As Senior Director of a versatile cyber security function, I excel in crafting and implementing strategic GRC frameworks, ensuring regulatory compliance, performing risk assessments, and mitigating organizational risks. My responsibilities encompassed a spectrum of crucial areas including security policy management, third-party risk, compliance assessment, security awareness, privacy, as well as Identity and Access Management programs.I held a pivotal role in developing, implementing, and overseeing cybersecurity policies and non-compliance management. Leading my team, I focused on policy development and maintenance, ensuring that the organization's information systems and data adhered to security standards and regulations. The policy framework included adherence to ISO / IEC 27002:2013 and NIST 800-53 controls, along with GDPR, CPRA, and PCI-DSS requirements.Innovation is a hallmark of my leadership. I successfully designed and implemented an enhanced security exception management process, streamlining the processing of exceptions in a more efficient and risk-based manner. Additionally, I spearheaded the creation of program dashboards, delivering insightful third-party risk program Key Risk Indicator (KRI) and Key Performance Indicator (KPI) reports for C-level leadership, facilitating well-informed decision-making.One of my notable achievements includes the development of an award-winning desktop and mobile-based security awareness gamification tool. This innovative tool not only promotes cybersecurity best practices but does so through engaging and enjoyable gameplay, fostering a culture of cybersecurity awareness within the organization.Speaking Engagements:Cybersecurity and Intelligence Conference – Cyber Safety Presentation - October 2018, PhiladelphiaFuture of Third Party Risk Management – Panel - October 2018, NYCCybersecurity Summit – Cybersecurity Awareness Presentation - September 2017, Charlotte NC

Guided a cross-functional team in the execution of cybersecurity initiatives, overseeing the management of vulnerabilities to fortify critical systems and safeguard data. Key areas of responsibility included PCI and SOX compliance, threat and vulnerability management, penetration testing, static code analysis, and vulnerability assessment.Pioneered a comprehensive vulnerability management program, resulting in an impressive 40% reduction in critical vulnerabilities within the initial year. Collaborated seamlessly with IT and security teams to prioritize and remediate vulnerabilities, contributing to a notable 20% decrease in Comcast's overall cybersecurity risk.Championed the integration of security practices into the development lifecycle, fostering a secure-by-design approach. This proactive measure ensured that security considerations were ingrained from the outset.Strategically identified and addressed key gaps and risk indicators, leveraging meaningful risk metric Key Risk Indicators (KRIs), thereby enabling substantial risk reduction across the environment.

Implemented advanced remediation processes and introduced dashboard reporting, resulting in a streamlined identification and prompt resolution of vulnerabilities. This proactive initiative achieved a significant 25% reduction in critical and high-risk issues across network, database, and application services. Orchestrated second-line defense initiatives through collaboration with Consumer business units, negotiating and driving the remediation of residual issues arising from application and database baseline deployments, SIEM program rollouts, and firewall rule recertification programs.Engaged with regulators and senior executives to communicate risk management strategies and ensure compliance with industry frameworks. Orchestrated a project focused on implementing enterprise-level data protection filtering and remediation controls for Consumer businesses, effectively thwarting unauthorized data exfiltration and leakage.

Led the implementation of crucial infrastructure security controls, encompassing Network and Host Intrusion Detection Systems, State Monitoring, Vulnerability Assessment, Data Loss Prevention, and Log Management. This proactive initiative played a pivotal role in significantly enhancing the overall risk posture of the environment.Guided the development and supervision of an enhanced risk framework for conducting global perimeter network risk assessments. This effort yielded a noteworthy decrease in the time needed to process firewall rule requests and concurrently led to a reduction in network incidents.

Responsible for managing the design, implementation, and 24 X 7 operations of the First USA global perimeter security network infrastructure. Area of focus included firewall and network intrusion detection design, deployment and operations support.

Network Services Manager responsible for leading a team in performing the architecture/design, capacity planning, and support of First USA Bank’s global network infrastructure.