Responsible for enterprise PCI-DSS and SOX technology compliance programs, information security awareness program, IT security risk management, and information security policy and standards for Dick’s Sporting Goods.

• Organized and oversaw current state security assessments for clients in various industries, identifying and prioritizing risks and improvement opportunities, and developing recommendations aimed at increasing overall maturity of cybersecurity programs, reducing information risk, and increasing organizational resiliency. • Served as a Cybersecurity Subject Matter Resource for the NIST CSF framework and controls best practices in support of client audit programs for the healthcare and life sciences and manufacturing and consumer goods industries.• Led proposal development efforts for engagement opportunities to mature client cybersecurity governance, risk, and compliance programs and improve cybersecurity program organization and operating models.• Planned and executed full project lifecycle responsibilities, including proposal development and presentations, project budgeting and resource planning, statements of work, staffing and resource selection, project plan/wbs development, day to day project management and oversight, client relationship management, status reporting, engagement economics, and project billing and closure.

• Drove multiple concurrent projects—taking information security program objectives from ideation to maturity targets, to ensure reduction of risk to acceptable levels.• Established a security council of executives following a key board level directive to focus on improving overall governance and information risk visibility and risk appetite/tolerance management, building an information security governance framework including a PMO Board, Information Security Management Board, and an Information Security Steering Committee, facilitating Steering Committee meetings to inform and influence decision outcomes. • Matured risk management capabilities, introducing a risk register, risk identification and assessment processes, and risk treatment plan procedures, aligning with NIST CSF, NIST 800-53, SANS CIS Top 20, ISO27001, COBIT, and other frameworks.• Orchestrated annual information security surveys and workshops, to gain consensus and prioritization for the company’s risk appetite, risk tolerance, key/aggregate information security risks, to drive prioritization for information security strategic programs and tactical priorities required to reduce information risk.• Implemented enterprise security policies and acceptable use policies, to establish senior management’s directives and set accountabilities regarding information security and data protection mandates. Led user awareness training development for policy deployment to ensure policy fundamentals were effectively retained.• Managed control assessments and risk mitigation strategies which reduced inherent risk for high-risk business processes, applications, and mobile applications, including those associated with PII, PHI, payment card industry (PCI-DSS), HIPAA, GDPR, and critical supply chain.• Championed $3M in capital projects to implement a more mature risk management framework, supplier /3rd party risk management framework, M&A cybersecurity playbook, and data classification program foundation.

Championed rollout of global SAP ERP and Business Intelligence template, rapidly scaling team to stand-up a global support model with localized presence, traveling globally to lead multinational SAP implementation projects. Harmonized global SAP environments across the enterprise, liaising with IT management, business leadership, and internal audit management to structure security design and administration practices. Developed, managed, and allocated $5M in capital and expense budgets to optimize project deployment, compliance, and operations. • Expanded the Global SAP Security Center of Excellence, recruiting and retaining key talent in Europe and Asia Pacific regions, earning enterprise support for business cases fueling strategic initiatives, additional headcount, and security best practices.• Excelled in collaborating and communicating cross-functionally and cross-culturally with local system owners, leading a team of 15+ direct reports including FTEs and contractors in supporting tremendous organic and acquisition-based growth.• Managed major SAP security redesign, deployment, and upgrade projects including BOBJ 4.0, SAP ECC 6.0, SAP BW 7.0, SAP Business Objects, SAP PI, SAP Enterprise Portal, Approva BizRights, and SAP GRC Access Controls 10.• Generated $1M in cost savings on leading a license cleanup initiative, holding accountability for SAP global license audit compliance and projection of enterprise SAP license budget forecast. Managed security audits and global SOX and GxP compliance.* Promoted from Manager to Director in 2013

Drove on-time, in-budget, and within-scope SAP implementations, holding responsibility for project planning, budgeting, contract negotiation and management, resource recruitment, deliverables management, and cross-functional project team leadership.• Led the full lifecycle deployment of Approva BizRights SAP Access Management at Mylan’s North America subsidiary; managed and coordinated efforts for SAP support pack upgrades and outages for the enterprise SAP landscape.

Led team in requirements gathering, designing, testing, implementing, administering, and supporting SAP security for the enterprise. Secured and allocated FTE and consultative resources, monitored progress and mitigated risks, and reported project status to project and IT infrastructure management. Served as the security technical lead for the implementation of numerous SAP modules.• Subject matter expert for SAP infrastructure security including SAP enterprise portal integration, LDAP authentication with SAP enterprise portal, RF gun authentication, Wyse manufacturing kiosk configuration, and SAP router configuration.

Foundational roles in IT infrastructure and security administration, gaining experience in end-user support, disaster recovery, data center operations, Unix and Windows server administration, and Active Directory administration.