Online lecturer teaching IT Security Auditing and System Monitoring.

Manage operations and administrative services of the organization:• Developed professional services and managed services offerings around Managed GRC.

Implemented and managed IT Governance, Risk and Compliance (GRC) function across the organization as well as Security Operations, Corporate IT, and Data Privacy practices: ● Developed and maintained a consolidated privacy, data protection and security program that integrated requirements across various compliance mandates, including PCI DSS, ISO 27002, HIPAA, HITRUST and various privacy laws, including GDPR and CCPA. ● Supported and led a team of security practitioners in various practices such as incident management, application security, vulnerability management, business continuity planning, security awareness & training, and auditing. ● Implemented a Business Intelligence practice to consolidate and streamline business and customer reporting capabilities. ● Provided strategic guidance at the executive level regarding risk to information resources and technology. ● Provided leadership in the planning, design and evaluation of data protection, privacy, and security related projects.

Implemented and managed IT Governance, Risk and Compliance (GRC) and Security Operations functions across the organization as well as support secure practices within Network Infrastructure, and IT Operations:• Deliver a consistent, documented IT-related risk management process to maintain risk at an acceptable level.• Develop, publish, and maintain comprehensive information security standards, policies, procedures, and guidelines including data classification and protection, as well as development and execution of an information security training and awareness program.• Manage external third party assessments and annual audits, including but not limited to PCI DSS, SOC, and SIG questionnaires. • Review, in partnership with Legal, and approve information security contractual requirements with clients.

Implemented and managed IT Governance, Risk and Compliance (GRC) functions across the organization as well as Security Operations practices:•Deliver a consistent, documented IT-related risk management process to maintain risk at an acceptable level.•Develop, publish, and maintain comprehensive information security standards, policies, procedures, and guidelines including data classification and protection, as well as development and execution of an information security training and awareness program.•Establish requirements for, and oversee operations of, an enterprise information security architecture and infrastructure that includes Security Information and Event Management (SIEM), Identity and Access Management (IAM), Data Loss Prevention (DLP), Encryption mechanisms, and Host Intrusion Detection/Prevention Systems.•Lead, in partnership with Legal, and other business units, the organization’s existing and prospective Information Security, Compliance and Privacy programs in accordance with industry standards and requirements, which includes, but is not limited to: ISO 27001, GDPR, COBIT, HIPAA, etc.

Implemented and managed IT Operations, Network Infrastructure, and Information Security practices•Designed and implemented network infrastructure improvements that strengthened capability, reliability, and security of the network, including but not limited to global transit gateways, NGFW, zero-trust capabilities, and dynamic routing with high-availability.•Enhanced physical security controls by deploying identification badges, badge readers, and IP cameras. •Directed and managed a global team of IT resources to support the growing information and technology needs of the organization. •Formalized, documented, and implemented authoritative documentation to meet compliance requirements and best practices for GDPR, HIPAA, ISO 27001, and COBIT. •Successfully managed and implemented SIEM and SOC managed services project giving greater visibility into activities and events throughout the business infrastructure and cloud environments. This has resulted in establishing a well defined and documented security incident response practice. •Successfully managed ServiceNow implementation project to integrate and streamline incident, problem and change management processes within organizational business units. This has helped to automate incident communications and provide auditable requests for change.

Performed and managed assessments of several concurrent client engagements:• Provided independent assessments of organizations in relation to security policies, procedures, operating practices and technical environment based on established information security frameworks or standards, including, but not limited to: HIPAA, HITRUST, PCI DSS, ISO 27000 series, and NIST CSF.• Performed and managed assessments in accordance with industry-specific audit methodologies.• Performed and managed assessments in accordance with project management methodologies. • Performed technical validation activities in accordance with information security frameworks, including but not limited to: routers, firewalls, wireless devices, and IDS/IPS configurations, network architecture designs, log data and SIEM configuration, anti-virus implementations, server and workstation configurations, encryption solutions and key management, database schema and table design, access control systems and user accounts, FIM, vulnerability management and penetration testing results, etc. • Developed and/or reviewed policies, standards, processes and procedures. • Improvement and maturation of Healthcare assessment processes and methodologies.

Performed and managed assessments of several concurrent client engagements:• Provided independent assessments of organizations in relation to security policies, procedures, operating practices and technical environment based on established information security frameworks or standards, including, but not limited to: PCI DSS, ISO 27000 series, HIPAA and HITRUST.• Performed and managed assessments in accordance with industry-specific audit methodologies.• Performed and managed assessments in accordance with project management methodologies.• Performed technical validation activities in accordance with information security frameworks, including but not limited to: routers, firewalls, wireless devices, and IDS/IPS configurations, network architecture designs, log data and SIEM configuration, anti-virus implementations, server and workstation configurations, encryption solutions and key management, database schema and table design, access control systems and user accounts, FIM, vulnerability management and penetration testing results, etc. • Developed and/or reviewed policies, standards, processes and procedures.

Technology GRC team lead on Technology Risk and Technology Governance:• Consulted, facilitated, coordinated, and developed governance documentation, such as policies, procedures, and standards for enterprise management and executives. These documents help establish governance for IT and other business areas. • Leveraged industry frameworks such as COBIT, ITIL, ISO, NIST to define, implement, and align governance documentation with regulatory and business requirements. • Applied various project management methodologies, such as Kanban and waterfall to daily responsibilities. This ensured proper prioritization of assignments and visibility for in-progress and completed tasks. • Performed annual technology risk assessment of IT risk portfolio. This provided senior management the information needed to prioritize identified risk. • Established Technology Risk Management (TRM) practice. Successfully defined goals, objectives and processes critical to the success of Technology Risk Management. • Developed metrics for tracking and reporting of risk scenarios. These metrics were presented to senior management and used in the prioritization of risk. • Performed PCI DSS gap analysis and implementation of requirements to ensure compliance with security standards.

• Analyzed user support needs then designed and delivered effective technology solutions. Assigned the task of managing and maintaining Apple computers resulting in the successful deployment of Apple Remote Desktop and Apple Profile Manager. These products increased security and decreased response time for incidents• Increased efficiency and response time by streamlining main campus IT services to the Primate Center. This involved migrating to the main campus service desk and implementing inventory and computer imaging applications

• Supervised and coordinated the Technology Service Center the primary point of contact for technology needs on Tulane’s main campus• Organized, coordinated and managed project charter for University wide email migration to Outlook Live which required a large scale communication plan that led to a successful migration of over 2,500 email accounts• Redesigned and restructured the Service Center to curtail abuse and misuse resulting in faster repair times and new revenue from service fees which subsidized costs of additional services• Conducted training, created processes and procedures, and developed service-level agreements to clearly define services offered and products supported• Organized and oversaw project charter for University wide email migration to Outlook Live which required a large scale communication plan that led to a successful migration of over 2,500 email accounts

• Operated as liaison between Technology Services and the School of Social Work, also maintained computer labs across the main campus • Addressed the need for an updated website by coordinating and developing a new design that matched University standards and managed content updates as needed• Produced a unified experience across all technology services computer labs through Altiris Imaging and Deployment and managed and maintained Pharos printing system• Aided Technology Services as a service desk support technician; this included answering service desk calls and assisting with onsite request.