Developed and implemented the IT governance, security, and risk management program - including the establishment of comprehensive information security policies; GRC system automation, information risk assessment, and remediation management; cross-mapping of controls to industry standards, regulations, and frameworks; role-based access provisioning; identity governance automation; information asset classification; third-party/vendor risk management; risk metrics tracking and reporting; security awareness; technology compliance and accreditations.

Provided leadership in managing global information classification, data life cycle management, data discovery, and access entitlements initiatives.Established and managed projects, policies, and controls aligned with risk and compliance requirements.

Advised marketing intelligence analytics firm in ISO-27001 certification readiness.

Led the cybersecurity compliance function for the SEC’s Office of Credit Rating. Provided subject matter expertise and guidance in creating and managing the cybersecurity compliance program.Established and managed the regulatory review examination process, methodology, metrics, and content to assess and improve cyber-security and cyber-resiliency for all of the Nationally Recognized Statistical Credit Rating Organizations (NRSROs) – including organizations such as Moody’s, S&P Ratings, Morningstar, Fitch Ratings, and AM Best.

Provided security, risk management, and compliance services -- including as a virtual CISO and offering expertise in IT audit, SOX, HIPAA, PCI, ISO 27001, and other industry standards compliance.

Defined the strategy and roadmap for the company's information security, risk, and compliance program, encompassing all of the company's business sectors in sports, media, and entertainment.Designed and implemented the information security controls to effectively minimize risk and provide suitable protection over corporate assets, systems, and information.Developed and established a comprehensive set of information security policies, technical standards, and operating procedures.Ran the compliance program – ensured compliance with the credit card data security standard (PCI-DSS) for venues and merchandise, as well as other relevant regulations and standards (including SOX, HIPAA, and US privacy laws).Introduced and deployed key security technologies – including solutions for encryption, application security, data access governance, security incident and event management, vulnerability assessment, penetration testing, on-demand and risk-based authentication, mobile device management, advanced malware detection, security metrics collection, intrusion prevention, perimeter policy management, network segmentation, file integrity monitoring, and virtual desktop infrastructure.

Developed and led the information security, risk, and compliance functions.Created the information protection and risk management framework and roadmap - successfully deploying key information security controls and technologies.

Led IT security, risk, and compliance for all NY State public mental healthcare hospitals. Strategically aligned the program with the prevailing privacy and regulatory requirements for government and healthcare (HIPAA/ HITECH). Established key controls, technologies, and processes across all state institutions - including IT governance, risk, compliance management software; vulnerability analysis; information classification; and security metrics reporting.

Established and led the IT audit, risk management, compliance, and information security practice for this large regional public accounting firm. Overall responsibility for developing a portfolio of information assurance services for a wide range of clients. Managed a team that delivered cross-industry external audits, attestation reviews, internal audit co-sourcing, and consultative assistance for IT regulations and governance. Provided assessments and guidance in meeting the requirements for information privacy, security, and business continuity. Marketed, managed, and expanded upon audit and compliance services.

Managed professional services projects in areas of information risks, controls, compliance, security, and audit. Led global engagement teams supporting audit and security outsourcing, technical design and testing, and various compliance implementations - including Sarbanes-Oxley (SOX), ISO-27001, PCI-DSS, privacy, and banking regulations.

Designed and developed a strategic overhaul of the global security architecture and information protection infrastructure for the largest car rental company.

Directed global information risk management strategy, policies, standards, and procedures; identified, assessed, and remediated technology exposures; defined corporate security initiatives and implemented appropriate solutions; created an information security architecture framework; instituted and advanced security awareness programs; addressed all security-related audit and regulatory issues.

Overall responsibility for the security, integrity, and reliability of information technology. Provided information security services over all systems; monitored and enforced compliance; developed and maintained standards, policies, procedures and strategies; oversaw software development life cycle change management and quality testing.Provided audit coverage for all information systems and related business processes and products. Performed in depth technology reviews of information security, contingency planning, and application systems.

Head of the corporate information systems audit function. Coordinated and supervised comprehensive audits of large data centers, networks, application systems, information security, and disaster recovery planning; developed audit plans, procedures, findings and reports; and ensured overall corporate IT audit coverage and department quality.