Lead organizations through the complexities of cyber governance and compliance. Assessing security postures, identifying vulnerabilities, and developing robust strategies to mitigate risks. I work closely with executive teams to align cybersecurity initiatives with business objectives, ensuring a seamless integration of security practices into the organizational framework.Key Support Areas• Cyber Governance: Establishing and maintaining a comprehensive cybersecurity governance framework that aligns with industry best practices and regulatory requirements.• Compliance Management: Ensuring adherence to key regulations such as GDPR, HIPAA, PCI DSS, and ISO 27001 through meticulous compliance readiness assessments and tailored action plans.• Risk Management: Conducting thorough risk assessments to identify potential threats and vulnerabilities, and implementing effective risk mitigation strategies.• Policy Development: Crafting and enforcing security policies and procedures that safeguard organizational data and systems.• Incident Response: Leading incident response planning and execution to swiftly address and recover from security breaches.• Security Training: Providing ongoing security awareness training to employees, fostering a culture of cybersecurity and due diligence within the organization.

AWS separation/re-organization, family and professional development.

• Provided executive leadership with strategic consulting on diverse cloud projects, ensuring alignment with organizational goals, industry standards and requirements.• Designed controls to maintain security/compliance with regulatory frameworks, NIST, FedRAMP, CSA, HIPAA, SOC2, SOX 404, PIPEDA, CCPA, PCI-DSS.• Performed comprehensive security assessments utilizing AWS Security Baselines, CIS Benchmarks, and CSA Cloud Controls Matrix (CCM).• Directed high-impact projects such as data migration, analytics integration, and data modeling, improving operational efficiency and scalability.• Spearheaded initiatives for continuous compliance with data privacy and legal teams, ensuring organizational readiness for audits and assessments.• Designed cyber governance frameworks for clients that included R.A.C.I. methodologies and matrices. This allowed for the formal assignment of roles and responsibilities.• Developed risk assessment methodology for large financial services company that mapped risks to AWS services/controls, regulatory requirements and owners.

• Managed SOC 2 Type 2 annual attestation and program, program managed annual attestation and reporting to demonstrate internal controls, processing integrity and consistency.• Project Manager of annual risk/control assessments aligned with ISO 27002:2013.• Served as data governance lead, establishing and maintaining a comprehensive data catalog while ensuring data accuracy, integrity, and consistency across enterprise datasets.• Provided (SME) guidance on PCI-DSS compliance and supported privacy initiatives, assessing alignment with CCPA/CPRA, GDPR, and other regulatory frameworks. • Redesigned client data governance framework, including classifications, dictionary, and catalog, to improve structure, usability, and compliance for a primary client.• Architected a SOC 2 controls monitoring program, enabling proactive identification of changes, control deficiencies, and process issues to enhance continuous compliance.• Assisted in the development of a comprehensive risk and incident response guidance for IRM teams, strengthening organizational resilience and response capabilities.

• Led the development and execution of a comprehensive Risk and PCI Compliance program, enhancing organizational security posture and regulatory adherence.• Established a governance and control framework that aligned requirements with controls and risks, ensuring seamless integration with organizational objectives.• Designed and implemented a dynamic risk register, effectively aligning it with compliance and IT security metrics to provide actionable insights for stakeholders.• Architected enterprise vulnerability management program (NIST CSF).• Led Rooms To Go to first PCI-DSS assessment & compliant SAQ/AOC.

• Spearheaded vulnerability control projects, developing "Corrective Action Plans" (CAPS). • Performed analysis on CAPS data, presented KRI’s for Global Information Security Risk meetings.

• Supported the development and implementation of a customized IT governance framework, enhancing alignment between business objectives, compliance, and risk management.• Collaborated with the SOC Team to develop and execute Information Risk Management (IRM) strategies, strengthening organizational resilience.• Designed and implemented the companies first PCI compliance program.• Partnered to align I.T. controls governance framework with ISO 27002:2013 standards.• Authored security architecture and PCI compliance strategy for a successful POS-POI project.• Successfully led BHN through its first PCI-DSS assessment & achieved a compliant ROC/AOC.• Led data discovery project to map out data locations, types, flow, status, access and owners.

• Directed PCI compliance program, implemented a compliance governance management structure incorporating three distinct tiers: "Assessment Management," "Continuous Monitoring," and "Control Risk & Deficiency Management," supporting continuous compliance.• Supported governance projects to align HITRUST Common Security Framework with existing HIPAA controls and requirements. • Co-managed (TVM) vulnerability scanning program, partnered with key stakeholders to develop remediation action plans. • Successfully led Humana through first PCI-DSS assessment & achieved a compliant ROC/AOC.

• Managed and designed HRC’s first PCI compliance program.• Provided technical oversight for internal audits and annual financial audits of IT controls, ensuring alignment with regulatory and organizational requirements.• Led the development of the organization’s first formal (GRC) framework, incorporating elements from ISO 27002 and NIST standards.• Facilitated coordination among various IT teams to support control initiatives and IT risk management projects, fostering collaboration and process improvement.• Successfully led HRC’s through its first PCI-DSS assessment & achieved a compliant ROC/AOC.

• Co-led the development and first PCI-DSS compliance program and assessment for TWD.• Performed as internal PCI lead, SME and project manager, coordinate efforts with external QSA. • Successfully co-led Walt Disney through its first PCI-DSS assessment & compliant ROC/AOC.

• Developed and aligned PCI-DSS compliance program with existing governance and controls frameworks.• Performed internal self PCI-DSS assessment and authrored SAQ-D.

• Led and developed the Sarbanes-Oxley (SOX) 404 compliance program, including the design, implementation of IT General Controls (ITGCs) and annual attestation.• Developed an enterprise IT governance framework based on ISO 27002and authored Management Information Systems (MIS) policies and procedures.• Updated/aligned risk/vulnerability control frameworks with I.T. governance framework.

• Manage I.T. security systems including anti-virus, internet proxies, firewalls, Active Directory security. • Performed SOX 404 readiness review with control deficiency mitigation strategies.

• I.T. server systems administrator (Linux, SunOS, Windows), anti-virus, and IDS management. • Security and risk management/assessments, for internal and external clients.

• Desktop/Network support engineer, cyber security subject material expert (SME).• Successfully lead customer support team for ISP network conversion of 300,000 @Home customers.• Constructed leading cable modem support and troubleshooting website.• Acting support team supervisor.• Employee of the month out of 300 support technicians.

• Support SunOS 2x/Solaris, Redhat Linux, MS Exchange/Active Directory (IAM) and end point anti-virus.

Positions & Roles· Intelligence Communications Specialist· Damage Control (Firefighter)· Boatswain Mate Apprentice Acknowledgements · National Defense and Sea Service Medal (Persian Gulf, Operation Desert Storm)· Southwest Asia Medal (w/ Campaign Star, Operation Desert Storm)· Letter of recommendation (Red Sea, Operation Desert Storm)· Sea Service Ribbon (Mediterranean NATO Joint Operations)