In this role, I report directly to the CISO and VP of Information Security. My role involves overseeing a dedicated core team of security engineers, while also coordinating with external security operations center services. I am responsible for facilitating regular strategic updates with the CIO and senior management, where I highlight project progress and address urgent cybersecurity concerns. My leadership is defined by a proactive approach in steering our security strategies to align with organizational goals and safeguarding critical information assets.My technical expertise is showcased through the successful integration of the Information Systems Management System (ISMS), employing key frameworks such as ISO 27001, SOC 2 Type II, and NIST CSF, which are essential for maintaining industry certifications. I spearheaded the BeyondTrust Endpoint Privilege Management project, enhancing security across 8,000 employee workstations by eliminating unsafe applications and optimizing software usage, significantly cutting costs. Additionally, I led the implementation of a comprehensive Rapid7 Vulnerability Management program, which involved developing crucial monitoring tools like dashboards, metrics, and KPIs, thus establishing a robust security infrastructure. My strategic initiatives and hands-on leadership have been pivotal in meeting the high standards expected by our CISO and executive management, further solidifying our company’s stance as a leader in information security.

During this tenure, I directed the implementation of the Information Systems Management System (ISMS), revolutionizing our security infrastructure through the strategic application of the ISO 27001 Framework and NIST CSF. My responsibilities included orchestrating annual engagements with IT security compliance firms to conduct ISO 27001 Risk Assessments, a pivotal element in ensuring our ongoing compliance and certification maintenance. I also led efforts to swiftly identify and remediate security vulnerabilities, while maintaining rigorous standards through continuous Vulnerability and Penetration Testing processes.Upon assuming leadership, I immediately strengthened our security posture by formulating and implementing comprehensive information security policies and procedures under the ISO 27001 framework. My approach facilitated informed discussions with stakeholders and potential clients, providing them with critical risk management metrics that guided strategic decisions at the executive level. I am proud of my contributions toward advancing our organization's technology through the mentoring and development of a team of infrastructure engineers, focusing on their professional growth and skill enhancement. Additionally, I developed and integrated a robust Disaster Recovery strategy, established a well-aligned Incident Response program according to the NIST SP 800-61 framework, and enhanced our IT security measures to align with broader business objectives. My strategic oversight not only boosted user productivity but also significantly contributed to our revenue growth by managing the IT security budget and advocating for innovative security tools.

In my role as Head of Information Security, I've led the charge in aligning security measures with business priorities, continuously protecting revenue streams and elevating customer trust. By collaborating closely with stakeholders and supervising cross-functional project teams, I successfully developed and implemented information risk solutions that have fortified our company's security landscape. My leadership in the execution of the Department of Defense DFARS/NIST 800-171 and the CIS Top 20 CSC frameworks underscored our commitment to advanced compliance and robust security measures.I am particularly proud of achieving compliance three months ahead of the deadline and under budget by 30%, a testament to my strategic approach to mapping complex technical functionalities to NIST 800-53 Rev 4 security controls. My initiatives also included the swift execution of Two-Factor Authentication and the creation of a company-wide Cybersecurity Awareness Training program with KnowBe4, which effectively neutralized the threat of phishing attacks. Moreover, my focus on vulnerability management maintained a 100% success rate through annual assessments with independent auditors. By designing and deploying a Security Information and Event Management (SIEM) system, I optimized our organizational response capabilities, enhancing real-time threat detection and protection.

In my role, I significantly enhanced communication and operational efficiency by actively contributing to a global team responsible for supporting, managing, and developing the Exchange and Mobile Handheld infrastructure for 60,000 employees. My strategic initiatives included achieving significant cost reductions and optimizing the Mobility Environment for high availability on VMware 5 through strategic license consolidation at Thomson Reuters. This not only streamlined operations but also ensured enhanced system reliability and performance, demonstrating my commitment to leveraging technology for organizational success.

In this role overseeing legal hold and journal archiving processes, I aligned closely with compliance requirements while expertly administering Symantec Enterprise Vault and collaborating with our legal team. My focus on effective knowledge transfer was crucial, as I developed and disseminated comprehensive best practices to enhance our global support team's adherence to service-level agreements. This initiative not only streamlined operations but also fortified our compliance posture across the board.I also played a pivotal role in a global team tasked with the upkeep, architectural design, and enhancement of Exchange and Mobile Handheld environments for a massive workforce of 60,000. My technical leadership was instrumental in engineering a significant mobility environment upgrade on VMware 5, optimizing system availability and slashing costs through strategic license consolidation for Thomson Reuters. Further, I orchestrated the seamless transition of user accounts from Exchange 2013 to an Office 365 Hybrid Environment, significantly enhancing system efficiency and connectivity. My proficiency with PowerShell scripting enabled smooth client integrations during critical mergers, acquisitions, and divestitures, while my initiatives in data protection and identity & access management bolstered organizational security protocols in coordination with the security operations team.

In my role, I significantly increased operational efficiency by streamlining the creation of applications across the organization using Microsoft SMS. I spearheaded the launch of the Microsoft SCOM environment, enhancing network monitoring and system management capabilities, which streamlined our IT processes. Additionally, I established an automated patching program that effectively reduced downtime and maintenance overhead, ensuring more reliable and efficient operational performance. These initiatives not only optimized our technological infrastructure but also supported our strategic business objectives by improving system stability and user productivity.