Building a cybersecurity and compliance practice for a top 100 Managed Service Provider (MSP) specializing in the small to medium sized business market. Heavily focused on Microsoft Azure and Microsoft 365 environments.• Setting the go-to-market strategy for the cybersecurity offerings.• Managing a cross functional/matrixed organization.• Designing and executing on the following service offerings: • Cyber risk assessments • Cyber insurance advisory services • Vendor risk management • Incident response plans • Business Continuity/Disaster Recovery (BC/DR) • Vulnerability management • Penetration testing • Microsoft tenant and endpoint hardening • SIEM (Artic Wolf, Sophos) • Managed Detection and Response (MDR) • 24x7 SOC services • Security awareness and phishing simulations • Cyber advisory services, including compliance and risk management• Accountable for SOC1 and SOC2 type 2 attestation efforts.• Continuous enhancement of the internal cyber security posture of the organization.• Thought leadership through marketing material and public speaking engagements.

Built a world class GRC program inclusive of Compliance Management, Risk Management, Vendor Risk Management, Metrics, and Security Awareness. Oversaw a team of 5 security professionals.• Managed multiple compliance initiatives simultaneously (SOX, SOC2, HIPAA, and PCI).• Implemented new governance, risk, and compliance tool (ZenGRC).• Redesigned multiple internal programs including risk management and vendor management.• Built security awareness program which included monthly newsletters, a security awareness landing page with FAQ’s, yearly computer based training and phishing exercises. • Established metrics and developed dashboarding capabilities for communicating to executives and the larger company through the definition of KRI/KPI’s. • Developed cross departmental processes for vendor security reviews following “SIG” guidelines and built and enterprise security exception process for risk tracking.• Defined departmental strategy for security operations, cloud security, application security, GRC and IAM.

Led the Security Strategy, Governance Risk and Compliance organization with responsibility of Security Governance, Security Risk, HITRUST and SOC2 Compliance, Security Awareness, Third-Party Risk, and Identity and Access Management functions. Oversaw team of 4 security professionals.• Enhanced the compliance management function for greater efficiency.• Redesigned existing vendor management process to include additional structure and better communication between security, procurement, and legal departments.• Modified existing leadership and team structures within the department allowing for streamlined internal and external communication.

Led the Global IT Security Governance Risk and Compliance organization with responsibility for Security Governance, IT Risk, PCI Compliance, Security Awareness, Cloud Security Governance, Third-Party Risk, and Identity and Access Management functions, and involvement in Vulnerability Management, Incident Response, Security Architecture and Global IT Security Strategy. Oversaw a team of 4 security professionals.• Drove the creation of a third-party security assessment program that integrated legal and procurement processes, providing business with visibility into information security risks it carries.• Led the development of AEO’s Information Security risk strategy and an implementation plan based on a comprehensive assessment of risks to the enterprise. • Created SLAs, metrics, and baselines to measure overall effectiveness of the information risk program. • Implemented a global security awareness program for employees and contractors, including specialized training for users who access PCI data, OWASP top ten training for application developers, and quarterly phishing exercises.• Staffed and operationalized 24/7 support for AEO’s privileged access management system.• Led the Information Security Cloud Governance Program for all AEO Cloud Environments (AWS, GCP, and Oracle Cloud).• Redesigned AEO’s PCI compliance program and reduced overall audit time by 60% and significantly reduced the impact of compliance activities on daily operations.• Implemented LockPath’s (NAVEX) KeyLight GRC solution for increased efficiencies in the third-party risk, IT risk and PCI compliance programs.• Supported a diverse portfolio of projects which required specific security architecture based on the risk profile of the business process and infrastructure design.

Manager in the Information Security department with primary responsibility for Compliance Management, Risk Management, Application Security Management, Identity and Access Management, Vendor Risk Management, Information Security Culture and Communication, and departmental dashboarding and reporting. Led a staff of 15+ professionals and managed a budget over $3M.• Led the implementation of the HITRUST Common Security Framework for the enterprise, reducing overall audit costs to the organization and impact on daily operations.• Led enterprise SOC 1 and SOC 2, MAR compliance, HIPAA/HITECH, and PCI-DSS compliance initiatives.• Adopted, implemented, and operated a governance, risk, and compliance (GRC) tool, RiskVision.• Directed the logical access reviews of over 100 enterprise applications.• Designed and managed an enterprise risk register, increasing leadership’s ability to manage Cyber risk.• Developed and implemented the application security program, improving the security of in-house developed applications.• Created and implemented the information security communication program, raising overall enterprise security consciousness.• Developed and implemented information security metrics and dashboarding, providing executive leadership additional visibility into the enterprise security program.• Redesigned Identity and Access Management Program to correct ineffective, manual processes. • Oversaw the Threat and Vulnerability Management program.

Acted as program manager in the Information Security department with primary responsibility for revising and improving Highmark’s compliance program.• Designed and implemented a new access review process across 100+ disparate applications for the purposes of SOC 1 and SOX/MAR compliance• Built, trained, and managed a team of 8 analysts to address major deficiencies in Highmark’s logical access process which led to a qualified opinion in their SOC1 type 2 report.• Met weekly with the executive leadership team to report progress and overall compliance activities.• Coordinated and facilitated activities across the enterprise, resulting in a “clean” opinion in the subsequent SOC1 attestation.• Increased efficiencies in the logical access review process and forming the basis for future automation; and was ultimately promoted to IT Security manager to further refine security and compliance efforts.

Led the IT program management team for the Finance department with primary responsibility for managing all IT related projects within the department.• Led Highmark's Medical Loss Ratio (MLR) efforts, with the completed project saving the company over $20 million of disbursement.• led the Shared Services Finance program.• Migrated two large subsidiary companies onto Highmark's finance systems.• Assisted the newly formed Highmark Provider Division with developing their managed services office, implementing Salesforce.com, and developing their electronic medical records offering.

Led the IT program management team in the Business Innovations department with primary responsibility for managing all IT related projects within the department.• Implemented of the Health Center at Hand in both the Pittsburgh and Camp Hill locations• Assisted with the development of the “Consumerism” business case financial modeling tool• Provided additional consulting services in the areas of project implementation, IT and business strategy.

Served as a manager within the TSRS practice with primary responsibility for building knowledge capital, training seniors and consultants, management, execution, and financial management of technology-risk projects.• Managed large teams on ERP (Oracle and SAP) control optimization, IT effectiveness, IT strategy, IT security and segregation of duties (SOD) projects.• Successfully sold and implemented multiple $1M+ projects.• Provided risk and technology guidance to senior leadership at multiple organizations across manufacturing, banking, healthcare, pharmaceutical and insurance industries.

At Waldron Wealth Management, I was in charge of the IT systems and network (Windows 2000 Active Directory). My duties also included managing the clients financial database, document scanning technology, web conferencing, email and desktop and sever support.I also performed financial portfolio analysis by developing and running Monte Carlo simulations of our clients investment portfolios. The goal of this analysis was to maximize return and reduce the risk of the clients portfolio, leveraging the Markowitz theory of portfolio diversification.

Performed Monthly ReconciliationsClaims Forcasting SupportMonth-End/Year-End Close ProcessAssistance with Year End Financials