• Implemented Operational Risk Governance, ensuring compliance with internal policies, regulations, and the 3LoD model across regionally distributed teams.• Facilitated oversight of information security key risks and controls, performed business reviews, and advised senior management on results and recommendations.• Implemented and monitored information security internal controls in accordance with NIST-CSF.• Ensured successful implementation of risk management framework via deep dives, risk control self-assessment (RCSA), management actions, and internal controls.• Developed management reporting dashboards for risk-based decisions. • Analyzed security incidents, identified control framework enhancements, provided independent challenges and validation of reported metrics, and presented risk-based recommendations to senior management. • Facilitated periodic assessments of the confidentiality, integrity, and availability (CIA) of information assets.• Delivered independent recommendations to senior management on policies and procedures.• Performed independent analysis and root cause investigations of security incidents and events.• Identified control framework enhancements by keeping up with industry trends, including global regulations and best practices, and monitoring changes in information security processes, systems, etc.• Implemented internal control framework (operational risk, information security, and business continuity). • Led regional IT Risk Committee and ensure key and/or emerging risks are effectively managed.• Monitored user access reviews of critical and non-critical applications. • Assisted Vendor Management with Third-party Risk Management (TPRM) implementation and maturity.

- Transitioned from support role to the lead of the Manufacturing Cybersecurity Program- Led recurring program meetings and routinely present to executive leadership down to technical site teams to deliver program status updates and program risks/challenges- Led Manufacturing Cybersecurity Steering Committee while collaborating with Cyber Risk Management, Architecture, and Deployment teams- Advocated for the advancement of the Manufacturing Cybersecurity Program to ensure consistent identification, analysis, response, and monitoring of cyber risks- Identified and promoted cross-collaboration across several enterprise teams- Consulted business units, manufacturing teams (IT and engineering), and system owners to achieve program requirements- Consistently demonstrated a high level of business acumen, including recognizing stakeholders needs and listening to customers, audience awareness, affinity for problem solving, etc.- Supervised and mentored Cyber Risk Management intern- Designed and managed dashboards to reported program metrics to leadership and key stakeholders- Facilitated and moderated quarterly sessions to promote Cybersecurity Awareness across enterprise- Consulted and managed enhancements to risk calculation, while partnering with the GRC team- Continued to manage auxiliary responsibilities as detailed in prior position details hereinConsistently proved my ability to face and overcome challenges while continuously developing leadership and influence across several initiatives:- Led the Advancing Professionals Network's (employee network) Lake County Chapter as Co-Chair- Mentored for Abbott Mentoring Program- Supported Cybersecurity DEI initiatives

- Enabled a seamless, efficient process to manage strategy, risk, and governance across the enterprise- Consulted business units, manufacturing teams, and system owners to achieve program requirements- Bolstered cybersecurity operations by designing, developing, and recommending risk solutions that are operationally viable and efficient- Designed data visualizations to report key metrics to leadership and global operations council - Developed a customized risk calculator for the Cybersecurity Department to enable risk rating using a consistent methodology- Aided in the advancement of the manufacturing security program to ensure consistent identification, analysis, response, and monitoring of cyber risks- Contributed to the development of a risk-based cyber security program to meet regulatory requirements and align with industry leading information security practices- Continuously monitored national and international regulatory compliance and frameworks

- Conducted international internal audits and gap assessments for various Abbott divisions- Assessed IT controls against policies to ensure compliance and minimize risk to the organization- Managed the internal audit management software for the department across five countries- Identified key risks and developed IT scope to each specific audit engagement- Created and updated IT audit work programs and testing methodologies (e.g., firewall analysis, ITGC, SIEM)- Assembled detailed reports and presented to executives, management, and IT staff- Executed departmental application upgrade and rollout in Q4 of 2018

- Managed the audit department calendar and approved project assignments - Developed IT audit templates and service offering write-ups- Conducted weekly departmental meetings with audit staff and executive leadership - Advised the sales department and leadership on service offerings and project statuses- Delivered detailed reports to executives, management, and IT staff- Coached personnel on services to increase customer satisfaction

As an IT Security Auditor, my responsibilities included the following:- Conducted social engineering testing (phishing emails, phone calls, and in-person)- Executed vulnerability and penetration tests- Reviewed firewall and wireless configurations against best practices- Evaluated network and antivirus (AV) policies and procedures to determine gaps- Delivered detailed reports for executives, management, and IT staff- Performed web application scanning (WAS)- Developed tools for Red Team Assessments

During my tenure with Aon Global Risk Consulting | Security Consulting & Design (AGRC Security), a division of Aon FPE, I gained invaluable experience in the security consulting and design industry. As a Technical Specialist, I focused on quality assurance and quality control (QA/QC). I reviewed shop drawings, submittal reviews, and as-built drawings/reviews; conducted product research and interviews; prepared meeting minutes; and conducted site inspections and punch lists as they related to security projects to ensure compliance with the original design intent. Throughout each task, I ensured exceptional attention to detail. I meticulously reviewed confidential documents and drawings.I was also heavily involved in the development of multifaceted workplace violence training and mock scenarios for AGRC Security’s clients. I gained knowledge on the subject through workshops and data research that encompassed active shooter defense and practical response in order to remain at the forefront of workplace violence and active shooter incidents.Responsibilities included:- Analyzed security assessment data and conducted product research- Incorporated product research and data into client deliverables (reports/presentations) - Developed operational security training material (workplace violence mitigation/situational awareness)- Completed site assessments to assess physical, technical, and operational security measures- Practiced QA/QC and performed documentation reviews to meet strict deadlines- Supported development of security system designs- Supported executives and staff with sales and marketing initiativesAccomplishments: - Developed workplace violence training and tabletop session for a Fortune 500 client - Co-produced 350+ proposals and Statement of Qualifications (SOQ) submittals - Collaborated with Marketing Department for the Security Practice's website redevelopment

Major: Law Enforcement & Justice AdministrationMinor: Security AdministrationMy educational background consists of the public and private sector in relation to law enforcement and justice administration, as well as security administration. The classes and experiences at WIU furthered my knowledge and fueled my interest in developing a career in security consulting, IT security, corporate security, and investigations.

Generated an innovative project pricing tool for Microsoft Excel, which increased efficiency by approximately 75%. Setup and conducted a number of meetings to present the new pricing tool to management. Participated in team meetings. Expanded my knowledge in the security field, ranging from the technical aspect and security system design to operations and security-related terminology. Meticulously reviewed documents and edited them accordingly. Interviewed potential clients and researched project leads.