•Lead development and implementation of a comprehensive information security strategy and manage a $1.2M budget, driving strategic partnerships with 4 healthcare clients and managing all assurance activities.•Ensure full compliance with relevant healthcare regulations (HIPAA, SOC2, HITRUST) and other federal and state laws regarding data protection and privacy.•Lead the enterprise-wide information security risk management program, identifying risks, conducting assessments, and implementing mitigation strategies to protect patient data and healthcare systems.•Establish and enforce information security policies, procedures, and standards in alignment with best practices.•Oversee the incident response team, coordinating efforts to detect, respond to, and recover from security breaches, including forensic analysis, reporting, and remediation.•Implement and manage security operations such as SIEM, intrusion detection systems (IDS), firewalls, and vulnerability management tools to ensure proactive threat detection and response.•Manage the security posture of 3rd party vendors.•Act as the primary information security contact for clients, providing consulting services on security posture, risk assessments, and regulatory compliance.•Lead a security team of 14 (3 direct, 11 indirect), fostering a high-performance culture.•Regularly present security metrics to executive team and board.•Develop and implement security awareness programs for staff and clients.•Notable Achievements: o Created the strategic enterprise security risk management program from scratch, ensuring ongoing effective risk mitigation.o Enhanced the integrated control framework to align with industry best practices, addressing evolving security threats through the design of resilient security architectures that minimized disruptions from incidents.o Spearheaded security initiatives during M&A activities, contributing to the enterprise’s valuation increase to nearly $750M.

•Managed a $1B security portfolio, driving strategic partnerships with commercial, government, and international clients, while ensuring seamless alignment with corporate security initiatives and business unit objectives.•Oversaw and guided compliance with Information Security policies for processes and systems within the business unit, improving the security posture by identifying risks, evaluating controls, and providing risk mitigation strategies.•Established trusted relationships with major clients through on-site visits, client forums, and industry representation.•Managed a diverse team within a matrixed environment, overseeing security operations and project management.•Notable Achievements: o Led security decision-making for new products and services, providing input into business cases and growth strategies for unit.o Provided governance oversight and acted as an escalation path for security-related incidents, issues, and inquiries. o Advised leadership on security-related decisions impacting the business unit, ensuring alignment with corporate objectives, including serving as Go To Contact for the SVP of Government, Verification Services, and International verticals.o Led sr.-level fraud, incident response, and business continuity tabletop exercises to improve preparedness and response.

•Acted as principal advisor to businesses and customers, interpreting and applying policies, standards, and industry best practices to analyze risk, critique security strategies, and assess architecture.•Developed and oversaw regulatory compliance programs, serving as an advisor to client steering committees.•Conducted security risk assessments and conducted forensic incident investigations and incident triage for client threats.•Monitored HIPAA and PCI-DSS regulations, implementing necessary policy changes for both internal and client organizations.•Built and led a cross-functional team of 4, with roles in project management, governance, and operational information security.•Notable Achievements: o Led the Information Assurance unit, establishing standards to measure the organization's technical security posture.o Developed and delivered internal and external security curriculum, including serving as a SANS Mentor.o Created and led the "Security Officer as a Service" compliance initiative, driving a culture of compliance through consensus-building and managing diverse stakeholders, from Board Members to frontline staff.o Coached and developed multiple reports into promotions within the organization.o Asked to present at prominent information security seminars, recognized as an industry expert in sharing best practices.

•Oversaw operational and governance aspects of security, while leading technical evaluations and architecture of security infrastructure while ensuring the organization's security posture complied with strict Gaming Regulatory standards.•Notable Achievements: o Led creation of the PCI-DSS compliance program, collaborating across teams to meet current revisions of PCI-DSS standards.o Integrated security operations into the 24/7 technical monitoring system to enhance SOC monitoring capabilities.o Spearheaded the identity management and access administration program, implementing layered security defenses.o Revamped the enterprise-wide Identity and Access Management system, enhancing security and efficiency.o Promoted quickly due to delivered results, expertise and leadership abilities.

•Identified business requirements, evaluating security solutions, and providing recommendations as needed.•Notable Achievements: o Designed, developed, and deployed a comprehensive three-tier Public Key Infrastructure (PKI) environment.o Developed and deployed a multi-phase Computer Security Incident Response Plan from the corporate Disaster Response Plan.o Developed an enterprise-grade switch configuration utility, reducing rollout time from 2 months to 3 days.o Led an application team to integrate critical systems with external government entities.o Designed and implemented the organization's Security and Event Management system.o Developed an in-house network mapping utility, reducing serial-to-IP conversion time from 2 weeks to 6 hours.