Serving as Global CISO responsible for all matters of information security, IT risk, fraud prevention/audit/investigation, security engineering/operations, compliance and identity/access management.-Built from scratch a comprehensive information security program, including the hiring and development of a 90+ person global team. -Orchestrated first-time security certifications (and annual recertification) for HITRUST, PCI DSS, SOC 1, SOC 2 Type II, ISO 27001: 2013 and EU-US Privacy Shield. Also, HIPAA and GDPR compliance.-Managed and measured the security program using the NIST Cybersecurity Framework (CSF) for the pursuit of business-alignment and continuous security maturation. We measure better every day.-Established an Enterprise Risk Management Program Committee for programmatic management of risks. Executive visibility of cyber and ops risk is critical.-Implemented zero trust in a cloud-first application portfolio for centralized identity and cloud security policies enforcement.-Joined the Vendor Security Alliance industry coalition, served on the VSA Board, and the working group responsible for security questionnaire development for the standardization of vendor risk management.TaskUs provides next generation customer experience that powers the world's most disruptive companies through the partnership of amazing people and innovative technology. We provide Ridiculously Good strategy, business process optimization, revolutionary technology and the best talent to deliver transformational, digital scale. To find out more visit TaskUs.com.

Advise and assist clients with assessing and improving their IT risk and security capabilities:-Security program maturity assessments-Enterprise cybersecurity transformation projects-IT compliance gap reviews and remediation (PCI DSS and ISO 27001/2)-Attack and penetration testingMidwest Market Champion for Cloud Assurance services launch, cDiscovery and cLifecycle:Discovering enterprise-wide use of cloud services and building evidence-based cloud cybersecurity risk management.

Served as Information Security Manager with Dell SecureWorks responsible for the delivery of enterprise security services to a large healthcare system client with multi-state distributed networks, 4,000+ servers and 40,000+ workstations.Directed a leveraged team of remotely located (US and International) security professionals for the management, monitoring and reporting of security technologies, Firewalls, IDS/IPS, NGFW, Antivirus/Anti-Malware, Endpoint Encryption, Mobile Device Management, Load Balancers/Reverse Proxy Appliances, TACACS+, and Email & Web Content Filtering.Provided advisory and consulting services relating to client technology governance practices, information security management and compliance programs.Managed the vulnerability assessment program, including scans of all new server builds, and ensure appropriate remediation, mitigating controls or senior management risk acceptance of vulnerabilities.Facilitated incident response investigation, escalation and remediation for infrastructure security events.Developed and maintained an information security awareness training program for all Dell team members.Conducted risk assessments of business processes and supporting applications; recommended appropriate technical solutions and provided consultation on the delivery of IT services, integrated with security best practices.Worked closely with IT management and business unit peers to translate security issues into broader IT or business operations solutions, and to develop and implement effective IT risk management practices.

Responsible for the management, security and strategic development of internal systems to affect operational efficiency gains and to optimize internal business processes, in order to enable support staff and engineers to best serve Healthcare IT clients.Directed a team of engineers and system administrators for the implementation of technical solutions deployed to secure protected data on critical systems, including PHI covered by HIPAA.Improved operational efficiency of the contact center operations via the evaluation and deployment of technology solutions including Microsoft Lync and Clarity Connect.Delivered enhanced performance management and efficiency monitoring of support staff via the development of internal KPI metrics and SLAs for call response and operational dashboard displays. Deployed SaaS solutions for resource scheduling (Shiftboard) to enable more complete personnel needs assessment and resource budgeting.Implemented improvements to the enterprise collaboration and knowledge management systems.Optimized the remote monitoring and management systems (including Power Admin Server Monitor and LabTech RMM) and tested Sophos Endpoint Protection (antivirus, encryption, DLP, application control).Conducted disaster recovery and business impact analysis and developed business continuity plans.Completed assessment of core operational processes for quality assurance and efficiency and implemented improvements in utilization of professional services automation software and QuickBooks accounting package.

Served as internal security consultant to IT and business unit operations, providing global security risk management support while ensuring processes and products met customer and regulatory security requirements.Conducted risk-based compliance and security assessments of internal and external infrastructure, products and services to identify vulnerabilities, and provide solutions to ensure adherence with regulations (PCI DSS, HIPAA, SOX, SSAE16), industry best practices (ISO 27001, NIST, COBIT) and corporate security policies.Evaluated contact center operations (domestic and international) across people, process and technology in order to identify operational and data security risks, and to deliver feasible recommendations for improvement. Served as the security resource on several IT A-List projects for the deployment of technology solutions including IVR, call recording and archiving, agent performance management, advanced contact center voice solutions, network security enhancements, home agent platform redesign, mobile device management (MDM), and Symantec DLP pilot.Advocated for the incorporation of information security best practices into all technology offerings while maintaining a strategic balance between security risk and business functionality.Communicated to management the potential impact of global security trends, threats, vulnerabilities and their potential impact on Convergys business units and customers.

Managed integrated audits of the 23 universities and 95 auxiliary business units by evaluating the adequacy and effectiveness of internal controls over financial, operational, compliance and information security risks.Managed audits of auxiliary orgs (non-profit corporations with diverse functions, including retail/commercial operations) and FISMA audits utilizing risk-based approach with focus on the review of internal controls and COSO methodology, IT system controls, risk management, compliance and financial reporting.Designed and implemented an IT Security audit program using ISO 27001/2 & COBIT standards and other key risk areas for system-wide IT Security audits; completed and managed staff performing IT security audits.Managed the relationship with co-source partner, KPMG, for the technical security assessment portion of IT Security audits, ensuring consistent translation of technical areas of review including internet footprint analysis, web app vulnerability assessment, and external network scanning.Participated in CSU system-wide IT and IS advisory committees composed of all CIOs and ISOs for formulation & integration of CSU technology strategy, and development of IS programs, standards & policies.Responsible for the testing of change management, security and IT operations controls within the Windows, UNIX, Linux, Mainframe, and AS400 operating systems environments; SQL, MySQL and Oracle database environments; and for testing application security and automated controls within Oracle and PeopleSoft ERPs.Managed audit team resources, including audit scheduling, planning and scope definition. Also coached, developed, and managed staff/senior auditors.Maintained regular contact with campus VPs and CxOs regarding audit status and reviewed all documentation of corrective action submitted to close audit findings.

(Part-time project work during weekends and CSU budget furlough days)Provided guidance to a publicly-traded client required to certify SOX 404 compliance for the first time at YE 12/31/2010.Reviewed IT operations for risk/control identification and documentation for the information security, systems operations, change management processes and ERP application controls (SAP). Assisted management with control rationalization; assessed the design and operating effectiveness of controls.Identified deficiencies and areas of improvement for presentation to senior management; provided guidance for the remediation of deficient controls.

Planned, organized and conducted examinations and evaluations of the adequacy and effectiveness of the organization's systems of internal controls for audits of manufacturing plants, distribution facilities, and corporate functions such as accounts payable, accounts receivable, treasury, and fixed asset accounting.Identified business processes to assist management in the identification, documentation and internal control testing reviews to adhere to Sarbanes-Oxley compliance requirements.Conducted substantive and analytical testing of financial statements utilizing Access, Monarch and ACL for data analysis.Communicated to engagement clients by means of closing presentations and audit reports to convey recommendations for modifications and improvements with emphasis on financial impact and process enhancement.As a field auditor, performed comprehensive operational audits of retail paint stores and commercial facilities in the Houston and coastal TX districts, and effectively communicated findings to district, division, and corporate management.Identified cost savings/recoveries of $148,000 while maintaining excellent audit efficiency (122%) and accuracy (100%).Supervised and trained new hires, completed loss prevention special investigation audits and advanced auditor trainings, provided audit quality improvement recommendations, and other special assignments for the audit department.