Executive Consultant engaged to head IT security and risk for North and South Americas’ Investment Banking divisions. Acting head of all run-the-bank and change-the-bank information security and information risk responsibilities. Responsible for firm’s cybersecurity risk and maturity assessment, and for developing appropriate scope and direct oversight of performing supplier conducting assessment. ▪ Transformed information security, cybersecurity and vendor risk management programs. ▪ Maintained program alignment with National Institute of Standards and Technology (NIST), Federal Financial Institutions Examination Council (FFIEC), International Organization for Standardization (ISO) 27001/27002, Department of Financial Services (DFS) 500, Commodity Futures Trading Commission (CFTC), Financial Industry Regulatory Authority (FINRA) and National Futures Association (NFA) regulatory compliance requirements. ▪ Defined information security metrics for organization to estimate security structure and communicate to Board-level executives. ▪ Created framework and governance model for IT vendor risk management, including all aspects of due diligence and performance management (vendor on-boarding, lifecycle management, vendor off-boarding). ▪ Led and implemented risk management, GRC (governance, risk management, compliance) platform. ▪ Established process and oversight for vulnerability management program. ▪ Developed regions’ key risk indicators (KRIs) to provide risk oversight for entire Americas IT function. ▪ Collaborated with business stakeholders to establish departmental success criteria and key risk thresholds.

Responsible for executing remediation activities and developing control framework for cross-border business model, including legal and regulatory risk in relation to how Barclays’ legal entities operate within local jurisdictional requirements. ▪ Oversaw communications, jurisdictional analysis, remediation, account maintenance, control framework development (client/product restrictions, fly-in and reach-in activities, and training and education). ▪ Aligned cross-business functions (e.g., Operations, Banking, Front Office, Markets, Research, Compliance) and senior management to establish necessary policy, process and technology changes.

Responsible for developing framework for enterprise-wide technology governance, strategy and operating model. ▪ Created governance framework for all enterprise-wide technology domains/verticals: charter/mandate, operating model, strategy, metrics, governance model, service and processes inventory, risk assessment and operational readiness presentation. ▪ Oversaw business relationship management between program and various lines of business. ▪ Served as primary liaison for the following IT groups: Architecture, IT Risk, IT Security, Systems Monitoring, Configuration Management, Technology Asset Management, Third Party/Supplier Management, IT Strategy, Application Development and Financial Management.

Senior Executive accountable for oversight, delivery and governance of technology to both Morgan Stanley Bank, N.A. and Morgan Stanley Private Bank, National Association within a regulatory-compliant and risk-managed framework. ▪ Oversaw delivery of all technology services and relationship management between Morgan Stanley & affiliates to U.S. Banks, including all required and relevant reporting to the business. ▪ Aligned regulatory requirements and delivery of technology. ▪ Established framework for all service-level agreements (SLAs), maintaining alignment with Dodd-Frank, FFIEC requirements and Office of the Comptroller of the Currency (OCC) guidance. ▪ Created specific SLAs for Portfolio Loan Accounts (PLAs), Regulation W (Reg W) and bank deposits (BDP) platforms. ▪ Created model for all inter-affiliate delivery management reporting and associated KPIs. ▪ Responsible for business management and technology financial/cost allocations reporting between inter-affiliate suppliers and customers. ▪ Initiated supplier risk management program to oversee third party vendors that provide technology platforms for lending, PLAs and trust products.

Executive consultant responsible for information security for a multinational, 17,000-person organization. Managed day-to-day operations for Information Security Team. Served as liaison with CIO/Executive Management Team, providing timely reports and KPIs. ▪ Created minimum information security standard based on ISO 27001 management controls. ▪ Revised all information security policies, standards and procedures to align with transformation to a service delivery technology model, subsequent to the acquisition of Synovate. ▪ Created frameworks for organization’s self-risk assessment, risk register and information security assessment.

Board-appointed role, with responsibility for executive management of business technologies. Active Member of Trust Advisory Committee. ▪ Ensured technology and processes supporting key decision-makers enabled them to make timely business decisions and manage risk. ▪ Directed technology management for all business units and products. ▪ Revised information security program, the firm’s governing policy ensuring corporate, SEC and OCC regulatory compliance. ▪ Created information security and compliance strategy. ▪ Responded to 20+ internal and external (SEC, OCC, FFIEC, SOX) annual regulatory audit/exam requests. ▪ Achieved a 100% reduction in audit control deficiencies from 2006 to 2011, resulting in reduced number of vulnerabilities and significant deficiency exposures.

Led strategic and operational process governing business merger & acquisition programs and initiatives within the GTI technology group. Additionally responsible for oversight and management of the strategic data center migration between JPMC and Bank One legacy organizations. Duties also included management of 90+ resources that spanned multiple lines of business, including Trading, Investment Banking, Credit Card Services, Asset Management, Private Wealth Management, Commercial Banking and Retail Banking.

Engaged to align IT strategy and the client relationship between AIG Global Finance, AIG Domestic Brokerage Group and AIG Technologies. Executive management of all projects and 64 resources and management of a project portfolio comprised of 80+ concurrent projects.