Reporting to the Head of Global Product Security, in this role I build out Risk, Compliance and Governance strategies for a global manufacturer of medical devices. This includes working closely with regulatory, privacy and quality assurance colleagues to ensure the cybersecurity of our products.

In this role I am advising boards and organizations on risk, building programs, assessing security controls, designing and implementing mitigating and compensating controls. Using known frameworks such as NIST CSF, MIST RMF, ISO 27001/27002, PCI, SOC 2, AAMI, FDA pre-market and post-market guidance and others, I am driving better risk control within the organization, reducing costs and creating process efficiencies.

Management Information SystemsBusiness Data Communications and Information SecuritySocial Media for Business

Reporting to the Chief Product Security Officer, I am leading a team of 12 FTE and contractors, responsible to ensure that the medical devices that monitor glucose levels are built with a security by design mindset and process framework. Focusing on pre-market design and development and post market surveillance, I am building out stronger capabilities for Security Architecture, Threat Modeling, Pen Testing, Application Development Security, SOC, SDLC, & Product Security Training. I support the infrastructure for R&D including cloud security, WAF, and secure container, VM, and image management.

My efforts have centered on leading a 26-person global team in initiating IoT and connected device security for products and software worldwide. I maintain collaborative relations with the FDA and established a program for security research via partnerships with industry researchers and teams. To support continuity, I introduced a standard evaluation framework for global compliance and regulatory requirements. Over four years, I’ve delivered millions in savings by moving away from the penetration testing market and building an internal testing team and methodology. I’m proud to have managed a successful centralized DevOps transformation for software development teams resulting in over 3,300 developers earning security compliance. I’ve also managed offshore resources for application development of custom toolsets which centralized the product knowledge base from 22 divisional units into the sole centralized repository of product security information globally.In maintaining our upward trajectory, I’ve achieved a greater than 50% reduction in attack surface and other security by design goals and fostered multi-business unit collaboration by integrating security practices into seven major product development processes and methods. I’ve also prioritized the preservation of our global bench strength and skillsets by nurturing 20 team members and improving diversity in hiring, resulting in less than 10% team turnover a year.Less intriguing, yet still important, is that I have maintained 100% compliance for clinical health using frameworks such as AAMI, FDA pre- and post-market guidance, and UL-2900. I managed a multi-million-dollar budget and reported to the senior director of strategic technology operations.

In this role I oversaw information security consultancy and advisory services for clients through a team of seven. Success required diligent assessment of security maturity and routine root cause and business impact analysis of major business processes. Some of my contributions include originating positive ROI use cases for security and IT programs as well as constructing compliance controls for frameworks such as ISO, SOC2, NIST, GDPR, GLBA, HIPAA, and PCI. Additional priorities included supporting pre-sales and post-sales processes, serving as the security subject matter expert for customer interactions, and functioning as virtual CISO for clients without a security head, overseeing budgets, planning, and executing security programs.Across my short time here I accomplished a 25% reduction in corporate risks, attained a 20% improvement in compliance, and delivered hundreds of thousands in new client business. If you’re interested in knowing how I delivered these impacts I’d be happy to have a conversation. Most notably, I coached over 10 Fortune Global 500 executives on security strategy and direction and developed junior employees throughout tenure by exposing them to strategic design concepts, tools, and techniques. I reported to the vice president of strategic services.

My efforts concentrated on assisting Fortune 50 organizations with developing a security strategy. I presented solutions to c-suite executives and earned recognition for my tech-to-business translations of proposed strategies. Other aspects of this role included conducting security maturity evaluations, risk and gap analyses, and ROI assessments. I reported to the director of strategic services. During my tenure here I was able to successfully target a 25% risk decrease, drive a valuable surge in risk awareness by conceiving and executing strategy roadmaps, and enjoyed recognition by a key customer for identifying many disparate processes and making recommendations allowing them to create better business agility and efficiency.

As Chief Information Security Officer for North America, I supported enterprise-wide governance, risk, and compliance (GRC). I even had the opportunity to lead a team of 25 in executing an information security program for the US and Canada. To accomplish this, I conducted root cause and business impact analyses and leveraged the findings to engineer business continuity strategies and plans. I reported to the chief information officer. I was ecstatic to have cultivated 97% satisfaction and a 70% drop in user-based security incidents by promoting security awareness through roadshows, ongoing awareness programming, and regular contact with stakeholders. I also generated up to 70% SLA compliance, obtained a 35% decline in risk by creating and spearheading enterprise risk management strategies, and prevented millions in costs by collaborating with general counsel on internal fraud issues and creating a fraud program to train the finance team in responding to fraud issues.I was conscientious about staying up to date with best practices to deliver the best possible outcomes and I participated in the global council of CISO with the express purpose of aligning policy and risk actions across all regions, creating efficiencies, and setting efficient budgets.Also of note are my contributions to compliance and efficiency with regard to quarterly, semi-annual, and annual internal auditing processes as I worked directly with auditors before, during, and after the audit process to standardize the audit package.

Here I led the service and security team of 25 dispersed between two countries. My teams were accountable for delivering field operations support in multiple languages across North America for network infrastructure and 1st and 2nd level resolution for desktop and client/server issues, security breaches, network interruption, telco circuit interruption, and hardware/software. One project of note involved the management, execution, and deployment of a year-long, multi-million-dollar desktop refresh project throughout all of North America by drafting the project plans, working with vendors, and managing deployment teams. AS PM I achieved project success via the on-time and on-budget delivery of all objectives.During my time here I also delivered a 30% decrease in wait times and a 15% boost in satisfaction after standing-up a service queue and response program for critical issues and VIPs by creating a specialized skills team. Relatedly, I developed a self-service module within service management tools that resulted in significantly higher and faster request fulfillment.

My priorities here spanned managing space, cabling power, HVAC, and fire control for all North American corporate data centers and computer rooms within a heterogeneous computing landscape, servicing clients in 70+ countries across five continents. I administered on and offsite data backups, SAN storage, rack, cable, and deployed and configured OS distributions for new equipment in addition to monitoring equipment and services and maintaining all environments (physical and logical) using HP OpenView via a staff of three. I reported to the COO.Other routine and big picture accountabilities spanned managing vendors for power, fire control, HVAC, environmental monitoring systems, and server technology support while ensuring current contract fulfillment and on-schedule maintenance performance. I welcomed the opportunity to participate in annual business continuity exercises and created processes and policies based on Swiss ICS compliance controls, resulting in 100% compliance.I was proud to deliver 30% faster response times and improved monitoring capabilities by configuring alerts for monitoring systems failures and repairing the existing failed system. This position had a lot of moving pieces, but I like to think I handled them (mostly) with grace.

I enjoyed this opportunity to spearhead service desk management and operations via a team of six. Together we maintained image footprint, installation, and deployment for over 450 desktops in addition to resolving all desktop issues, including custom application support. A few notable initiatives include the introduction of role-based security for core applications and network shares, the migration of legacy systems to a new security model, and the implementation and administration of the Remedy 6.2 ticket system. A few of my contributions during this time include streamlining customer service support systems to provide 40% faster speed of service and resolution of customer issues and the design and implementation of a secure password methodology for core ERP systems migration effort resulting in stronger security and compliance with auditing policies. I reported to the director of operations.

Reporting to the VP of IT services, I managed a cross-functional support organization with 125 employees across six departments, including customer support, operations, IT application development, and data analysis. I planned and executed millions in CapEx and OpEx budgets with other special projects and accountabilities including recommending and following up with solutions to non-standard support procedures, and creating critical, internally supportable, low-cost IT infrastructure to sustain customer business requirements. I worked on behalf of clients, interfacing with internal business segments and handling high-profile customer escalations 24/7 in real-time and supported Fortune 500 customers by providing tier 1, tier 2, and tier 3 support for reported service issues; I produced relevant metrics and reports for leadership. I frequently conferred with my team in developing and establishing support structures for new product rollouts and transitions in post-sales support. Together, we created an advanced support model and team to do in-depth root cause analysis for high-profile customers, an initiative that ultimately delivered 10% higher customer satisfaction scores. All in all, we were acknowledged for driving 10% growth.

Network operations / line management / manage teams