Lead transformation workstream to develop the strategy for integration of policy, risk assessment, monitoring and reporting processes into the ServiceNow platform providing a single integrated view of risk empowering leadership to make informed decisions and action based upon the top risks to the organizationDeveloped and lead a 2nd LoR function to provide oversight for all Cyber, resiliency, technology, data and operations ERM risks, including the management of risk treatment plans… Show more Lead transformation workstream to develop the strategy for integration of policy, risk assessment, monitoring and reporting processes into the ServiceNow platform providing a single integrated view of risk empowering leadership to make informed decisions and action based upon the top risks to the organizationDeveloped and lead a 2nd LoR function to provide oversight for all Cyber, resiliency, technology, data and operations ERM risks, including the management of risk treatment plans, defining planned mitigation activities, implementing KRIs for risk monitoring and executive reporting to the management committeeAssess the risk posture of the firm through targeted risk and control assessments identifying control requirement compliance, maturity and report out any control deficiencies (issues) and risks to executive leadership, including overseeing remediation efforts to ensure risks are appropriately remediated Show less

Led the development and implementation of a multi-year IT Risk and 5 LoR strategy to restructure the firm’s IT policy processes, including content and organizational structure, governance processes, and GRC technology platform providing an integrated view of risk and compliance, automated monitoring and reportingRefreshed the firm’s risk and internal controls framework, through the creation of policies and control objectives with alignment to 20+ authoritative sources, including AICPA… Show more Led the development and implementation of a multi-year IT Risk and 5 LoR strategy to restructure the firm’s IT policy processes, including content and organizational structure, governance processes, and GRC technology platform providing an integrated view of risk and compliance, automated monitoring and reportingRefreshed the firm’s risk and internal controls framework, through the creation of policies and control objectives with alignment to 20+ authoritative sources, including AICPA trust principals, NIST 800-53,171, CMMC, COBIT 2019, ISO27001, GDPR, NIST CSF, COBIT and HIPAA, and created a centralized control library in ServiceNow GRC/IRM for tracking and managementDeployed and lead cross functional IT policy review board comprised of senior leaders from the business,privacy, legal, IT, HR, security, risk management, and audit to collaborate on policy, compliance and risk topicsDrive privacy, cybersecurity & risk awareness through the creation of multi-channel campaigns using live action videos, gamification, rewards to promote a strong cybersecurity and risk culture Show less

Assessed and managed population of IT and business controls aligned to various industry and internal frameworks including NIST 800-171, and HiTrustEstablished a program to manage non compliance and audit findings including coordination of remediation activities for the US firm including reporting to senior leadershipManaged the firm’s privacy self assessment process for the IT organization in support of Privacy Shield Collaborated with control owners and auditors… Show more Assessed and managed population of IT and business controls aligned to various industry and internal frameworks including NIST 800-171, and HiTrustEstablished a program to manage non compliance and audit findings including coordination of remediation activities for the US firm including reporting to senior leadershipManaged the firm’s privacy self assessment process for the IT organization in support of Privacy Shield Collaborated with control owners and auditors (internal and external) on development and resolution of remediation plansResponsible for tracking and managing IT policy exceptions and identified non compliance findingsDay to day management of issues, risks, remediation plans and exceptions in Archer GRC Show less

Enterprise Program Leader for top organizational initiatives leading cross functional teams of over 30 employees and contractors:Call Center Consolidation Program: Led top enterprise initiative consolidating 10+ call center organizations aligning technology, office locations, business processes, and organizational structure resulting in annualized budgetary saves of $7M+ and enhanced customer experienceLocation Strategy & Vendor Sourcing: Actively managed a multi-year enterprise… Show more Enterprise Program Leader for top organizational initiatives leading cross functional teams of over 30 employees and contractors:Call Center Consolidation Program: Led top enterprise initiative consolidating 10+ call center organizations aligning technology, office locations, business processes, and organizational structure resulting in annualized budgetary saves of $7M+ and enhanced customer experienceLocation Strategy & Vendor Sourcing: Actively managed a multi-year enterprise strategy of call center placement and sourcing strategy, resulting in significant savings and enhanced process efficiencies Show less

Enterprise Program Leader for top organizational initiatives leading cross functional teams of approximately 100 employees and contractors:Cybersecurity & Data Protection Program: Responsible for leading $80 million-dollar multiyear Cybersecurity & Compliance program comprised of 25+ cybersecurity, compliance and privacy projects spanning 50 countries reporting directly to the MetLife Board of DirectorsTRICARE Program: Led the successful implementation of TRICARE dental business… Show more Enterprise Program Leader for top organizational initiatives leading cross functional teams of approximately 100 employees and contractors:Cybersecurity & Data Protection Program: Responsible for leading $80 million-dollar multiyear Cybersecurity & Compliance program comprised of 25+ cybersecurity, compliance and privacy projects spanning 50 countries reporting directly to the MetLife Board of DirectorsTRICARE Program: Led the successful implementation of TRICARE dental business working with the DoD on compliance, cybersecurity and IT infrastructure requirements including management of government security clearance requirements resulting in a $2B revenue gain for the enterprise Show less

Leader responsible for managing the business relationship, budget and technology needs of MetLife BankServed as an escalation point for client technology challenges and actively collaborated with business and IT organizations to align short and long term strategiesActive participant in MetLife Bank IT leadership meetings, business steering committee and executive operating councils.

Responsible for day to day management of MetLife’s global application and third party security risk and operations, including conducting security and risk assessments, compliance and remediation plan management, ethical hacking, secure coding programs, web vulnerability scanning and customer security reviews. Established program for tracking and managing of audit findings (internal and external) including creating an audit liaison function within business groups and a monthly governance… Show more Responsible for day to day management of MetLife’s global application and third party security risk and operations, including conducting security and risk assessments, compliance and remediation plan management, ethical hacking, secure coding programs, web vulnerability scanning and customer security reviews. Established program for tracking and managing of audit findings (internal and external) including creating an audit liaison function within business groups and a monthly governance forum to collaborate amongst business groups Coordinated all communications on IT audit and compliance matters with internal and external auditors Managed a team of 20+ full time employees and contractors, as well as full relationship and financial management for 3 external vendors. Show less

Conducted internal control assessments of financial services entities. Areas of assessment include: Data Centers/IT General Controls, SOX, SAS70 (SSAE 16, SOC 2/3), FDICIA, DB/401K, business processes & 17-ADSecurity consulting including designing self-assessment programs

Oversaw all aspects of corporate relocation to One Lincoln Street (2,000 + users) with ten phases completed on time with no disruption to business including trading operationsDeveloped and implemented detailed step by step plan for migration of multiple trading floors and office locations into single corporate facility (plan was executed on schedule) Effectively managed and tracked multi-million-dollar IT budgetManaged RFP process for over 10 RFP’s all completed on… Show more Oversaw all aspects of corporate relocation to One Lincoln Street (2,000 + users) with ten phases completed on time with no disruption to business including trading operationsDeveloped and implemented detailed step by step plan for migration of multiple trading floors and office locations into single corporate facility (plan was executed on schedule) Effectively managed and tracked multi-million-dollar IT budgetManaged RFP process for over 10 RFP’s all completed on schedule; resulting in savings of over $9M Show less