews for vendors prior to onboarding and annual contract renewals

Led the IT Services team made up of six direct reports supporting over 600 users across multiple locations. Key member of senior management team responsible for the design and implementation of the corporate network infrastructure. • Senior leader managing the Infrastructure, Systems Administration, and Desktop Support departments. • .Evaluated the organization's business requirements and assisted with the implementation of a hybrid private / cloud-based solution as a corporate standard. • Manage and allocate a $3 million annual budget.• Successfully implemented new Cloud based IT Support portal with self-help capabilities to track and manage service requests. The use of self-help FAQ’s resulted in a reduction in support calls.• Recruit, hire and lead a team of 6 IT professionals responsible for administering / supporting all information technology functions• Implemented a new Cloud based IT Infrastructure for LeEco N.A

Drove the risk management agenda, including compliance to policy, and execution of remediation. Point person assigned to assist regulatory, internal and external auditors, providing management and technical knowledge in assisting with the complete audit cycle, planning, execution and finalization of report.• Only team member to obtain CISA certification and perform the annual Interac audit. Saving the company $50K yr. in audit fees.• PCI Internal Security Assessor (ISA) responsible for the annual PCI assessment and Interac audit• Functional department lead and point person for the IT Security Department• Performed additional duties as corporate Privacy Officer, including investigating and managing consumer privacy incidents, communicating with consumers and customers, and responding to complaints.• Led intrusion detection, vulnerability management, and incident response program. • Developed and implemented the Vulnerability Management program (none existed previously). The program was documented to included POC information, scheduled scans, results and progress reporting

Managed a global team of 20 IT Professionals responsible for supporting corporate and local office systems, including applications, data center, servers and storage, PCs, and telecom.