· Implemented comprehensive regulatory preparation strategies including data protection, data mapping, data minimization, enterprise risk assessments, incident response, third party risk assessments, encryption, access management and vulnerability management in compliance with various laws and regulations including GDPR, BREXIT, PSD 2, MAS TRMG and NY Cybersecurity Regulation.· Overall management of the enterprise wide PCI program and team for Western Union with PCI Level One annual certifications (Attestation of Compliance and Report on Compliance) for merchant and service provider.· Annually facilitates 100+ global, regulatory IT/Information Security/Data Privacy compliance in Money Services Business (MSB), international licensing and other financial services related requirements.· Managed the globally dispersed External Assessment Team of influencers globally responsible for PCI certification, SOC 1 and 2 and international regulatory compliance in over 90 countries.· Expert in successfully collaborating across multiple functions in a global environment to develop and coordinate enterprise IT risk management solutions that are both technically and financially feasible.· Designed and documented in RSA Archer, the corporate GRC platform policies, processes and procedures.· Annually responded to 300+ corporate client due diligence requests to address security, risk, vulnerabilities, privacy and compliance topics.· Managed Corporate Information Security Policies including the formal annual policy review process and enterprise-wide SME on all policy related inquiries.· Managed all global, enterprise-wide exceptions to policies including monitoring exceptions through to compliance.· Partnered with Internal Audit in support of detailed SOX audit program preparation, risk assessment and evaluation of internal controls. · Developed and maintained asset inventory with a focus towards successful SOX ITGC exams.

• Led and managed a specialized team in eForensics that included automated and root level file carver methods to harvest lost, deleted and corrupted files for analysis and reconstructs. • Performed forensic investigative methodology including chain of custody analysis, reporting, and presentation, and ultimately created and issued protective order affidavits for Federal cases.• Applied knowledge of information security and privacy related risk, regulatory, audit, privacy, and compliance requirements for handling, transporting and storing evidence for multi-year Federal cases.• Securely protected IT systems and network environments with proficiency to advise and make security and privacy recommendations. Created and maintained all security policies, guidelines and procedures.

• Led and supported security projects, compliance efforts; assisted the VP of ESRM with strategic initiatives that included the creation and maintenance of company security policies.• Developed the compliance process and mapping tools to monitor programs for compliance with regulatory requirements for outsourced state government programs including workforce, affordable healthcare for children and women and systems and processes to locate non-custodial parents.• Managed the planning, auditing, reporting and follow-up of integrated technology audits.• Performed ongoing review of multi-state contracts for compliance with IT and InfoSec-related contractual terms and conditions.• Managed enterprise security incident response and led privacy and security investigations.• Performed computer forensics in response to security incident reports generated by the human capital group.• Completed Business Continuity responses to RFPs for the TAMP Disaster Recovery System (DRS) administration; and database maintenance for all corporate and field offices nationwide.

• Managed the business continuity program and led the team in analyzing business impact and risk; strategy development; planning, testing and maintenance in headquarters and satellite offices nationwide.• Managed corporate incident response by preparation, identification, containment, eradication, recovery and follow up procedures when necessary by using a formal chain of custody process and applied forensics.• Expertly created technical reporting of analysis, findings and results; presented to C-level and Audit Committee in executive summary format.• Collaborated with Verizon Business/Cybertrust to perform corporate enterprise risk assessments and assess effectiveness of security management program.• Maintained annual Corporate Security Policy and security procedures for nine corporate offices.

• Offered security test and evaluation (ST&E) support to Military Health Services (MHS) organizations.Initial tasks included creation and submission of multiple proposals and submission to GeneralServices Administration (GSA).• Provided long-term contract support to XCare.net. Developed a Health Insurance claims processing system in MS Visual Basic. Designed GUI interface to interact with Cobol/DB2 back-end and constructed data input screens in Visual Basic. Performed user-acceptance testing and implemented change control.

• Led an IV&V team effort for Colorado Lottery and Scientific Games International.• Performed supplier and information systems risk assessment for major banks and state lottery IT offices.• Certified electronic voting kiosks and systems for two states including network assessments.• Managed a team through full life cycle security activities that included requirements gathering, cost analysis, gap and risk planning, design, testing, implementation, training, and change control.• Implemented project controls and performed security audits and penetration testing.• Performed audits and exams in compliance with State and Federal standards including MUSL, FISMA, HIPAA