• Created the Governance, Risk & Compliance department • Hired, Mentored and Led all new hires to GRC • Created and implemented a PCI program of perpetual Audit readiness • Lead the effort to mature the compliance program to meet PCI v4.0 • Created and implemented an Identity Access Management Program • Created and implemented a Third Party Risk Program • Created and implemented a Security Awareness Program • Created the entire library of Information Security Policies and Standards • Selected and configured our GRC tool • Created Risk Registers for all IT Departments • Used Risk Registers to create KRI/KPIs and report risk to leadership so they can make risk based prioritization decisions • Utilized Risk Registers to ensure consistent priorities between departments • Reviewed and assessed all current Security Tools and determined best Tools going forward • Ensured that all policies and procedures align with PCI and the ISO framework. • Built the Information Security program around the ISO Risk framework, to assess and measure risk for Information Security Standards. • Created and maintained the Security Awareness Program • Created a Risk Committee Charter and set up a monthly Risk Committee meeting to review and approve/reject exceptions to Consumer Cellular Policies • Created all of the Exception Policy and Process for Information Security • Saved over $500k, annually, in managed service contracts by bringing PCI responsibilities in-house • Saved over $750k in annual contracts by getting Consumer Cellular PCI Compliant for the first time in their history

Serving as a Risk Framework Expert. Tasked with ensuring that our policies and procedures align with our Risk Appetite. In charge of Monitoring and Reporting on High Risk events, as well as informing executive leadership of our Risk Exposure.Responsible for designing, implementing and maturing the First Line of Defense Program for Information Technology and Information Security. Ensuring that our Compliance Management System, could hold up to a CMR-IT (Compliance Management Review - Information Technology) by the CFPB (Consumer Financial Protection Bureau).Built the Information Security program around the NIST Cybersecurity framework, to assess and measure risk, as well as the ISO 27001 framework, for Information Security Standards.Responsible for promoting a culture of compliance by executing the Company's compliance strategy as defined by the Compliance Program. Manage and facilitate the compliance function by leading Compliance Officers (CO) and staff in their work within the major compliance components of the Program. Escalates issues to ensure appropriate handling of high priority compliance risks, interacts with executives and senior management and plays a key role in regulatory examinations.Responsible for improving the First Line of Defense(FLOD 1LOD) and Compliance Management Systems (CMS) for Information Technology(IT)and Information Security (IS) Business Units, while working in the Second Level of Defense (2LOD).Led efforts to implement COBIT framework within ITLed annual NIST Risk Assessment within InfoSecLed the review and update of KRIs for IT and InfoSec

• Improve awareness of, and compliance with, Enterprise Information Security policies, processes and standards; • Provide direction and expertise to remediate security assessment review issues• Analyze and report, on an ad hoc basis, in support of the information security risk management team. • Reconcile the information asset portfolio with all Enterprise risk and assessment tools• Conduct annual certifications and review results to develop follow up action plans• Aggregate and analyze how information security risk exposure is trending, to support LOB and Enterprise wide reporting• Evaluate and interpret internal and Enterprise information security policies, processes and standards, and provide recommendations to improve them

- Responsible for acting as the SME (Subject Matter Expert) for operational risk within American Express Technologies- Identify and address thematic issues, trends and exposures- Ensure compliance with requirements of the PRSA (Process Risk Self Assessment) Framework and policies/guidance issued by the SOX Compliance Group, Spreadsheets Program Office, Basel Governance Group, and Global Compliance & Ethics- Provide training on the PRSA Framework- Oversee and manage the ORCom (Operational Risk Committee) meetingsThe PRSA Framework is based on the Five Integrated components of the COSO Internal Control - Integrated Framework, including the following:1. Control Environment: The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization.2. Risk Assessment: A risk assessment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives, and forms the basis for determining how risks will be managed.3. Control Activities: Control activities are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out.4. Information & Communication: Information is necessary for the entity to carry out internal control responsibilities to support the achievement of its objectives. Communication is the continual, iterative process of providing, sharing and obtaining necessary information.5. Monitoring: Ongoing evaluations, separate evaluations or some combination of the two are used to ascertain whether each of the five components of internal control, including controls to affect the principles within each component, is present and functioning.

• Specialize in building RSA Security Analytics systems from the ground up. • Racking the systems in data centers, installing and configuring the gear, analyzing the results of captured packets and logs. • Focused on capturing packets and logs and analyzing traffic over the network• Creating automated reports and alerts that will run and give the client an update on what is going on with their network• Interacting with the clients, onsite, to ensure that their expectations and needs are being met.• Knowledge transfers to the clients

• Senior Business Analyst for the Data Protection Team, specializing in protection of PII (Personally Identifiable Information) • Senior Business Analyst for the Data Mapping Program, which maps data flow diagrams of applications throughout AMEX using ProVision• Senior Business Analyst for the DLP (Data Loss Prevention) Program, which tracks the flow of PII moving outside the company through the use of Email. Lowered events by 70% year over year. Acted as a liaison between the business side and the technology side. • Senior Business Analyst for the SCI (Safeguarding Customer Information) Program, which started as a program that dealt with SOX regulations.• The SCI Program supports businesses and staff groups to complete a baseline assessment of application-level customer information protection processes, policies and risks by identifying, evaluating, and testing controls for AXP-owned applications.• SCI addresses applicable regulations and industry standards to identify, assess, test controls and rank risks. The methodology allows businesses to define and manage their risk appetites. • SCI implementations have improved data protection controls for 800+ applications across the US, Canada, Greece, India, Japan, Spain, the UK, Mexico, Argentina and Australia.• Displayed an ability to excel in multi-tasking situations by being an integral part of multiple, simultaneous Data Protection initiatives, such as Data Loss Prevention, PCI (Payment Card Industry), DLP (Data Loss Prevention) and SCI (Safeguarding Customer Information)• Senior Business Analyst for GLBA audits and Process Risk Self Assessments• Experience with AGILE development method• Programmed a multitude of complex automation tools using VBA in Excel.

Completed six-month technical training program in India, educated in the following technologies:C Programming language, Relational Database Management Systems, Oracle PL/SQL, UNIX, JAVA, HTML and XML