Performed PCI DSS compliance assessments, ensuring thorough planning, execution, and reporting for A-LIGN’s clients.• Developed and maintained client relationships, performed environment scoping and evidence analysis, prepared PCI DSS compliance reports.• Assessed cybersecurity controls for AWS, GCP, and Azure cloud environments and for data center and on-premises environments, ensuring robust security measures and compliance with PCI DSS standards.• Fostered working relationships with clients to ensure efficient and accurate evaluations and developed an in-depth understanding of each client’s cardholder data environment and payment channels.• Guided clients through the PCI DSS compliance process, explaining control requirements and verifying compliance through interviews, observations, and evidence analysis.• Created and presented data-driven reports on the PCI DSS assessment results to senior management.• Mentored Associate Qualified Security Assessors (AQSA), providing guidance and support throughout the assessment process.• Collaborated with PCI team members to discuss methodologies and industry developments and to address challenging issues.

Coordinated information security audits and PCI DSS compliance assessments through planning, execution, and reporting.• Orchestrated NIST CSF Maturity assessments to identify policy, process, and technology risks, developing strategies and roadmaps to address identified issues.• Facilitated client relationships, project management, environment scoping, evidence analysis, and results report preparation in support of information security audits and compliance assessments for complex environments.• Executed risk assessments and vulnerability analyses to identify and mitigate potential security threats.• Analyzed emerging security trends, threats, and technologies, and recommended enhancements to the client’s security program.• Led audits, identifying, remediating, and monitoring risks associated with information security and privacy controls for a large global client under an FTC consent order.• Contributed to the development and execution of comprehensive cybersecurity strategies aligned with industry standards and regulatory requirements.• Advised client leadership on risk management and security governance to protect information systems and data assets.• Significantly improved alignment of client cybersecurity controls with regulatory requirements, industry standards, and best practices.

Conducted PCI DSS, HITRUST, HIPAA-HITECH, ISO 27001, NIST 800-53, SOC, and GDPR compliance assessments.• Maintained strong client relationships, ensuring clear communication and effective project delivery. Provided clients with strategic advisory services to enhance their security and compliance postures.• Supported the Sales team by conducting security and IT reviews with customers, addressing their concerns.• Participated in the development and implementation of comprehensive cybersecurity strategies aligned with industry standards and regulatory requirements.• Achieved a 20% reduction in overall assessment costs by eliminating duplication of security control requirements for combined PCI DSS, HITRUST, and SOC compliance assessments.

Spearheaded enterprise and vendor regulatory team, scope assessments, gap analyses, risk evaluations, security reviews, and compliance monitoring.• Ensured compliance with corporate policy requirements and industry standards for information system components, applications, facilities, personnel, operations, and vendor relationships.• Completed internal and external risk assessments, and control gap remediation efforts.• Designed a more efficient reporting system to document risks and vulnerabilities associated with information systems and data.• Worked with stakeholders to meet goals, ensure compliance, and was recognized for excellence in performance.• Liaised with internal audit, regulatory entities, internal business partners, and vendors to comply with quarterly internal audits, and annual OCC and SOX audits.• Evaluated alignment with Payment Card industry Data Security Standards (PCI DSS), FFIEC, GLBA, ISO-27001, ISO 27002, and NIST-800 controls for critical enterprise systems. Facilitated the preparation of internal results reports.• Implemented policies, procedures, and security controls to address enterprise and regulatory requirements, improving the information security posture and security awareness of stakeholders.

• Documented information security policies, procedures, and controls based on regulatory requirements and compliance with industry standards and best practices.• Installed and configured network monitoring applications to enhance system security and performance.• Provided network engineering support services, resolving technical issues and ensuring optimal network performance.• Managed Novell upgrade projects from planning to execution, ensuring timely and successful upgrades.• Oversaw the vendor assessment process, evaluating and managing vendor performance to meet compliance standards.

Configured file servers, workstations, hubs, operating systems, applications, printing environments, backups, intranet messaging, and modem communications with the installation of NetWare and Windows.

Supported the migration of the WAN environment, installed Pentium workstations, configured systems, and trained users.

Developed comprehensive course content for network administration and delivered lectures and labs on technical support.

Installed and upgraded Novell LANs, configured bridges and routers, supported Unix networks, and delivered training sessions.

Implemented aerodynamic modeling techniques to evaluate performance, created test fixtures to support engineering projects, and authored technical reports and manuals.