- Design and develop comprehensive third party risk management (TPRM) programs consisting of policies and procedures, governance and operating models, inherent risk, supplier due diligence, residual risk models, KPIs/KRIs, issue management, and training.- Lead stakeholder workshops and walkthroughs, combining TPRM/cyber and industry leading practices (across TMT, Pharma, Healthcare, and Aerospace & Defense) to design programs for Fortune 100 companies. - Develop functional requirements and user stories for TPRM and procurement technology solutions to automate, streamline, and standardize cyber supply chain risk management activities.- Leverage visualization and automation technologies to provide clients with valuable insights into their program maturity, active projects, supplier inventories, and risk landscapes.- Manage cyber, supply chain, and compliance program maturation projects to increase risk identification, measurement, and management capabilities for a Fortune 100 company.

- Assessed a Fortune 100 company’s TPRM program maturity against NIST 800-161 and industry leading practices, leading to the development of tailored recommendations as part of a three-year strategic roadmap.- Simplified supplier intake and due diligence processes between previously-siloed cyber, compliance, privacy, and other due diligence functions at a Fortune 100 company to eliminate redundant processes, increase operational efficiency, and increase risk oversight.

- Developed and managed national office and affiliate vendor risk management programs to improve organizational and security program metrics, managing risk related to HIPAA/HITECH and PCI-DSS.- Coordinated risk assessments of national EMR, volunteer management, Telehealth, and IT MSP vendors and led risk mitigation efforts related to these vendors.- Acted as a liaison between information security and the Office of the General Counsel on vendor-requested redlines, advising on risk mitigating contract language.- Wrote and presented security awareness materials at all-staff events, educating personnel on current threats, possible risks, and security resources available to them and their projects.

- Managed deployment and customization of Salesforce solution to mature service delivery methodology and identify risk trends while under budget by 28%.- Assessed and instituted solutions for vendor risk management programs to improve past procedures and better identify risks to the organization’s technology and data.