♦ Lead large team responsible for designing and delivering a World Class, leading edge 100% cloud based (Microsoft Azure) ecommerce system for high speed dynamic transactions.♦ Invented and filed two US Patents for Cloud Security Frameworks and Cloud Security Threat Intelligence♦ Lead large teams for Accenture’s top clients and set strategic direction for Retail & Payment Security offerings.♦ Successfully lead large Information Security team & efforts related to divestiture of $24B Bank & Credit Card Issuer, which included discovery, planning & analysis of existing environments as well as design & integration of new standalone publicly traded entity.♦ Effectively sold and delivered multi-million dollar engagement to assess and revitalize Payment Processors with PCI DSS 3.0 requirements, IT operational components, software development modernization and additional security enhancements.♦ Lead efforts on several RFP’s relating to information security managed service and compliance offerings.

CISO level role responsible for Information Security and Compliance teams at a large ACH & payment card processor with multiple subsidiaries & global presence. Subsidiaries include: iATS Payments, Govolution, GoEmerchant, Certified Payment Processing “CPP”, Elliot Management Group “EMG”, TransTech Metchant Group “TMG-360”, Summit Merchant Solutions “SMS-360”, CeresNational, 1stPayGateway. Current specific duties & selected accomplishments: ♦ Oversee all aspects of strategic planning including goals, metrics, budgeting & organizational objectives.♦ Create & deliver successful Information Security and Compliance program that includes 3-5 year roadmap, various technology implementations, risk management, governance & business continuity.♦ Establish and maintain comprehensive audits for adherence to PCI DSS, PA DSS, SSAE16, NIST, ITIL and various other industry standards. Includes four separate PCI DSS compliance audits annually.♦ Develop, implement and monitor enterprise security policies & procedures as they relate to the parent organization as well as subsidiaries.♦ Responsible for internal and external relationship management with various business leaders, the Board of Directors & vendors of all organizations.♦ Maintain daily security operations of the organization.♦ Wrote the business plan for Executive Management to launch a new mobile (M+Terminal) & tablet (1stPayPOS) P2PE payment platform which included researching competitors, creating map of competitive advantages & identifying barriers to entry.♦ Lead technology efforts to design and integrate mobile P2PE payments platform. This included researching mobile swipe readers from ID TECH, MagTek, FutureX and others. Gateway integration, encryption at the swipe, key injection, audit considerations and HSM decryption were all part of the scope.♦ Completed over 90 specific projects in the first 12 months of service all of which were within budget thresholds.

Lead development, implementation, and management of robust security infrastructure and services handling trillions of dollars in transactions annually. Serve as key liaison with executives, managers, and end-users, as well as representatives from various government agencies, including the Department of the Treasury branches and Federal Reserve System employees. Selected Accomplishments:♦ Initiated and led system-wide information security self-assessment to determine maturity level following Gartner research recommendations.♦ Responsible for compliance and information security of National Critical Infrastructure applications such as Debit Gateway, Pay,Gov, various IRS applications, various ACH & Funds Transfer applications and other Governmental payment applications.♦ Assisted with security & compliance design of integrated Social Security System fraud checks & balance applications for the U.S. Government.♦ Established and launched long-term strategy to increase Capability Maturity Model (CMM) level to meet industry standards, best practices, and corporate vision / objectives.♦ Facilitated and supported federal government audits, Attorney General audits, Treasury and Financial Management Service Audits, PCI Level 1 audits, National Critical Infrastructure audits, Government Accountability Office audits, SA&A Certification & Accreditation audits, and internal audits.♦ Cultivated excellent professional relationships with Federal Reserve and Department of the Treasury personnel to drive expansion and improvement of security model and ensured alignment with NIST, PCI, OWASP, ITIL, and ISO 27001 / 27002 industry standards.♦ Managed team in developing technical requirements / design baselines, program execution plans, technical risk assessments, scope / configuration management, schedules, and budgets.

Led business operations, client relations, contracting, cost control, and strategic planning for start-up information security provider. Established strategic partnerships with professional organizations and companies to increase client base and strengthen brand. Designed and implemented client-specific security policies, procedures, and awareness programs; managed numerous compliance projects; directed security administration and evaluations. Handled all aspects of technology including, planning, implementation, support, information security, daily operations, technology audits and reporting to Board of Directors and executives management. Selected Engagements & Accomplishments:♦ Recruited and mentored top-performing, global team of 13 consultants, grew revenue to $800K, and maintained 53% profit margin within first eight months.♦ Negotiated and closed joint venture deals with accounting firms to perform Information Technology Audit and Security aspects of audit engagements.♦ Ensured compliance with PCI DSS, PA-DSS, SOX, OIC, OCR, HIPAA, HITECH, ITIL and ISO 27001/27002 requirements; identified and resolved gaps, implemented IT controls, assisted with remediation efforts and developed comprehensive plans to meet all governance requirements.♦ Collaborated with OCC to audit Pier 1 Imports Bank.♦ Managed flawless migration of $200M datacenter from Ashburn, VA to Plano, TX for a Fortune 500 financial company; oversaw security at Plano and assisted with security at Richmond, VA location.♦ Implemented effective strategy to increase marketing penetration for data networking services; negotiated numerous contracts valued at $2.2M annually ($16M+ over the life of the contract) ♦ Key clients included Lockheed Martin, PEMCO Mutual Insurance Company, PEMCO Technologies, McAfee, Mouser Electronics, Pier 1 Imports, Boeing, Lennox International, Ernst & Young, and Thermo Electron.

Consulted with diverse clients to devise, introduce, and deploy extensive Vulnerability Management Program meeting Payment Card Industry Data Security Standards (PCI DSS). Leveraged expertise to architect proven strategies to improve security operations with an emphasis on surpassing PCI DSS benchmarks. Acted as central point-of-contact for quarterly scans, remediation efforts, project support, and systems analysis. Managed and coordinated support for annual PCI audits. Selected Accomplishments:♦ Drove measurable improvements to vulnerability scanning and technical environment reporting.♦ Conducted enterprise-wide vulnerability scans and oversaw remediation process through implementation of patches and correction of configuration issues across multiple platforms.♦ Defined security baselines for individual system usage requirements and led development and documentation of corporate security standards.♦ Instrumental in assisting global corporation to achieve compliance to highly complex security standards, including PCI DSS, ITIL, and SOX.♦ Benchmarked several Information Security programs against ISO 27002, HIPAA, PCI, Sarbanes-Oxley and NIST industry standards to determine and remediate gaps.

Recruited to develop Information Security, Risk Management, and Corporate Compliance programs for PEMCO and subsidiaries. Partnered with executive management to lead strategic planning for innovative fully compliant security programs and policies. Managed team in all aspects of program / policy development, maintenance, training, and enforcement; directed response to security and fraud investigations. Created audit plans and internal controls to meet SAS-70 Type II and PCI Level 1 Payment Gateway audit requirements. Worked closely with Visa & MasterCard to adhere to various standards for custom Fraud Management systems along with PEMCO Technologies’ Issuing Bank policies / procedures. Ensured robust application security across all environments, including credit card payment systems and mainframes. Prepared regular reports on Risk Management and Compliance Program. Selected Accomplishments:♦ Instrumental in evaluating & recommending various virtualization, cloud computing, secure data center and cutting edge technologies with quick ROI and low total cost of ownership.♦ Championed transition from reactive to advanced proactive approach to Information Security program.♦ Designed and launched world-class enterprise Vulnerability Management Program for PEMCO and PEMCO Mutual Insurance Company.♦ Delivered 60+ Information Security and Compliance projects on time and under budget under an aggressive one-year timeframe.♦ Completely prepared infrastructure, compliance and security of PEMCO technologies for acquisition.♦ Worked actively with the Executive Management team to meet with several prospective buyers & ultimately sold PEMCO Technologies to Jack Henry & Associates.