Developed all aspects of the Sourcepoint Information Security program including establishing and managing a global program covering corporate, product, engineering and GRC in 3 offices across 3 countries.• Rescoped entire ISO27001:2013 program from an ISMS to an ISO 27001:2022 / 27701:2019 compliant PISMS.• Established a Bug Bounty program to foster collaboration with external researchers.• Leveraged our ISO compliance program as the foundation for gaining ENS certification.• Developed a Third-Party Vendor management program.• Performed an ISO 42001(AI Management System) audit exercise.• Collaborated with Legal to develop a customer facing program for managing RFPs during the sales and renewal cycle.• Worked with Engineering and Legal to deliver trainings for corporate Information Security, Privacy and Engineering.• Transitioned security operations duties to 3rd party vendor

Responsible for compliance, third party risk management and customer assurance. Managed QSAs and external audit resources.• Created program for upstream and downstream vendor management and risk analysis and integrated them with the OneTrust platform.• Secured SOC2 Type2 compliance for 2021, drove remediation items and began preparations for 2022 review and audit.• Began transition to ISO27701 framework and creation of a PIMS.• Partnered with IT, Engineering and Lab Services to begin preparation for NIST-CSF audit in 2022.

Tasked with full ownership of the security and compliance initiative and transitioning day to day management of Security Operations away from a third-party resource. • Developed Zymergens compliance initiative including a 5 year road map that covered ISO and NIST frameworks.• Rescoped entire ISO27001:2013 posture for 27001:2022 and converted ISMS to an ISPIMS for ISO27701 certification.• Hosted and managed remediation meetings and quarterly security round table• Began preparations for NIST 800-53 compliance initiative for 2022.• Partnered with engineering and assisted in implementation of source code review tool (BlackDuck) and process.• Coordinated with Internal Audit and Corporate Compliance for SOX deliverables.

Managed all aspects of information security and global compliance. Supervised staff of six; one team member in San Francisco, three in Atlanta, and two in Lithuania. Monitored all networks for security breaches, investigated violations, and conducted ongoing cyber risk assessments. Assessed systems and recommended security enhancements to IT managers. As one of the first hires in 2015, developed policies and procedures to govern the business and ensure maximum system effectiveness. Started with a budget of $0 which grew to just under $1 million in 2020.• Built Revel’s Information Security posture from the ground up, including software and hardware assets, networks, services, and controls. Developed risk inventory and prioritized risks.• Managed team that integrated security and threat modeling into the development lifecycle, utilizing tools such as BlackDuck and SonarCloud.• As an individual contributor, secured ISO27001:2013 compliance for the Lithuanian office and mentored a junior team member to assume management responsibility.• Coordinated team that performed PCI compliance project that brought Revel’s back-end system up to PCI standards.• Oversaw Internal Audit and compliance functions.• Ensured adherence to GDPR requirements that enabled European customers to ensure proper handling / storage of data in accordance with specific requirements. Also enabled customers’ customers to request information on data that had been collected on them, allowing users to request that personal information be deleted from our systems.• Oversaw the development of processes to align with CCPA requirements.• Conducted contract reviews with vendors and customers to ensure adequate provisions for security and compliance. Handled customer escalations due to security or PCI related issues and worked with customers 1-on-1.• Presented security and compliance-related tracks at Revelry, Revel’s annual customer event.

Tasked with the "ground-up" creation of a Security Operations Center to service adn support clients in the healthcare industry. Manage SOC, monitor / analyze security events inside and outside the network, and coordinate Internet response efforts. Supervise technicians, triage incoming escalations, coordinate response efforts, and function as a 24x7 emergency escalation contact.• Developed security policies / procedures and designed Incident Response Plan.• Sourced, screened, and interviewed security team candidates; made salary recommendations.• Hired and managed analysts and incident responders; conduct exit interviews.• Identify and prioritize security enhancements to ensure maximum system effectiveness.

Initially hired as senior security architect to complete ISO audit / compliance project. Managed remediation efforts and developed comprehensive suite of policies adn procedures to maintain ISO compliance.Identified and prioritized security enhancements, defined standards, and determined strategic direction for security and compliance efforts. Implemented technical risk management programs and managed internal networking system with total accountability for gusiness-wide risk management, production and client facing networks. Supervised two network engineers, two systems engineers, one technical writer and three QSAs. Ensured optimum security for customer-facing web platforms.• Led next generation design of Eveo's content delivery network.• Redesigned client facing network to improve mobile app customer experience.• Developed long term strategy for user and platform security.• managed on-call rotation of technicians and served as 24x7 emergency escalation contact.

• Subject matter expert (SME) for all networking related initiatives• Renegotiated broadband services contract and saw 20% savings• Member of the SOX and PCI review boards• Redesigned internal store network as part of 802.11 design and “proof of concept”• Architected “data loss prevention” solution• Ensured risk assessments for projects were regularly reported to the executive team• Investigation and recommendation for next generation retail WAN• Responsible for managing 2-4 contract resources

• Leveraged my strengths in negotiation to renegotiate with vendors throughout the year and was able to reduce Opex spend by 15% without compromising SLAs• Managed all aspects of QSA relationships• Established standards and guidelines used in implementing security solutions• Provide clear and concise leadership of the overall security initiative within Sephora• Advised the CISO on high profile incidents• Responsible for 2 direct reports

• Re-architected the Sephora retail network in order to secure client cardholder data utilizing security management appliances and PCI best practices• Achieved Tier 1 PCI compliance for 4 consecutive years; including 1 year earning a $25,000 credit for early filing• Attained corporate HIPPA compliance• Created and gain acceptance of global policies (Sephora/LVMH Information Security Policy, Sephora/LVMH Information Security Incident Response Plan)• Managed and participated in comprehensive internal and external security assessments of the Sephora eCommerce platform• Designed and implemented unified monitoring• Deployed and tuned IPS devices• Introduced file level and whole disk encryption to critical business units; HR, Payroll, Executive Team• Gave quarterly brown-bag sessions to IT on security related topics

• Evaluated, developed and deployed Mobile Data Encryption solution to all mobile users.• Enterprise AV/NAC design and administration• Group Policy design• Active in both PCI and SOX Compliance efforts• Created and maintained clear and concise program documentation and user procedures

• Managed and supported all aspects of the Network and Information Security teams - 12 direct reports• Provided strategic planning for both Asera corporate and client networks• Oversaw relationships with ISPs, co-location facilities and vendors

• Built a network monitoring solution for both corporate and client networks• Designed the first iteration of the network to support the “Asera product”, a high volume B2B eCommerce application