• Drive effective management and closure of Business Self-Identified Issues (BSIIs) to address controls gaps and breaks in Technology processes• Provide reporting of BSII and Risk Acceptance activities to Technology leadership• Provide guidance to Technology teams and leaders in identifying and addressing risk and control issues in their processes• Drive the completion of annual Process Risk and Control Assessments (annual Process Risk reviews) for a number of Technology processes• Drive and help coordinate the collection and review of evidence and responses for various regulatory and compliance review activities• Provide guidance to technology teams and the PCI Program on PCI DSS questions• Provide risk and control guidance to non-technology teams as needed, primarily in the completion of risk acceptances and BSIIs• Coordinated the transition of supplier risk management activities from Technology Risk Management to the Technology Supplier Management team to eliminate redundant activities

• Plan, schedule, and manage PCI DSS assessments across multiple business units within TSYS• Provide PCI DSS consulting services to technical and business teams• Provide PCI DSS consulting services on projects to ensure that compliance requirements are met• Act as a liaison between TSYS technical and business teams and Qualified Security Assessors• Develop internal team processes and procedures to make assessment activities mores efficient• Conduct training activities focused on PCI DSS requirements• Assist in training junior PCI Team members on processes and PCI DSS requirements• Lead PCI DSS assessments that result in fewer remediation action items and fewer evidence requests than previous years• Implement changes to pre-defined assessment methodology that results in assessments completing ahead of schedule• Develop and implement assessment-specific management reporting that allows management to see exactly where assessments stand at any given point

• Direct initiatives to help Global Technology Services division maintain operational compliance with industry rules and regulations• Direct IT Operational Assurance team members in day-to-day activities• Direct the development of business requirements to establish compliance monitoring and tracking tools and reports• Direct the coordination and execution of audits/assessments focused on Global Technology Services (PCI DSS, PCI Card Personalization, PCI PIN Security, SOC1 Reports, SOC2 Reports, Internal Audits, Client Audits, FFIEC Examinations, Information Security Reviews)• Develop and present executive-level education materials focused on operational compliance efforts and impact• Facilitate and direct meetings between Global Technology Services, Information Security, and Application Development teams to ensure compliance efforts are being met• Establish and manage a risk-based enterprise Vulnerability Management Program (VMP)• Provide Global Technology Services senior management guidance in identifying and addressing complex compliance issues• Compile, review, and manage semi-annual risk review documentation and activities for Global Technology Services senior management

• Establish and manage a risk-based enterprise Vulnerability Management Program (VMP)• Develop and implement the policies and procedures for a sustainable VMP• Ensure VMP conforms with industry specific standards, and information security best practices• Develop business requirements for vulnerability tracking tools• Develop and distribute VMP reporting for multiple levels of management• Develop and present executive-level education materials focused on vulnerability management practices• Engage appropriate team members to help ensure identified vulnerabilities are remediated timely• Facilitate meetings between Operations, Information Security, and Application Development to determine vulnerability remediation ownership• Develop a team of analysts to manage the day-to-day administration of the VMP• Develop processes for tracking hardware and software end-of-life

• Manage a team of audit employees to help ensure their continued success, as well as that of the department• Lead team in implementing department goals as assigned• Provide input and direction into development of audit systems• Provide guidance for a small team of auditors assigned with managing the day-to-day tasks and vendor relationship for annual Payment Card Industry Data Security Standard (PCI DSS) assessments• Work with TSYS’ Qualified Security Assessor (QSA) to provide PCI DSS guidance across multiple TSYS entities• Work with external audit firm on SSAE16 (formerly SAS70) reviews• Perform Audit Manager tasks, including workpaper reviews, for internal audits• Assist other Audit managers with their projects and provide technical guidance when requested• Work with other Audit managers and senior audit staff to maintain and revise departmental policies and procedures• Perform special projects/audits and technical research as requested by the Chief Audit Executive

• Audit information systems for compliance with corporate development and security standards• Audit Operational groups for compliance with department procedures and policies• Manage and perform IT general controls reviews for Sarbanes-Oxley Section 404• Assist with coordinating E-Comm and Credit Care SAS 70 Reviews• Manage the day-to-day tasks and vendor relationship for annual Payment Card Industry Data Security Standard (PCI DSS) assessments• Work with TSYS’s Qualified Security Assessor (QSA) to provide PCI DSS guidance to TSYS and its affiliates• Work with external auditors, internal and external clients to coordinate vulnerability assessments for Credit Care and TSYS Prepaid sites• Perform Project Leader tasks, including workpaper reviews, for internal audits• Assist other auditors with audit projects and issues• Perform special audits and technical research as requested• Participate in the Santa Fe Group-led Technical Design Committee responsible for developing version 3 of the Financial Institution Shared Assessments Program’s AUP• Work with Audit management and senior auditors to maintain and revise departmental policies and procedures

• Audit information systems for compliance with corporate development and security standards• Participate on project teams to ensure audit concerns and regulatory issues (HIPAA, GLBA, Patriot Act, etc.) are addressed• Perform IT general controls reviews (SOX 404 projects)• Assist financial and operational auditors with system reviews and technical guidance• Audit enterprise projects for compliance with project governance guidelines• Perform special audits and technical research• Audit data center physical security controls• Provide guidance and training to AFLAC Japan auditors

• Manage IT specific projects to ensure they are completed on time and on budget• Determine and acquire the necessary resources for project completion• Develop project timelines and schedule tasks for assigned resources• Coordinate with project customers to ensure business issues are addressed• Report project statuses to division management and project sponsors

• Manage team of 4 Systems Analysts responsible for supporting 600 PCs• Schedule PTO to ensure proper staffing levels• Act as a senior analyst to provide additional support• Manage location specific projects• Perform job evaluations• Evaluate needs of end-user departments• Assist end-user departments prepare budgets for technology purchases• NT domain user administration

• Manage PeopleSoft client installs• Setup PCs for deployment• Analyze customer needs for new software and hardware• Install network printers with JetDirect hardware• Create and maintain user IDs on NetWare servers• Troubleshoot PC software and hardware• “Diplomatic missions” to assist executives both at work and at home