Global head of product security, including infrastructure, SaaS for customer facing security products and Trellix application security for products sold to protect customers. Expert in application security and development practices for SAST, DAST, SCA, SBoM building upon my SME cloud and legacy infrastructure knowledge and experience including Free Open Source Software management at enterprise level. This is a roll up your sleeves, make it happen leadership role that requires deep technical knowledge in languages, api, cryptography, and extensive free open source software and frameworks. Build strong relationships with leadership and technical staff members and operating across governance, regulatory knowledge, risk analysis & management and program management for US White House executive order 14028, CISA Secure by Design, NIST 800-218, NIS/NIS2, GDPR and European Cyber Resiliency Act (EUCRA) regulatory interpretation, control articulation, and operating adjacent enterprise vulnerability management (EVM) for internal and external facing and product security incident response teams. Program governance and operation of CNA/CVE issuance and vulnerability disclosure program for Trellix products and response tosecurity researcher submissions.

Senior Director Security Engineering/Architecture and Interim CISO responsible for application security, infrastructure security, enterprise vulnerability management, application security architecture across cloud and legacy infrastructures as key individual in Information Security. Performed as Interim CISO due to prior Global Information Security Officer (GISO) for major financial service institution. Heavy use of AWS.

Director, Information Security (Santander Consumer USA), Jan 2019 to present Information Security office,leading network security, engagement/reporting, and training for ISO. Responsible for technical standards,policy, oversight and assurance related to all ISO activities to ensure performance and reduce risk to withinexecutive tolerance across broad technology spectrum. Deep subject matter expertise and responses to risk,compliance, audit, and preparation of regulatory examiner evidence packages to successfully passexaminations. Define and operatore Application Security Program toolchains and practices including (SDLC, DAST, SAST), security technologies,firewall, web application firewall, IPS, DLP, web proxy and broad technologies and architectural patterns.

Senior principal driving information security program in financial services industry (real estate, mortgage, servicing, originations) including application security, infrastructure security, migration from legacy to Azure and AWS, policy, governance, risk, audit, compliance problem solving and risk reduction every day. Includes PCI-DSS program leadership, architect, deploy CASB and Crowdstrike at scale. Partner with DevOps to mature infrastructure security.

Technical leadership across informations ecurity for infrastructure and services both internal and managed security services provider (MSSP) for Fujitsu customers for all aspects of security architecture, engineering, risk, audit, compliance, regulatory, PCI-DSS and incident response.

CISO equivalent position at any smaller company responsible for core services desktop, servers, vulnerabilities, SOC, compliance, risk, metrics, governance, information security risk operating committee, across 130+ countries and guiding on risk resolution for massive global infrastructure and technologies. 28 direct reports across multiple countries and timezone and expert on virtual collaboration.