Managed the enhancement and continuous improvement processes for the global Application and Technology Security Assessment program. Specific responsibilities include:• Created the corporate security and compliance governance framework for Generative Artificial Intelligence (AI) initiatives to ensure all appropriate legal, operational, security, and other controls are in place to minimize the business and technology risks from these projects.• Performed detailed Application and Technology Security assessments of company’s Google and Amazon Web Services (AWS) Cloud infrastructures and applications. • Recommended Cloud security implementation architectures, operational procedures, technology risk reporting, and configuration design standards.• Assessed new projects for their security compliance to the international Privacy regulations and the Payment Card Industry (PCI) security framework requirements.

Assisted a United States-based Healthcare Equipment company and a global Payment Card Processing company in solving critical Information Technology (IT) Security, Privacy, and Compliance issues that significantly impacted their ability to comply with Federal, international, and industry security and privacy guidelines. Specific responsibilities included:• Reviewed and designed security control assessments for the company in order to meet Veterans Administration security and privacy requirements. Made technology control recommendations on IT security architecture, compliance testing, and IT security tool implementation.• Created PCI compliance processes. Performed technology assessments based on PCI requirements. Made recommendations on IT security architecture, compliance testing, and IT security tool implementation.• Served as Senior Security Advisor for implementing Health Insurance Portability and Accountability Act (HIPAA) and PCI-related security controls on company’s AWS and Google Cloud environments.• Performed detailed Security Governance, Privacy, Risk, and Compliance assessment of company’s Public Cloud infrastructure and applications. Assisted in developing Cloud security implementation policies and configuration standards and in assessing the Cloud’s compliance to the PCI security requirements.

Lead the enhancement and maturation of the corporate Information Security program. Specific responsibilities included:• Lead the design and implementation of Microsoft Azure Cloud Security Operations and Privacy practices, policies, and procedures.• Coordinated the successful assessment of organizational compliance to the Statement on Standards for Attestation Engagements Number 16 (SSAE 16) Service Organization Control (SOC) 2 Type 2 security and privacy trust principles. The assessment also evaluated the effectiveness of the Health Insurance Portability and Accountability Act (HIPAA) HITRUST security and privacy controls.• Developed the management and reporting processes for the Technology and Third-Party Risk Management programs, expanding the security and privacy isk reviews of customers, vendors, and business partners.

Provided global multi-disciplinary leadership in developing strategic and tactical plans for a comprehensive global Information Security governance, risk, and control assessment program with key operational locations in Romania, The Netherlands, the United Kingdom, and the United States. Specific responsibilities included:• Lead design and implementation of Application Development, Infrastructure, and Privacy security practices, policies, and procedures. • Design new security and compliance capabilities related to existing policies, regulatory requirements, and generally accepted Information Security baselines, controls, frameworks, and standards, Including the Control Objectives for Information Technology (COBIT), General Data Privacy Regulation (GDPR), International Standards Organization (ISO) 27001, and Payment Card Industry (PCI) security requirements.• Create Cloud security design requirements, development patterns, and vulnerability testing for company buildout of microservices in the Amazon Web Services (AWS) environment.• Established and led the corporate Digital Forensics and Incident Response program, with a multidisciplinary team of 7 from Information Security, Network Operations, Application Development, Privacy, and Legal. Developed digital forensics, eDiscovery, and incident response processes and practices.

Assisted a large United States-based Health Insurance company and a global Managed Technology Services company in solving critical Information Technology (IT) Security, Governance, Risk Management, and Compliance issues that significantly impacted their ability to comply with Federal and industry security guidelines. Specific responsibilities included:• Created Payment Card Industry (PCI) compliance processes. Performed technology assessments based on PCI requirements. Made recommendations on IT security architecture, compliance testing, and IT security tool implementation.• Served as Cloud Security Advisor for implementing Health Insurance Portability and Accountability Act (HIPAA) and PCI-related security controls on company’s AWS and Google Cloud environments.• Performed detailed governance, risk, and compliance assessment of company’s proprietary Cloud infrastructure. Assisted in developing Cloud governance policies and configuration standards and in assessing the Cloud’s compliance to the PCI security requirements.

Joined CAPCO, a subsidiary of FIS, to build the global Risk, Information Security, and Compliance (RISC) program to meet FIS risk and compliance requirements. Specific duties included:• Performed and documented technology and business RISC analyses and control assessments and evaluate internal control designs for areas of improvement.• Reviewed significant risk-related events and advise management and client partners on action steps required to prevent future recurrence.• Implemented the global vendor management program, which included creating performance and security risk metrics for reviewing compliance of critical suppliers and vendors.

As Team Leader of the Client Security Operations group for a large multi-national Financial Services account, led the implementation and management of Information Security operational policies, controls, and processes. Managed security analysts, engineers, and support personnel in Canada, India, and the United States. Specific duties included: • Reviewed and implemented security systems and operational processes to improve and better control access to both internal and Cloud-based systems.• Created information security documentation related to departmental work areas and completed service requests to meet both client and company requirements.• Identified improvement opportunities and executed plans to streamline workflow to improve Service Level Agreements (SLAs) for the Enterprise Access Coordination team.

Assisted global companies in solving critical Information Technology (IT) Security, Governance, Risk Management, and Compliance issues that significantly impacted their ability to comply with Federal and industry security guidelines. Industries served included Energy, Financial Services, Health Care, and Travel Management. Representative engagements included:• Performed Information Technology Infrastructure Library (ITIL)-based IT Governance assessment for international Financial Services company’s offshore software development teams. Created IT Governance strategy based on findings and recommendations from the assessment.• Created Payment Card Industry (PCI) compliance processes for global Travel Management company. Performed technology assessments based on PCI requirements. Made recommendations on IT security architecture, compliance testing, and IT security tool implementation.

After the global Payment Card Processing company had a major cyber breach, was hired to lead the re-building and enhancement of the enterprise Information Security (IS) program to meet RBS Group and PCI Security Standards Council requirements. Budget responsibility was $10 million with a staff of 10. Specific duties included: • Implemented and managed the Payment Card Industry (PCI) internal control assessment and remediation program and directing the on-going merchant compliance assessment process as required to track overall PCI compliance. Regained PCI Report on Compliance (RoC) validation, which was required to process merchant transactions.• Headed the creation and execution of the enterprise IS risk assessment process, as recommended by Federal regulators.• Mitigated and remediated risks to RBS WorldPay IS business and functional areas under direct control, including Internal PCI Systems, Merchant PCI, and User Administration.• Led the corporate Digital Forensics and Incident Response program, with a multidisciplinary team of 5 from Information Security, Network Operations, and Legal. Developed digital forensics, eDiscovery, and incident response processes and practices.

Established and directed the global corporate Security program. Specific duties included:• Developed and implemented the enterprise security roadmaps and strategies for the company's software products and support services. • Created and updated global security policies and standards based on ISO 27001 guidelines.• Implemented the Third-Party Risk Management program, which included creating risk metrics for evaluating compliance of critical suppliers and vendors and performing IT security risk assessments on major suppliers.