($45.754 billion in assets and $7.73 billion in revenue) Payments technology company delivering innovative software and services across the Merchant, Issuing, and Consumer segments. Lead a team responsible for ensuring that Global Payments people, processes, and technology have effective controls and procedures to secure information assets against unauthorized access or unexpected events. This is accomplished by:- Defining the set of common controls used to establish a baseline of security from which to test and validate effectiveness on a regular basis.- Conducting information security assessments of internal information assets with input, as required, from business functions.- Performing information security assessments vendors' controls to ensure they minimally meet or exceed Global Payment requirements. - Defining the information security assessment testing criteria and and core set of questions, as well as validating whether or not controls are effectively designed and implemented to meet a predefined set of industry standards or regulatory requirements. - Responding to internal and external audits performed by our clients and partners to demonstrate that effective controls and procedures are in place across people, processes, and technology (including internal audit, PCI, SOC 1/2, SOX, etc.). - Managing from intake through closure, monitoring, and reporting of all information security issues and risk acceptances.- Representing information security program during requests for proposals to sales team.- Participating in architectural and privacy reviews for new vendor products or projects.- Maintaining the third party cyber risk rating platform.

($1.77 trillion total assets, $18B revenue financial services/banking with 268,000 employees)Recruited by Wells Fargo to build a sustainable risk management strategy and roadmap from scratch. Provide oversight, including challenges to, and independent assessment of, the frontline's execution of its risk management responsibilities. - Chaired Steering Committee comprised of C-level stakeholders and decision-makers to deliver continuous communication on risk status, activities, as well as outcomes of discussions with the regulators (OCC).- Led the execution by external QSA of all assessment activities which included negotiation of fees, defining statements of work & associated schedule, & understanding lessons learned for future improvement.- Improved risk posture by 30% within first 2 years of hire & delivered company’s first multi-year, multi-million-dollar PCI governance program strategy & prioritized roadmap. - Instituted formal process to independently validate effectiveness of control design & implementation using compliance management software (Unified Compliance Framework) to extract mandates from relevant authoritative sources. - Developed and maintained risk register using enterprise GRC tool (Archer) to log and rate security risks and to guide prioritization of projects and deployment roadmap.- Avoided tokenization conversion incompatibilities by influencing standardization of security & tokenization approaches across disparate lines of business.- Successfully evangelized the merits of designing corporate cloud-first & multi-cloud strategy to be built PCI fit-for-purpose, ensuring prioritization of PCI requirements. - Drove accountability for leaders’ adherence to risk frameworks (NIST, COBIT, FFIEC, ISO2700x, SOC2, etc.) by advocating across company & implementing metrics.- Improved third party/supply chain PCI risk management by developing workflows for third party lifecycle, including creation of new third-party policy & contract clauses.

The PCI Security Standards Council Board of Advisors is composed of representatives of Participating Organizations. Elected by the Participating Organizations and the Executive Committee to represent Wells Fargo in providing meaningful input to policy, standards and guidelines language, as well as strategic direction of the Security Standards Council.

($31.65B assets, $19.5B revenue global supply chain / consumer goods with 115,000 employees)Engaged directly by CISO to strengthen the Philips brand and raise Philips competitiveness by establishing a risk-based strategy to achieve PCI compliance. - In less than 18 months delivered a multi-year PCI compliance strategy, roadmap, and checkpoints for implementation of PCI compliance that was fully integrated with our requirements to simultaneously comply with ISO27000, EU directives, NIST, COBIT, SOX and HIPAA. - Provided strategic leadership to establish a PCI governance program to achieve compliance with PCI DSS requirements, while partnering with the security team to implement a rigorous common risk and compliance management framework within the confines of GDPR and other privacy requirements (including HITRUST and HIPAA). - Forged strong relationships with sector market leaders and enabling functions to develop and drive a five-year strategic business plan that leveraged existing strengths and strengthened future capabilities.

($1.67 trillion assets, $74.3B revenue, financial services / Banking with 251,000 employees) Promoted to SVP and Citi’s first Consumer Bank Information Security Officer to own the development and delivery of information security initiatives, preserving the confidentiality, integrity, and availability of data across the business, and working with senior business leaders to align business principles, goals, and strategic drivers of the organization.- Built strong relationships with card product teams, providing technical expertise to enable delivery of best-in-class card product solutions (plastic and virtual, mobile wallets).- Executed risk-based assessment of business processes and systems supporting those activities.- Established strategy for Citi’s to achieve PCI compliance and built consensus with key stakeholders across complex environments to develop roadmap to address remediation. - Developed policies and procedures to close gaps in regulatory or audit requirements.- Expanded enterprise third party program to include validation of PCI compliance. - Performed annual third-party assessments to evaluate existing business and information security controls, processes, and procedures to ensure compliance with corporate policies. - Executed risk-based assessment of business processes and systems supporting those activities.

Volunteered to cover vacated position during a critical audit while Citi sourced a replacement for this visible management position. Quickly ascertained status of business in order to recommend and drive necessary changes to move the needle in positive direction.- Concurrent with Cards Information Security and PCI Compliance job responsibilities, led and coordinated audit & risk review, resulting in a Satisfactory control rating, and an Effective Risk Control Self-Assessment (RCSA) Rating, demonstrating an improvement from the prior audit.

Retained to improve under-performing talented team of QA professionals for this $100 billion foreign exchange/money market (FX/MM) business, in preparation for acquisition by another company.- Within 3 months of hire, instituted formal methodology for automated regression testing, and creation of detailed test cases (which never existed). - Reduced number of unscheduled configuration management events by 35%, and improved accuracy of functional and performance test results across the organization.

Selected to lead acquisition & merger (A&E) of European American Bank to Citibank, meeting contract deadline, and avoiding prohibitive legal financial implications.- Directed cross-functional and cross-organizational remote teams, as well as external vendors to ensure timely transfer of project deliverables. - Managed the evaluation and selection of Identrus PKI infrastructure solution and worked with smart card team to select smart card solution vendors, facilitating issuance of digital certificates.

Due to company reorganization resulting in new responsibilities, managed cross-functional teams to implement and deliver a new Citibank eCommerce portal offering B2B procurement connections. - Negotiated contract for external customer support, global training plan, hosting operations personnel, service level agreements (including MIS reporting), staff, as well as continuity of business plan. - Expanded responsibilities to include those of BISO, identifying security risk exposures and providing strategic and tactical direction for logical and physical protection solutions.

As part of this newly created think-tank team which reported directly to the CEO, developed electronic commerce initiatives for e-Citi’s Global 2000 Corporate customers.- Designed and implemented hosted e-procurement initiative, deployed throughout 6 countries, in 3 currencies, and 2 languages. - Developed, negotiated, and implemented a customer service and support model, bridging existing help desk staff. Aggressive deadline was met on time and within budget.• Managed the deployment of an information repository, as well as the necessary tools, policies and procedures for content management, site management and branding.• Sourced and built global hosting solutions for e-Citi's customers. Developed and negotiated all service level contracts with various hosting centers, as well as e-Citi customers.

- Responsible for managing Fortune 500 accounts, providing pre- and post-sales activities to identify and develop new business opportunities with existing & new clients. These activities included providing technical subject matter expertise, generating Statements of Work (SOW's), proposals, as well as preparing/delivering client pre-sales presentations, and hosting client kick-off meetings.- Direct Management of 17 engineers and architects, responsible for implementation of highly technical projects at client locations. Performed engagement management and project management functions, including those for several Internet and Intranet sites. Reviewed project performance/quality issues for all. Financial and P&L responsibility for the billing revenue of 17 direct reports, generating $3 million in annual professional services revenue.

- Provided professional services in developing business-critical information management systems for ICM's clients, including the coordination of all aspects of a project, from consultant time and task-based management to budget and client management. Integrated new electronic workplace architectures and designs within existing infrastructures, and led the migration from legacy to newer operating systems. Recognized as ICM's "Top Revenue Generating Engineer" of 1998.

- Collaborated with internal customers of this 15,000+ teaching University Hospital to set the strategic direction for hardware and software platforms, as well as services, across the University. Collected integration needs for compliance with HIPAA, PHI, and privacy, and evaluated effectiveness of current systems as they related to business needs. Analyzed issues, diagnosed problems, and recommended technical and procedural solutions. Established project plans, strategies, tactics and goals for the development and deployment of technology solutions.- Founded and managed the University Campus Computer Store and its staff, along with its web sites, which provided over $4 million of computer-related hardware, software, and peripherals on an annual basis. Developed RFPs, performed due diligence, and wrote technical specifications.

- Pike County's first Information Systems Coordinator, provided strategic planning for, and coordination of, the development and integration of Pike County's information systems. - Designed, installed, and administered 8 Novell Local Area Networks (LANs) throughout County (including the offices of the District Attorney, Voter Registration, Probation & Parole, the County Jail, and Children Protection Services). - Reduced computer service providers' monthly fee by 50% by drafting a contract with County Solicitor. - Reduced the county's annual fees by 35% in recurring costs, by performing a countywide assessment and developing an RFP for hardware and networking software. - Bid-out and implemented a Voter Registration system, saving the County over 45% in recurring, annual fees.

- Hired as the first employee of this start-up, senior level (CEO) executive placement firm, initially located in New York. Was promoted and relocated to Connecticut to participate in new business development, subsequently responsible for hiring, training personnel, and instituting systems procedures. Designed and installed company Novell LAN across 3 states.

- Developed, designed, and taught curriculum for over 250 legal and support staff, including senior partners. Assisted in evaluation, selection, and presentation of applicable new technologies for widespread use. Performed user needs analysis and formal presentations to support new applications.

- Monitored and delegated all workflow of this law firm’s data center by working with professional staff and senior partners to ascertain needs and scheduling requirements. Directed a daytime staff of over 15 data processors. Managed the successful conversion of over 900 documents from IBM 5520 to Barrister AWP.

Taught mainframe operations, either in-house or at consortiums, to various clients, including:-The White House (military personnel) -The United States Postal Service-Goldman Sachs -The Federal Reserve-Merrill Lynch -Philip Morris -The Franklin Mint -Prudential Insurance-Manufacturers Hanover Trust -Prudential Bache Securities - Wrote all course material, slides, overheads, handouts, JCL exercises & flow charts. Courses were taught on the following: MVS/XA, DOS/VSE, VM/CMS, TSO, JES2, OS JCL, POWER, VTAM, CICS and SNA.