Oversee management and strategic planning for financial services IT environment including servers, workstations, customer and company data, cloud environments, applications, and networks to ensure that disparate business lines function efficiently. Serve as Information Security Officer, including creation of information securities policies, risk assessments, business impact analysis, business continuity plans, training, and coordination with financial regulators and internal auditors.• Leveraged Salesforce to create business process automation around financial payments. Module has sucessfully processed thousands of transactions valued in the billions of dollars in transactions, while improving customer experiences, reducing risk, ensuring process standardization, and providing management visibility • Utilized Azure Data Factory to automate API connectivity with banking services, Salesforce integration, and aggregation of data in Azure SQL managed instance • Improved and maintained rating with multiple state financial regulatory agencies• Successfully led company through pandemic-related IT issues transitioning from 50% employee remote capabilities to 100%, with no downtime, including rapid deployment of laptops, secure remote access, Microsoft Teams, security awareness training, and facilitating numerous business processes • Managed all IT aspects of multiple business acquisitions which increased revenues by over 50%, including data & Office365 instance migrations, employee onboarding, custom business application deployments, and creation of new business capabilities & processes• Deployed numerous efficiency & security enhancements including Bitlocker, Intune (Laptops and Mobile), MFA for remote VPN and all cloud services, Azure Key Vault, Power Automate, SharePoint, Nintex Docgen, Advanced Threat Protection, and Know-Be-4• Modernized network infrastructre with Meraki devices at 3 locations in13 months to provide single pane of glass visibility

As highest-ranking information security leader in a publicly held, 3,000-person, software development company, oversaw and managed the enterprise-wide Information Security and IT Governance, Risk & Compliance (GRC) functions. Managed global team with resources located in India, France, England, and the United States to coordinate security and operational policies, processes, and procedures across all locations. • Established Global Security office consisting of 7 functional leaders and 10 business information security owners with responsibility for enterprise-wide information security & IT governance, risk, and compliance• Created and chaired the Cyber Risk Committee which included leaders of all major business lines and addressed IT security risk and remediation, IT policies, and project prioritization• Evaluated, negotiated, and implemented ServiceNow ITSM, Project, and GRC suites to standardize and manage IT service requests, security, incidents, problems, changes, projects, demands, ideas, monitoring, events, knowledge, metrics, policies, controls, and compliance• Established Sarbanes-Oxley compliance practices, including documentation of controls, evidence collection procedures, and implementation of change management control in Salesforce• Implemented SaaS, IaaS, and PaaS cloud security policies and guidelines for IT operations and business production offerings utilizing Amazon Web Services (AWS), Microsoft Azure• Improved security posture through the implementation of Cylance PROTECT, Tenable Nessus, Check Point NGFW, CrowdStrike Falcon OverWatch, BitLocker Encryption, Quest Change Auditor, BitSight Security Rating

Managed all Information Security and IT Risk functions for one of the largest independent trust companies in the country, which also served as Technology Service Provider to over 40 financial institutions. Created, maintained, and ensured compliance with company-wide policies and standards for information security, risk management, data classification, physical security, business continuity, and vendor management. Oversaw the handing and communication of security incident responses, forensic investigations, disaster recovery exercises, and business continuity plan development and testing.• Ensured security of SaaS & ASP environments containing over 1.5 million financial accounts with private, personal information (NPPI, PHI, PII) and ensured compliance with federal (GLBA, HIPAA) and state breach notification regulations• Improved and maintained FFIEC regulatory rating through remediation of outstanding regulatory findings and coordination with US Government agencies• Established IT Steering Committee, reporting to the Board of Directors, with representation from the directors of all major business lines, as well as the CEO, CFO, and CRO• Worked with executive management and lines of business to developed enterprise-wide risk assessment processes and management portals, incorporating reporting dashboards, key performance indicators, and custom workflows • Implemented project management & requirement documentation processes which enabled progress tracking, status communication tools, management approvals, cost/benefit and risk analysis, and intra/inter-departmental prioritization• Improved security posture through the implementation of McAfee Data Protection & Encryption, Cisco ASA, Websense Web Filter, Qualys Vulnerability Management, Shavlik Patch Management , AirWatch MDM, SecureWorks IDS, Penetration Testing (various)

Oversaw all firm technology assessments including Sarbanes-Oxley, Internal Audit, SAS 70, IT Control Reviews for Financial Audits, PCI Compliance, HIPAA, and various consulting projects. Communicated directly with client senior management and firm partners in order to diplomatically convey IT risks and recommendations. Designed and implemented firm-wide IT Control methodology for technology assessments, including walkthrough procedures and testing plans. Served as Internal Auditor for public corporations in numerous industries, performing management’s control assessment and coordinating efforts with external auditors.

Inspected the information security, system development, incident response, disaster recovery, capacity planning, and computer operations of major financial institutions including: −New York Stock Exchange (NYSE)−National Association of Securities Dealers (NASD)−Chicago Board of Options Exchange (CBOE) −Depository Trust Clearing Corporation (DTCC) Designed, procured, and implemented Security Lab, including selection of servers, network devices, security hardware and software, and training program for team members. Created inspection work programs utilizing numerous control frameworks including COBIT, FFIEC, FISMA, and NIST.