Cyber security leader for the healthcare components of the University of Delaware, providing strategic direction and oversight, and setting priorities to ensure HIPAA compliance related to administrative, physical, and technical safeguards for Protected Health Information.

Delivered security and risk management oversight and strategy for Capital One. Focused on “shifting left” risk assessment activities to identify and remediate potential issues sooner, especially related to application development and third-party services, and to ensure alignment with operational processes. Key accomplishments included:• Helped to drive the secure migration from on premise computing to cloud-based (primarily Amazon AWS) resulting in greater operational flexibility and lower costs• Delivered security and risk management oversight for the $9 billion GE Healthcare acquisition; among other achievements, coordinated the implementation of secure access capabilities from within Capital One to external web-based file-sharing services which greatly facilitated the acquisition of millions of dollars of new business while ensuring sensitive company data remained secure• Established and maintained the “Information Security Office” for the Capital One Cyber organization (CISO and over 700 cybersecurity professionals); as a key risk adviser, developed processes to report risk metrics to senior leadership which helped drive better decisions related to cybersecurity strategy and operations• As part of the 2nd line of defense, collaborated with 1st and 3rd lines to ensure security activities were aligned with company standards and provided evidence of operation, which improved audit efficiency and effectiveness

Established the HIPAA Security function for the $2 billion MediSys Health Network. Key accomplishments included:• Implemented technology and processes to monitor access to protected health information (PHI) which avoided hundreds of thousands of dollars of potential fines and penalties for non-compliance with this HIPAA requirement• Developed and implemented cybersecurity and incident response capabilities to address HIPAA requirements, including the initial “table-top” incident response exercise with executive leadership (CEO, CFO, etc.)• Led hospital department heads in identifying, reviewing, and centralizing 3rd party “business associate agreements” (BAAs) – identified and added over 150 BAAs and were able to monitor their compliance• Ensured performance of quarterly risk assessments related to the HIPAA Security Rule and “Meaningful Use” requirements, which helped to secure over $2 million in federal and state funding

Established and directed a global team of nine professionals to manage IT governance, compliance and security, including the critical areas of change management, project management office, and disaster recovery: • At the direction of the CFO, established a global, risk-based IT compliance and security team from what had been independent, regional IT functions – which increased collaboration by over 50%.• Implemented continuous control monitoring of key IT control processes which helped to avoid external audit fee increases of over 10%.• Implemented a corporate security program based on established security frameworks and best practices, and focused on achieving maturity related to the “20 Critical Security Controls for Effective Cyber Defense”.• Streamlined the Change Management process and reduced the average number of open change orders by 60% and the average age by 33%.• Implemented a global, IT project management tool to facilitate oversight and consistency in project execution.• Reduced overall IT costs by 15% during first year at Del Monte.

Delivered IT consulting services to assist clients in assessing and strengthening their IT control environment. These services included:* IT Security Assessments (ISO 27001/27002, HIPAA)* IT Privacy Assessments (HIPAA and GLBA)* IT Governance Reviews (COBIT)* IT Risk assessments (ISO 31000, NIST SP 800-37)* IT Process Reviews (Change Management, Logical Access, SDLC, and Incident Response* Sarbanes-Oxley Related IT Audit Activities

• Directed Global IT Compliance for this multinational, fast-growing insurance company; reported within the Global CIO’s organization to coordinate a worldwide team of twelve IT Compliance professionals. • Streamlined the IT Compliance Program, reducing controls tested by 33%; the IT Control Framework encompassed a complex and diverse, primarily outsourced, IT control environment.• Developed metrics to measure and track global IT Compliance activities and IT Audit recommendation status, and presented monthly to IT executive leadership, which significantly reduced delays in the remediation of audit findings.

• Reported to the CIO/Senior Vice President of Information Management with a primary focus on compliance with pharmaceutical industry regulations and Sarbanes-Oxley requirements. Responsible for IT compliance, IT security, GxP/FDA compliance, change management, disaster recovery, and records management.• Built the IT Security and Compliance function from one person to a team of six professionals.• Developed and maintained an “IT Control Framework” to provide structure and process around the identification and mitigation of risk in the organization.

* Managed teams to provide IT audit services to clients - both internal (co-sourcing/out-sourcing) and external audit services* Performed SAS70 engagements for clients* Responsible for client relationship management and employee and practice development

* Led teams to perform risk-based design, build, and test of controls for SAP and other ERP engagements with Deloitte Consulting* Managed teams to provide IT audit services to clients - both internal (co-sourcing/out-sourcing) and external audit services* Responsible for client relationship management and employee and practice development

* Directed the global IT Audit team in accomplishing the annual IT audit plan - team members resided in Europe, Latin America, and Asia* Provided Internal Audit oversight for SAP implementation and Y2K preparations