Led global cybersecurity assessments using ISO 27001 and NIST control families, identified gaps, developed recommendations and collaborated with clients to implement security best practices, and directed IT audit, information security awareness, and information security compliance engagements for industry leading firms. Led SOC2 readiness assessments including reviewing and revising documentation and testing controls. Implemented cloud migrations, included assessing cloud controls against cloud control frameworks (e.g. CSA CCM), and developing risk and control matrices.

Led a global information security organization and created a comprehensive NIST based enterprise security risk management program to secure information assets for State Street Global Markets (SSGM $2 Billion in revenue) and State Street Digital, at one of the largest asset management firms in the world. Collaborated and built relationships across all three lines of defense to align the information security program with the enterprise risk profile. This included providing cybersecurity subject matter expertise to business process and control owners during SSGM RCSAs, presenting cybersecurity strategy and program implementation to the Federal Reserve during examinations, and proactively engaging ERM and Audit regarding issues identified and remediation activities put in place to improve the information security posture of SSGM and Digital. Assessed vendor third-party risk including cloud controls (e.g. CSA Cloud Controls Matrix), and assessed cloud and vendor solutions to support migration of applications to the cloud (e.g. AWS).

Built an information security consulting business, performed sales, vCISO, and led teams providing cybersecurity, information security compliance, and IT audit client engagements for financial services, healthcare, insurance, and high technology industry firms. Developed security policies, procedures, controls, and implemented security technologies including firewall, (e.g. Palo Alto Networks, Checkpoint) and MFA (e.g. RSA SecurID) solutions, and infrastructure and application cloud migration (e.g. AWS) for industry leading clients.

Led cybersecurity assessments, IT audits, and teams protecting assets in a global network carrying 30+ terabytes per second of traffic (~30 % daily global Internet traffic) with 365,000 servers and networks spanning 134 countries. Assessed root cause analysis of incidents, improved the incident response program, and collaborated with lines of business leaders for a twenty percent reduction in incidents. Led numerous information security assessments, IT audits, and developed reports for the Audit Committee and Chief Audit Executive. This included assessing the third-party risk management program, virtual servers and cloud infrastructure, vulnerability management program, compliance with ISO/IEC 27001, state privacy laws, SOX, PCI-DSS, program management and product development information security practices and controls for a $200 Million product development portfolio.

Led and directed consulting teams implementing information security assessment, and SOX IT compliance engagements for industry leading high-technology, insurance, biopharmaceutical, and healthcare clients. This included leading teams performing IT risk and control assessment engagements, collaborating with business process and control owners to design / redesign controls, testing for compliance (e.g. SOX, ISO 27001), working with external auditors (e.g. PwC), and advising senior management regarding information security. The lead PwC external audit partner informed one of our consulting clients that he selected the work we had performed for the client as one of a few examples provided for a PCAOB assessment of PwC, due to the world-class quality of the control environment.