Program Manager responsible for integrated cybersecurity risk management across the enterprise, leading annual and periodic risk & control assessments across NetApp, helping drive global strategy through risk program governance, operations & reporting up to board level.•Mature information security risk management at NetApp. •Implemented an integrated risk management framework to assess security risks at the organizational, business process/function, and information system level.•Implemented an annual cybersecurity risk assessment process.•Coordinate with Risk & Compliance Leads to conduct risk/control assessments across the enterprise.•Implemented an organization wide standard risk scoring methodology.•Review and recommend security controls based on risk assessment results and other compliance requirements.•Manage operational risks outside of control frameworks that are identified through engagement with IT and security teams.•Ensure risks and control effectiveness are continuously monitored.•Advise on efforts to test controls and address deficiencies through the appropriate risk response.•Serve as an escalation point for Cybersecurity Assurance on enterprise security risks.•Track key risk indicators and work with technical and security personnel on the collection of key metrics.•Lead monthly KPI/KRI meeting with security executives and other stakeholders.•Coordinate with ERM to ensure security risks from all business functions are reported, have leadership visibility, and that regulatory requirements are met.•Assist with annual Fraud Risk Assessment as conducted by the Internal Audit function.•Ensure all risks are documented according to company standards in the Global Security risk register.•Develop and review risk management and other Global Security governance documentation.•Act as Cybersecurity Assurance lead on M&A due diligence & integration. •consult on regulatory requirements (SEC, EO on AI)•Drive continuous improvement across NetApp.

Focused on facilitating the management of Enterprise Information Security and IT related risks to guide the organization towards continuous improvement and compliance with government regulations and industry standards.• Develop Governance, Risk & Compliance strategy to align with company goals.• Design and develop risk methodology and governance to meet business and security objectives.• Lead a small team of GRC analysts to manage enterprise security risks for multiple Business Units.• Work with the Enterprise Risk Management to ensure appropriate risks have leadership visibility, and regulatory assessment and reporting requirements are met.• Assist with Cyber Insurance renewal activities• Ensure all risks are documented and updated according to company standards.• Engage with technical and security teams to identify risks, and drive toward risk mitigation activities aligned with Enterprise Information Security (EIS) Governance and Risk Management Programs.• Manage EIS GRC Risk Repository.• Lead risk assessments and facilitates mitigation activities so that risk is reduced to an appropriate level.• Define and deliver appropriate EIS GRC metrics and analytics.• Serve as an escalation point for GRC operations team on all enterprise security risks.• Act as GRC lead on Mergers & Acquisitions integration. • Provide consulting and advisory services on governance, risk and compliance.• Drive continuous improvement across all areas of EIS GRC.

My consulting responsibilities/program areas include:• Managing Business Continuity Management/Disaster Recovery Program o Consulting and other planning and compliance activities for internal and external customers, such as Business Continuity/Disaster Recovery Plan development and testing.• Managing Third Party Software & Data Program o Review intellectual property licensing terms and agreements o Ensure compliance with internal processes and licensing terms• Planning and leading customer security and/or quality audits for various industries • Conducting risk assessments and risk remediation in alignment with internal policies and standards, and using an applicable framework (e.g. ISACA Risk IT Framework)• Leading internal audits related to risk management, contractual obligations, and to meet various regulatory and certification requirements (HIPAA, HITRUST, ISO 27001, SOC2)• Consulting and advising on CFR 21 Part 11 issues related to Pharmaceutical customers, and SAS Health and Life Sciences products and solutions• Participating in US EU/Swiss Privacy Shield certification process o Coordinating and Completing Privacy Impact Assessments o Experience in privacy regulations such as GDPR and US EU/Swiss Privacy Shield, and privacy frameworks such as NIST o Knowledgeable of current privacy trends and issues that impact the organization • Responding to customer questionnaires and reviewing contractual agreements• Managing security incidents• Supporting business development activities• Policy, Process, and Procedure development and maintenance for SAS global hosting Information Security Management System (ISMS)/Quality Management System (QMS)• Experience in compliance against NIST 800-53 and ISO 27001 controls and requirements• Consulting on compliance issues that are related to implementation and operation of the services SAS provides to managed hosted customers.• Training and Education consulting and compliance

The division I work for at SAS, SAS Solutions OnDemand, hosts customer data, across industries, some of those are regulated industries, so I am involved with all aspects of audit and compliance activities to meet our customers expectations, regulatory compliance, and international standards.• Pharmaceutical customers, validation/qualification• Other commercial customers (i.e banking) with some government customer experience• Intellectual property - Third party product (software/data) licensing/procurement• Customer security/quality audits• Continuity of Business & Disaster Recovery consulting and activities, internal and external customers• Internal auditing using a Framework such as ISACA• HIPAA/HITECH/HITRUST - risk assessment & remediation• Experience with ISO 27001 and NIST 800-53 controls and requirements• Security Incident triage and remediation• Some experience in privacy regulations such as GDPR and US EU/Swiss Privacy Shield.• Policy, Process, and Procedure development.• Training and Education consulting and compliance

I developed and managed, with another colleague, a complete internal and external online training program for SAS Solutions OnDemand.• Guided instructional policy and processes.• Developed and managed training programs and initiatives.• Made recommendations for instructional delivery systems and applications. • Evaluated and measured training success. • Conducted needs assessments. • Conducted task analyses with subject matter experts. • Wrote objectives, outlines, storyboards, and other supporting documents as necessary. • Designed and developed training content.• Implemented training methods and delivery.• Assessed training effectiveness and managed measurable outcome reporting.• Planned and gave presentations on training related subjects.• Designed, implemented and administered learning management system• Planned, collected, and analyzed training related metrics • Created reports from the learning management system and other training related data sources• Communicated across the division about training related announcements• Supported customer audits • Supported end users• Performed other related duties as assigned.

I was part of a team that helped create online certificate/degree programs using a variety of web-based delivery methods for UNC. This started as a pure technical position as an audio mastering engineer but has now grown into project management and design as well.• Support Analyst for the Online Instruction Group.• Assisted faculty, clients, and teaching assistants in the design and development of multimedia instructional materials (audio, video, and animation) for the distance learning format (web, CD-ROM, and video).• Developed and maintained Distance Education courses in Blackboard. Administered and developed school’s iTunes University site.• Researched, evaluated, and made recommendations of software and hardware for use in designing, developing, and delivering audio, video, and animations in the distance learning format.• Managed audio recording facility and engineer recording sessions. Edited and mastered final recordings for delivery.

House engineer for a vintage AND state of the art recording studio in Mebane, NC. Assisted producers, engineers, and artists in the recording of music. Maintained tape machines and studio logs.Produced music when feasible.

Directed/Engineered Distance Education Teleclasses as part of the North Carolina Information Highway and NCREN through Satellite Transmissions, ISDN lines, and streaming media. Recorded and edited audio and video for clients.

• Established music production company under licensing agreement with Yep Roc Records/Redeye Distribution.• Designed and built small-scale audio production/mastering studio, Big Johns Studio, utilizing both digital and analog formats, creating and recording multiple genres of music and narration for private and commercial projects.