Responsible for managing the cyber security, risk, and compliance function across Information Technology (IT) and Operational Technology (OT) for the entire organization.

Manage all aspects of information security strategy, governance, policies, standards, and programs. Lead security team in risk identification and management. Partner with business unit leaders to define security program objectives and execute initiatives to assess risks, monitor controls, and evolve IT security and risk management functions. Work with audit teams to resolve outstanding and emerging issues.

Piloted build-out of enterprise cloud security program from the ground up to enable innovation and fulfill “cloud first” mandate from Corporate CIO.Streamlined enterprise security landscape, provided visibility into security function, and centralized ownership of security technologies.Directed team of architects/analysts and vendor/consulting resources (Dell, Microsoft, others) in developing security infrastructure, strategy, programs, and processes. Mapped technology lifecycle requirements for ~300 technologies belonging to security domain, embraced innovative and emerging technologies to drive improvement, (including 2-year technology inventory, lifecycle, and roadmap). Staffed newly formed security architecture organization with high-performance, ISSAP- trained team. Captured 40% efficiency gains for security through use of security architecture review toolkit. Deployed state-of-the-art solution that transformed AD security posture, cut occurrence of critical system alerts by 25%, and reduced the number of highly privileged accounts by 80%. Saved $850,000 by streamlining licensing process for different versions of tools deployed at regional datacenters and office locations.Led workstream to establish security architecture strategy and blueprint for IaaS and SaaS (Amazon Web Services—AWS, Microsoft Office 365, and others).Produced new competitive advantage for business by improving speed-to-market for innovative solutions, reducing timeframe for application updates by ~65%, and lowering operating costs by 30%.Integrated security as vertical domain for Enterprise Architecture in cross-organizational initiative with aggressive timeline (120 days). Created 12-month plan for short- and long-term deliverables. Delivered clear governance practices, rules of engagement, and tools for secure deployment of any new solution. Enabled risk profile for new initiatives, including regulatory and audit compliance verification.

Trailblazer for build-out of enterprise cloud security strategy after identifying need for formal enterprise-wide security processes for adoption of cloud-based services. Supported expansion of finance analytics operations in China by leading comprehensive on-site security audit of existing Shanghai Analytics Center (SAC).Documented industry best practices and presented key strategy points at corporate cloud summit. Led security review of an SaaS solution that processed 400,000 general ledger reconciliations annually and delivered 25% efficiency improvements to Global Finance Division within 2 years. Documented security gaps (2 high-risk, 4 medium-risk, 5 low-risk) and piloted remediation project to address all issues within 180 days. Instilled confidence in senior leadership and facilitated final approval for analytics expansion plan that enabled cost-effective sourcing of talent in support of finance and actuarial divisions. Contributed $21 million cost savings in 3 years while providing high-quality analytics to AIG. Guided business units in rollout of new security capabilities and delivered IT risk and security functionality to Board and executive leadership. Captured 15% gain in process improvements over existing capabilities and saved ~200 staff-hours per business unit through collaborative rollout approach. Delivered foundation for creation of regional FCOEs in other localities worldwide with common utilities across all finance and accounting functions. Improved security posture 75%, leading to recognition as trusted security advisor and routine invitations to present security issues at senior leadership sessions. Streamlined shared security services and aligned Global Finance security program with enterprise security standards as part of comprehensive threat and vulnerability management program. Rapidly addressed internal audit finding, mitigating reputational damage risk, regulatory fines.

Tapped by CISO to lead security workstream for several critical corporate divestitures (US, Asia-Pacific, Europe) after financial crisis of 2008.Orchestrated security workstream for multiple business-critical deployments and project-manage several security initiatives. Ensured robust data security measures to protect AIG from heightened business, legal, and regulatory risks during divestment activities. Navigated organization through change and ensured full adoption of security processes during physical separation of divested business units. Implemented IT security model that enabled balanced risk management approach—protecting sensitive data while allowing necessary divestment activities. Managed security workstreams for migrations to Enterprise AD and to next-generation Exchange 2003/2007 messaging solution. Captured as much as 65% increase in operational efficiency and 85% improvement in security capabilities. Directed on-site security audit of 3 AIG offshore vendors/partners in India, ensuring secure services from business-critical technology vendors. Piloted $1.5 million launch of password vault solution, delivering robust controls for high-risk service accounts and resolving significant SOX audit issue.

Managed security projects for cross-functional teams, including enterprise architecture, software development, and systems management. Developed effective communication, project management, and project delivery processes. Single point of control for all security-related issues for Lucent enterprise servers.Led site engineering efforts for M&A projects supporting Lucent’s business expansion in EMEA and APAC region.Enhanced staff capacity in information security, introduced SOX-compliant policies, analyzed current security state, and recommended security solutions. Garnered accolades from Lucent stakeholders for proactive approach to maintaining security profile of enterprise servers. Convened multiple stakeholders to develop project plans for IT migrations and drove project management activities throughout integration lifecycle. Leveraged leadership strengths to navigate change and win confidence of diverse stakeholders to smooth M&A transitions. Supported IBM in meeting SLAs for timely transition of acquired assets into Lucent’s enterprise environment.

IT Consulting success at Merrill Lynch and JP Morgan Chase.