Providing technical and programmatic IT Risk Management services through contracting with clients to assist in achieving of their roadmap priorities. Broad vCISO role responsibilities include the development of Governance, Risk and Compliance (GRC) programs and the performance of risk assessment activities across cybersecurity, audit and data privacy disciplines.

Bridging Tenants, LLC is a premier investor of residential real estate, located in Minneapolis, MN. Our distinguished services include: residential property investing, renovations and remodeling, and full-service property management.

Supported the integration efforts of Clearwater's acquired cybersecurity companies and managed the delivery of cybersecurity consulting services to numerous clients across the Healthcare sector. Directly responsible for client management and the execution of cybersecurity consulting engagements that included the development of internal risk management programs and building of sustainable processes to reduce risks to sensitive data and ensure compliance.

Co-founder of Backbone Consultants, a premier professional services firm specializing in cybersecurity, IT audit, and data privacy. Primary responsibilities included: business operations, services development, sales pipeline generation, consulting delivery, team member development, and customer outreach.Clients Included: Medtronic, Cargill, United Health Group, Best Buy, Bremer Bank, SPS Commerce, University of California - Office of the President (UCOP), Patterson, Two Harbors, Pohlad Companies, Woolworths, and Behavioral Health Works.Service Delivery Included: Data Privacy Compliance (GDPR, CCPA), Privacy Impact Assessments, Records of Processing Activity, Data Subject Rights Requests, Project Management, Third Party Risk Assessments, Vendor Onboarding, Security Risk Assessments, Governance Risk & Controls (GRC), Internal Controls Framework Adoption (ISO, NIST, CMMC, CJIS, CSA, HITRUST), Risk Remediation, Risk Escalation & Acceptance, Metrics & Reporting, Technology Inventory Management, Dataflow & Mapping

Responsible for ushering in and promoting ISACA's initiatives related to Cybersecurity Nexus (CSX) education and certification paths.

As an Information Protection Security Consultant it was my role to actively assist Target's various business lines in the secure onboarding of emerging technologies that would drive competitiveness. This position played an important role in the identification and prevention or reduction of technical security and reputation risks introduced by new vendor solutions or internal systems changes. My primary role responsibilities included:• Provided various security requirements and implemented supporting controls to negate potential security and privacy risks prior to the introduction of new technologies and or processes; Created and delivered formal risk reports, metrics and tracked risks for subsequent remediation activities in the Archer GRC platform.• Provided business line leaders with various remediation recommendations to mitigate risk either through the introduction of additional security measures or through the modification of business process; and if unable, would supported the business in their risk exception or acceptance pursuits.• Supported the response to a company-wide data breach by performing remediation activities including the security review of point of sales systems and implementation of an application whitelisting solution to tightly manage programs allowed to run on these systems.

As an Information Security Specialist Sr. my role at U.S. Bank included the implementation of a new corporate-wide identity and access management IAM/IDM platform (Oracle). My role in this initiative was to redevelop systems access provisioning and maintenance for all company employees. Specifically, my responsibilities included the following:• Performed ongoing quality assurance reviews to ensure the accuracy of role-based access control (RBAC) provisioning.• Compiled the initial population of high-risk applications to be onboarded to the new user provisioning platform, brought new applications into scope quarterly based upon critical assurances: SOX, GLBA, PCI and BASEL.• Facilitated the first company-wide user access review process for established application RBAC assignments and assisted in the remediation of unauthorized user access across various technologies.• Identified segregation of duties conflicts and evaluated existing controls and proposed new ways to further mitigate risks to the business.• Managed a 12 person user testing group to analyze the functionality of the new provisioning platform by evaluating test case results, documented and reported defects and functionality flaws to program leaders.

As a Sr. Information Risk Analyst, it was my role to conduct detailed ITGCC walkthroughs and security testing for various technology environments across multiple lines of business at U.S. Bank. My primary role responsibilities included:• Tracked control gap analysis and delivered recommendations to the business line in order to remediate any identified security and compliance risks within the Archer GRC platform.• Documented business processes surrounding access management and the processing of customer sensitive information (PII). • Established metrics for monthly business reporting in order to perform trend analysis for strategic decision-making associated with risk remediation efforts.

As an Experienced IT Auditor, my role consisted of completing detailed information technology audits for various technology platforms across multiple lines of business at U.S. Bank. Additional audit testing included SOX testing and review of the effectiveness of ITGCC controls. My functional responsibilities included:• Executed detailed audit plans for critical IT systems and business processes in support of SOX, SOC1 / SOC2 and PCI compliance audits; captured results within the TeamMate audit platform.• Independently executed technology audits for critical infrastructure, performed client follow-up and drafted formal engagement reports to communicate the results of testing internal control designs and operating effectiveness.

As an Enterprise Risk Services Consultant, it was my primary role to complete independent audits for SOX/ITGCC, SAS70, and Special Purpose audits. My daily job responsibilities included:• Established an in-depth understand of the processes surrounding key business functions by conducting detailed interviews with process owners.• Performed detailed tests of general computing control environment (ITGCC) to determine adequacy of control design and the operating effectiveness of client controls.