I am currently managing various information security programs, including risk/threat/vulnerability management, security architecture, incident response, security operations/awareness, and sensitive information protection. Major Responsibilities:Establishing latest and secure cloud configuration technology and standards, monitoring APIs, conducting application penetration testing, steering implementation of end-to-end encryption on payment terminals and tokenization of online credit card numbers, building in-house penetration testing team for internal, external, web, and app security assessments, delivering monthly updates to Chairman of Board and quarterly presentations to Board of Directors, ensuring compliance with privacy laws including CCPA and GDPR, implementing robust compliance frameworks to safeguard company data and customer privacy, and spearheading global InfoSec operations across 12 countries and 4,000+ stores. Selected Accomplishments: • Deployed repeatable metrics program to track progress across multiple security program components. • Led tokenization of all e-commerce credit cards and executed Bot and Code defense on e-commerce websites.• Updated and simplified information security technology platform catalog and conducted comprehensive overhaul of vulnerability management process.• Directed InfoSec through digital transformation initiatives, including BOPIS, DIY Education, e-commerce personalization, virtual color expertise, and data lake integration.

Here, I was developing and executing comprehensive global DDoS mitigation strategies. Major Duties:Presenting quarterly board updates outlining maturity of information security and compliance programs, mapping Personally Identifiable Information (PII) across enterprise, conducting quarterly tabletop exercises for Breach Response Plan, developing Information Security and Compliance catalog, overseeing Disaster Recovery Program, leading integration with Business Continuity Planning (BCP, measuring ~50 different information security and compliance controls with monthly metrics, and enhancing information security awareness program through new employee online training and monthly phishing security awareness initiatives. Selected Accomplishments: • Doubled SOX control effectiveness within year by leading and guiding compliance team.• Secured lowest insurance premium by presenting Security Program to over 20 underwriters. • Implemented end-to-end encryption to ensure secure transactions from PIN pad to processor across 4000+ stores.• Built 24x7 Security Operations Center and established monitoring latest processes for managing information security alerts.• Managed $5M budget and supervised diverse team of 23 professionals ranging from senior managers to analysts aimed at improving performance.

During this tenure, I was overseeing multiple third-party outsourced suppliers providing security services for Ally, including creating statements of work, SLAs, and contracts. Major Duties:Creating/delivering monthly metrics presentations on security operations for CISOs and CIOs, spearheading network security design for new data center, implementing new security strategies and products, and supervising team of eight security analysts, engineers, and architects supporting intrusion prevention, firewall, web filtering, SIEM, DAM, malware mitigation, and DDoS mitigation services. Selected Accomplishments: • Spearheaded strategic initiatives to establish internal 24x7 Security Operations Center and implemented DDoS mitigation services for high-risk sites.• Designed comprehensive monitoring program, integrating over 4000 devices with enterprise SIEM, defining alerts, reports, and thresholds, and collaborating with various infrastructure teams for issue remediation.Additional ExperienceLead Security Architect/Engineer | GMAC ResCap, Irving, TXConsulting Manager of Technical Risk Management | Arthur Andersen/Protiviti Consulting, Dallas, TXSenior Security Engineer | Neiman Marcus Group, Irving, TXAIX Technical Support Contractor | IBM (Decision Consultants), Southlake, TX