• As part of CIO leadership team for card services, serve as managing director for organization of 1,500 technology associates with $2 billion annual revenue.➙ Manage operational and governance aspects of infotech and technology risk, leading teams of analysts, engineers and IAM administrators.➙ With dedicated IAM team, oversee internal and external user provisioning for card services applications and systems, developing tools to detect anomalous user activity.➙ Drive IT management, security and access management functions, ensuring all operational and security/risk goals are met.➙ Actively sponsor and direct data-at-rest encryption, WAF, AppSec scanning and remediation, CMDB IT asset management, security governance, audit/compliance, IAM and ATM security.➙ Serve as IT control officer to drive integration of security/risk controls, audit events and risk assessments and inquiries.➙ Manage global contract development team with 30+ full-time/contract members focused on information security.• Serve as managing sponsor for Voltage data encryption solution, a two-year initiative with $7 million SOW.• Direct various initiatives including application security logging to Splunk, WebInspect, Fortify and Sonatype vulnerability remediation and F5 Silverline WAF rollout.• Influence technology enterprise controls, oversight and implementation.➙ Report weekly and monthly to c-suite.➙ Execute weekly security and technology governance program.➙ Provide audit and compliance oversight, ensuring successful PCI DSS, SOC, SOX, corporate audit, and FFIEC audit/exam outcomes.➙ Developed ServiceNow CMDB quality assurance program, built supporting team and integrated CMDB practice into SDLC.• Chartered application security champions program. Implemented offshore application early security testing as part of SDLC, reducing vulnerabilities 95%.• Directed disaster recovery readiness and business continuity programs within an enterprise framework.

• In partnership with IT management London office, supported development of new payment application for UK market, ensuring PCI requirements and compliance.• Served as lead GDPR compliance subject matter expert.

• Directed risk and audit management, security vulnerability and risk mitigation, identity access management, process improvement, policy, governance and IT strategy.• Drove IT infrastructure-related compliance initiatives to maintain compliance with corporate policy and industry regulations.• Collaborated with internal auditors to support corporate audits of IT infrastructure and processes.• Oversaw asset management program to ensure effectiveness of physical infrastructure management.• Directed enterprise risk assessment activities for infrastructure support organization.• Led FFIEC, PCI DSS, SOC and SOX audits and assessments, ensuring annual recertifications.

• Led ePayments division core business unit ISO functions, partnering with enterprise security team and corporate audit, business unit leadership and divisional ISO leads.• Chartered division information security office to better address information security concerns at the divisional level by establishing organization, standards/procedures and team staff.• Provided PCI and data privacy consultation to ensure development organization met corporate and PCI data requirements, serving as escalation point on all business-unit-level security concerns.• Led FFIEC, PCI, SOX and corporate business-unit-focused audits, working directly with assessors and examiners, directing responses and ensuring gap remediation to optimize audit outcome.

• As member of senior-level solutions architect team, evolved bill payment solutions to a services-oriented architecture (SOA) focused on data privacy, encryption, logging and credit card tokenization.• Developed architecture evaluation program that formalized review of architected solutions and was adopted as core component of Fiserv’s SDLC.• Architected and developed division’s first mainframe CICS-hosted tokenization web-service solution in support of PCI effort, delivering significant savings and limiting credit card exposure.• Volunteered to drive multimillion-dollar PCI compliance program.➙ Led five PCI certification projects across four Fiserv US sites and two PCI PA DSS assessments.➙ Achieved PCI compliance at each site in 2010.• Created and delivered blended XP/RUP development training course for development and quality assurance staff to support move to Agile SDLC methodology.

• Reporting to VP of quality and operations, interacted daily with c-level leadership and directed core team of analysts and project managers responsible for operational aspects of software development and improving overall portfolio, release and audit functions.• Led audit compliance, portfolio execution, release management, SDLC metrics and process engineering.• Drove organization-wide process improvements to increase efficiency of development operations including SDLC, portfolio execution and production releases.• Led organizational rewrite of SAS 70 control objectives to help ensure successful development organization audit.

• Directed geographically dispersed software development teams developing Java, .NET and mainframe-oriented bill pay services, email and paper correspondence systems, credit card gateway, real-time biller communication and consumer identity verification.• Led development efforts for Austin site, completing conversion of enterprise bill payment platform.• Implemented procedures and trained peers to improve current development practice.• Led and participated in application architecture design, large-scale development efforts, client conversions and implementations.• Developed and supported consumer authentication and banking/enrollment back-end applications for enterprise bill payment and banking platform.