Leadership role on a stellar team of information security compliance, risk and governance professionals that was formed in 2019 to transform and establish an effective Information Security GRC from the ground up. This involves leveraging the strengths and talents of the organization, transforming existing practices and practically, building out the key components of an effective, scalable program from the ground up. In 2019, tasked to lead and is leading three major initiatives:- Leading the entire Integrated Risk Management (IRM), Governance Risk Compliance (GRC) solution platform due diligence vendor evaluation, orchestrating the entire Requirements gathering, RFI and Proof of Concept - Building out a Third-Party Governance program, leveraging ISO IEC 2700X industry standards for controls definition, defining a life-cycle oversight structure and implementing quick wins of controls testing such as termination and outsourcing, risk control measurement for policy exception requests, etc.- Creating a message and set of key documentation of the entire Information Security Management System for the organization for future audit purposes- In addition, I am involved in other daily operational GRC activities such as supporting SOX audits, etc.

Consultant on Third-Party Risk & Compliance for the Enterprise Engineering Organization. - Joined a leadership team for the formation of a significant, large-scale Third-Party Risk, Compliance & Oversight program from the ground up for this organization- Most significant contribution includes the establishment of a Risk Control Assessment Framework for third-parties from the Ground Up- Conducted immediate Quick Wins including Contingent Workers Termination Control testing- Performed Third-Party Inventory, Stratification and Spend Analysis to determine critical Tier-1 vendors and key areas of focus

PROGRAM MANAGEMENT DELIVERY  Secured Solution Delivery Life Cycle S-SDLC Initiative (2017) – Re-engineered life cycle processes, and improved security methods. Responded to all federal examiners’ reviews. Result: Completed on schedule (always green), below budget with $300K saving.  Compliance Regulation for India Global Delivery Center (GDC) Initiative (2018) – Was recruited by Transformation Office to lead Risk and Compliance Work Track for Regulation W. Result: Produced a comprehensive Plan and delivered an audit-proof GRC foundation with evidence. Enterprise GRC Automation Initiative (2018) – Lead all technical implementation, from business case to project execution, for a SaaS GRC solution automation.GRC Risk-Based Controls Testing (2006-2017) – Established a scalable IT Outsourcing Program and Risk-Based Controls testing. Highly praised by U.S. FRB examiners. Result: No FRB, KPMG external, internal audit finding for 10 years since 2007. Compliance Assurance Testing Standards & Procedure (2014-2015) – Developed and implemented from the ground up a test procedure and reports in support of U.S. FFIEC SR-13 on Vendor Oversight. Result: Delivered a comprehensive, end-to-end program for assurance.  Remediation of Matter Required Attention or MRA (2015-2016) – Was recruited bank-wide for leadership role due to knowledge of remediation, facilitation and analytical skills. Led a 24-month remediation for a U.S. FRB MRA. Result: Faced all FRB requests and closed MRA.OUTSOURCING VENDOR GOVERNANCE & CONTRACTS  IT Outsourcing / Offshoring Governance (2006-2017) – Led this program as a track record that was appraised by the FRB examiners. Result: Built from the ground up with 13 resources; scaled to 495 resources, 70% of IT work force; and no audit finding in 10 years.  Vendor Contracts (2006-2017) – Extensive experience with development, negotiation and review of outsourcing Contracts Agreements.

• Manage kp.org external web site development and a team of 40 software developers for all J2EE web development and testing, systems integration, deployment and 24x7 Tier 4 operation support. • Established software development and testing, and release management discipline. Introduced ITIL-based “Code Red” incident management operation procedure.

• Key senior manager for a proposal to NASA for a 5-year $300 million IT contract. Recruited out of 400 resumes due to credential, extensive training in and experience with SAP R/3 implementations.

Led the Program Management, Development and Operations Support of BEA Systems’ mission critical web applications and infrastructure integrated with PeopleSoft ERP, Siebel Sales, Clarify CRM, Order Fulfillment, and other back office systems, from the ground up. These applications were delivered on time, within budget and provided 24x7 Internet Product Downloads and Sales Force Lead Generation Integration; dev2dev Developers Portal; Order Fulfillment/Licensing; e-Education; e-Support Online Customer Support and Case Management; and PartnerNet Portal. Reference: Bill Coleman, Founder and former CEO.BUSINESS RESULTS: Increased sales leads by 300% in 9 months via downloads. • Lead Internet applications implementation and integration with ERP back office.• Develop portals for Sales Lead Generation, Products Download, Developers Network, Order Fulfillment, E-Education, Customer Support and Partners. Established 24x7 support operation. • Drive innovation, get funding and implement Single Login customer experience across portals. • Outcome: Increased sales leads by 300% via downloads. Drove 90% of education revenues on line. • Expanded customer reach to 500,000 users. Reduced order fulfillment to less than 24 hours. • Increased customer self-service by 250%. Enabled a four-fold increase in the Partners’ user base.

Promoted twice and to Director Level in the first year of employment. • Built Adaptec’s first Intranet on schedule in 3 months and delivered applications 250% over commitment. Enlisted 130 Intranet publishing groups in one year and increased usage of the Intranet. • Led and delivered production web-based enterprise applications for Human Resources: Jobs Posting, Benefits Enrollment, Employee Evaluation, Employee Stock Purchase, and Time Card.• Delivered a successful, easy to use Executive Information System (Booking, Billing, and Backlog) integrated on top of SAP R/3 ERP using SAP Business Warehouse (BW).