Responsible for leading the development and execution of security strategies, policies, and procedures to protect our organization's information systems, networks, and data assets.• Lead the Security Operations team to ensure the availability, integrity, and confidentiality of information assets and to detect, investigate, and respond to security incidents in a timely and effective manner.• Work closely with cross-functional teams to ensure compliance with relevant regulations and standards, such as PCI, SOX, and privacy regulations (US).• Provide regular reporting and communication to senior management on the status of security operations, incident response, and compliance efforts.• Manage and provide technical and business direction that affects strategic planning.

As the lead for strategic governance, risk, and compliance (GRC) initiatives and cybersecurity projects, I played a fundamental role in enhancing the company's governance program, managing technical risks, and ensuring compliance with industry regulations. Collaborating closely with executive management and senior stakeholders throughout the organization, I led large-scale efforts to address cybersecurity, risk, and compliance issues. In my role as Cybersecurity and Technology team lead, I maintained a high level of engagement with key stakeholders to drive successful outcomes.• Created and updated a comprehensive security plan that documented all internal requirements for meeting the company's security and privacy needs.• Assessed risks and established security standards, procedures, and controls to effectively manage those risks. Enhanced the organization's security posture by implementing process improvements, policies, automation, and ongoing monitoring of capabilities.• Conducted incident assessments, vulnerability management activities, scans for patching status and secure baselines, and tests for penetration, phishing, and social engineering attacks.• Oversaw relationships with third, fourth, and Nth party vendors and addressed risks associated with the organization's primary business systems.• Took ownership of the GRC process, overseeing the automation of GRC tools and leading the annual assessment of vendors. Coordinated efforts to obtain completed security questionnaires, including SOC2 reports, as required.• Planned and conducted regular assessments and tests to evaluate the effectiveness and efficiency of controls, and generated comprehensive GRC reports for presentation to the CEO/COO and Oversight Board.

Responsible for establishing and maintaining Trane Technologies overall cybersecurity risk management program, designed to ensure the company’s IT systems and information assets were adequately protected and prepared for business resiliency. Also responsible for identifying, evaluating, and reporting on information security risks in a manner meeting company regulatory and other compliance requirements. Worked proactively with leaders of all levels from across the company to design and implement controls that met Trane Technologies defined policies and standards.• Collaborated with global enterprise groups to design, plan, execute and conduct after-action debriefings for integrated cyber response exercises that involve business continuity, disaster recovery, legal, and other relevant areas.• Conducted threat modeling to identify potential security risks associated with industrial IoT devices and implemented appropriate security controls to mitigate those risks.• Conducted a thorough gap analysis of existing security controls against the NIST Cybersecurity Framework to identify areas of improvement.

Led efforts to continuously improve the company's information security program, adapting it to address changing threats and technological advancements. Directed initiatives to assess and enhance information security policies, procedures, and standards, improving the overall effectiveness of internal IT controls.• Took part in live exercises focused on business resiliency, addressing scenarios such as supply chain disruptions, data center unavailability, cyber breaches, and business email compromises.• Collaborated with business continuity, disaster recovery, legal, and other enterprise groups worldwide to design, plan, execute, and conduct after-action reviews for integrated cyber response exercises.• Provided consulting services and subject matter expertise in IT security to the company's applications support personnel, ensuring that applications were deployed in compliance with information security standards, and conducting security reviews of vendor and third-party services.• Took the lead in security engagements and the implementation of security controls with third-party security partners (such as network security, vulnerability, and penetration studies).• Assisted in Information Security audits and took a leading role in work streams throughout the audit lifecycle, including preparing for audits and remediation efforts, if necessary.

Conducted thorough and meticulous security assessments of crucial infrastructure facilities in industries such as Oil and Gas, Power and Water, and Transportation, following established industry standards (NIST 800-82 and IEC 62443) and best practices. Produced customized reports containing prioritized recommendations and strategies for addressing identified vulnerabilities and mitigating risks.• Conduct assessments of industrial cybersecurity, with an emphasis on evaluating People, Processes, and Systems.• Establish security policies and procedures for Industrial and Automation Control Systems, ensuring that they are properly implemented.• Design secure system and product architectures for critical infrastructure facilities, taking into account potential cyber threats and vulnerabilities.• Develop risk assessment methodologies that are tailored to the needs of industrial control systems.• Evaluate security controls against industry standards such as NIST 800-82 and IEC 62443, identifying gaps and areas for improvement.• Assist in the development of new services and marketing materials related to industrial cybersecurity.• Support pre- and post-sales activities by providing technical expertise and guidance to clients.

As the person in charge, I designed, implemented, managed, and supervised the Information Security Assessment process and procedures to support the company's comprehensive Information Security program. My responsibilities included ensuring compliance with various regulations, laws, industry standards, and policies, such as GLBA, FFIEC, HIPAA, PCI, NIST Cybersecurity Framework, and SOX.• Meet with business partners and technology teams regarding strategic plans and the integration points with enterprise-wide processes such as strategic supply management, legal, security vulnerability management, system access, operational health assessment process, security incident management, and internet/mobile environment management.• Proactively identified, interpreted, and mitigated security issues related to systems and third parties while enabling the business to drive solutions.• Developed, maintained, and communicated enterprise-wide information security-related technical standards and associated testing requirements.

As a senior consultant and trusted advisor, I have provided guidance to CISOs and Security Directors of Fortune 500 companies by balancing security and business needs through a risk-based approach. My work included conducting vendor risk and information security assessments, as well as providing consulting and advisory services on application, network, mobile, and platform security. • Performed threat assessments for internal and external systems including third-party hosted systems, assessed the security posture of new and existing environments, identify risks, and create remediation plans.• Developed the framework for governance and reporting of large-scale risk remediation initiatives.• Worked directly with senior leadership, Internal Audit, Legal, Compliance, and business partners to build threat assessment programs resulting in a measurable risk reduction to the client environment.• Researched, analyzed, and provided security recommendations on new technologies and platforms, representing Information Security in the development and implementation of those technologies.• Acted as a subject matter expert; speaking in both technical and business terms to articulate information security requirements and risks in business language.• Developed Security Awareness programs designed to protect company assets and instill security acumen

Responsible for leading a team of consultants deeply embedded in major initiatives, such as the startup of the TIAA-CREF bank and mortgage company, completed enterprise network redesign, opening new data centers, and company-wide wireless security implementation. Accountable for providing strategic and tactical direction on a wide variety of information security designs, policies, procedures, standards, issues, and risks within the enterprise.• Contributed to the Southern Regional Incident Management team by serving as a representative of information security in real-time events and crisis management team exercises.• Continuously oversaw programs aimed at ensuring compliance with federal and state regulations governing insurance and financial services companies, such as GLBA, HIPAA, SOX, PCI, and more.• Established and managed a program for conducting on-site security risk assessments of more than 150 domestic and international service providers with access to Personally Identifiable Information (PII).• Assessed potential risks and threats related to emerging trends in various areas such as fraud, identity theft, wireless security, mobile device security, and multifactor authentication.• Developed and maintained security policies and standards based on ISO27002, COBiT, the Unified Compliance Framework (UCF), and other industry best practices.

Collaborated with the eCommerce team to assess, measure, reduce, and monitor risks associated with product launches, upgrades, important initiatives, and regular self-assessments. Oversaw a group of Information Security consultants working with diverse technologies that spanned multiple business units. Worked closely with business stakeholders to ensure successful implementation of critical regulatory requirements, such as GLBA, Sarbanes-Oxley, FFIEC guidelines, Basel II, AML compliance, OCC audits, among others.• Monitored program outcomes and assessed risk levels, providing recommendations for appropriate actions based on results.• Collaborated on the development and rollout of industry-leading risk education, methodologies, tools, and approaches for use across Risk Solutions and the eCommerce channel, optimizing cross-channel efficiencies and synergies.• Contributed to the formulation and implementation of operational risk management policies, standards, and procedures in partnership with the eCommerce Risk Executive.• Ensured eCommerce teams adhered to key regulatory requirements, including AML Compliance readiness, Fact Act, Basel II, Sarbanes Oxley, etc.• Utilized Six Sigma methodology and tools to identify and implement process and systemic improvements that enhanced business profitability.• Recognized as a nominee for the Bank of America Spirit Award of Excellence.Senior Corporate Information Security (CIS) Manager and Consultant responsible for Consumer & Small Business Banking. (2003 - 2005)

Led a team of Information Security consultants responsible for diverse technologies across multiple business lines. Collaborated closely with business partners to ensure compliance with key regulatory requirements such as GLBA, Sarbanes Oxley, FFIEC guidance, Basel II, AML Compliance readiness, and OCC audits.• Created and implemented the CIS Supplier Assessment Tool, a globally applied assessment that identified security policy gaps with over 400 bank suppliers and remediated identified risks.• Provided consultation on risk assessment and mitigation strategies for major eCommerce initiatives such as SiteKey, Mobile Banking, Online Fraud Detection, OLB Security and Fraud Alerts, Online Authentication Standardization, Text Chat, and .com Content Management.• Served as a key member of the Cross Channel Authentication committee, responsible for ensuring a seamless customer experience across eCommerce, ATM, and Banking Center channels by analyzing current authentication methods and guiding future implementations.• Identified emerging vulnerabilities, assessed associated risks and threats, coordinated network and application vulnerability scans, and tracked remediation plans to completion.• Managed the GSA E-Authentication team, leading the first major financial institution to receive certification in the Federated Identity initiative.• Independently developed and presented "Defense In-Depth @Home," a practical guide to securing home PCs and protecting children online, to over 300 CIS and eCommerce associates.

Bradley Consulting is a trusted provider of expert consulting services in the areas of Information Security and Compliance, with a specific focus on Cybersecurity Risk Management, Governance Risk and Compliance (GRC), and Third Party Risk Management (TPRM).Led by a seasoned professional with a proven track record of success, our firm delivers innovative solutions to help businesses achieve their risk management goals while aligning with overall business strategy. Our comprehensive suite of services includes Vendor Risk Management, Policy Creation and Compliance, Enterprise and Cloud Architecture, Network and Data Security, Operational Risk, and Regulatory Risk Management.At Bradley Consulting, we believe in taking a collaborative approach to each engagement, working closely with our clients to fully understand their unique challenges and needs. We combine this insight with our deep industry expertise and technical knowledge to develop customized solutions that meet our clients' specific requirements and deliver measurable results.We pride ourselves on our ability to deliver projects of any scale, from small-scale assessments to large-scale implementations, and we have a proven track record of success in coordinating and delivering critical projects that are essential to the everyday operations of our clients' organizations.If you're looking for a trusted partner to help you achieve your risk management goals, Bradley Consulting is here to help. Contact us today to learn more about our services and how we can help you protect your business while achieving your strategic objectives.

Advised President and COO of critical issues facing the Education Department and worked closely with the Director of Education on instructional and personnel matters. Participated in overseeing general operation of company through the Executive Management Committee and in courseware production through the Courseware Review Board. Developed and implemented job performance review and goal-setting process. Took a leadership role in instructor development and certification in new technologies. Chief liaison with Instructor Steering Committee and Instructor Development Network.Senior Technical Instructor (1996 -1998) Trained Chief Information Security Officers, U.S. Military and government agencies, Financial Institutions, IT Directors, consultants, and high-level support professionals on; Internet Security, Electronic Commerce, LAN/WAN and Server administration, Microsoft Windows 2000/NT/98, LINUX, IBM eBusiness solutions, and Netscape Enterprise Servers. Traveled internationally to deliver training to businesses and originations including the United Nations, FEMA, Bank of America, IBM, Microsoft, HP, CompUSA, Computer Education Services Corporation, ExecuTrain, New Horizons, Productivity Point International, amongst many others.• Developed student courseware. • Provided marketing and sales support for key customers. • Technical editor for the New Riders publication “Understanding Data Communications.”• Selected by peers of over 60 instructors as the Chairperson of the Instructor Steering Committee.

Avionics - 3rd Marine Aircraft Wing Tustin CADuring my six-year tenure in the United States Marine Corps, I was promoted through every rank up to Sergeant, earning meritorious recognition along the way. I specialized in avionics and precision measurement equipment, and held a secret security clearance.