• Responsible for planning, execution, and reporting of security assessments across Amazon and its subsidiaries globally.• Led the assessment of application security programs across Amazon Web Services and Stores Services, Entertainment, and Devices.• Led the security assessment of AWS account management security controls across Amazon Stores. Provided recommendations to mitigate identified risk and communicated risks to senior Amazon leaders and stakeholders.• Led the security assessment of access management and data access controls of financial technology services for Amazon globally.• Responsible for reviewing security controls, such as data access management, for AWS services including, IAM, ECS, S3, Redshift, CodePipeline, CodeDeploy, and others.• Responsible for partnering with business owners and senior stakeholders to track and manage to completion over 100 open security risks. Led the analysis of open security risks, recommended technical solutions for mitigation, and verified fixes for closure such as code changes, configuration changes, or process mitigations.

• Reported to the VP of Information Security, responsible for the planning, budgeting, and implementation of strategic information security initiatives.• Led secure coding for web applications and privacy and security fundamentals training for the organization.• Maintained the security bar for data encryption controls (PGP, x.509 Certificates, SecureFTP, application-level encryption, and database encryption) including policies, standards, and procedures in compliance with NIST Cryptographic Standards and Guidelines. • Led multiple cross functional developer teams in identifying, prioritizing, and implementing security controls for customer facing applications.• Designed and developed security controls for the WebMD Security Controls frameworks including HITRUST, Trust Services and others.• Led pentesting services across the full portfolio of applications, reported results to senior stakeholders and executives and recommended solutions.• Served on the architecture team for planning and design of future applications, services, products, and features.• Trusted advisor to the senior leadership team for long term strategy, risk management, security projects, regulatory compliance, and incident management.• Coordinated with sales teams to respond to security inquiries in RFP’s and customer facing questions in a timely and effective manner.

• Reporting the VP of Technology, led two highly successful and independent teams within the information services department.• Led the multidiscipline consumer product and innovation teams responsible for the creation, development, and management of Consumer Digital Strategy for Legacy Health.• Led the mobile application product team and the release of the Stay Healthy consumer platform in less than 3 months, creating a new digital channel and bringing innovation to the forefront of Legacy Health's Consumer Digital Strategy.• Led Legacy Health’s cloud adoption and the development of continuous integration and continuous deployment (CI/CD) teams focused on automation platforms and capabilities in AWS and Azure.• Led the adoption of Chef Automate and other automation capabilities for Legacy Health to build robust continuous integration and continuous delivery as well as security and compliance as code practices.• Responsible to the CIO and the Board for the creation of monthly and quarterly information security reporting metrics, dashboards, security program goals, and security trends.• Managed the enterprise Information Security Team including engineering and operations functions.• Developed the organizations Information Security Strategy and implemented an enterprise threat and vulnerability management program reducing risk by more than 80% during the first year of the program.• Managed the yearly enterprise security risk assessment and the implementation of Center for Internet Security (CIS) controls and reported to the board quarterly.• Managed internal and external audits reporting to senior leaders for yearly financial audit deliverables such as policy review, test of controls, and audit recommendations.

• Consulted on multiple AICPA System and Organization Control (SOC) audits as a subject matter expert for information security and privacy.• Led client engagements and provided technical leadership in the assessment, design, and implementation of cybersecurity and risk management.• Worked with leadership to maintain a budget, forecast revenue, and recommended areas for investment in new opportunities.

• Accountable for all department operations, selection and management of vendors, budgeting, resource management, and production support.• Led the creation and development of DevOps and security services or Providence Digital Innovation Group.• Manage 3 teams responsible for multiple product lines including infrastructure and an offshore operations support team.

• Accountable for the planning, architecture, security, and implementation of approximately 200 servers supporting 300 web applications for the enterprise.• Built an operations support team resulting in 95% decrease in incident resolution time at 33% less cost to the organization.• Partnered with business stakeholders to build a strategy and roadmap for intranet services supporting all users and managed the rebuild of the corporate intranet.

• Managed the implementation, support, and change management services for retail point of sale applications around the globe.• Led monthly PCI reviews for the retail IT business reporting to senior leadership on compliance. Managed the resolution of any identified vulnerabilities or discrepancies.• Developed the strategy for global deployment and support of new user interface for customer facing iMacs aligning with the business direct to consumer strategy.• Led incident, change, and problem management for the global application infrastructure.• Co-lead the holiday readiness activities to prepare 145 retail locations in the US for resulting in improved system availability, incident resolution, and overall dramatically higher transactions.

• Project owner to transition managed security service providers. Managed timeline, budget, and resources to implement new technology and services in a five state enterprise including the creation and implementation of supporting operational processes and procedures.• Managed Data Loss Prevention operational implementation. Assumed operational management functions of Data Loss Prevention, developed initial processes, procedures, and reporting requirements.• Implemented a Significant Security Event Notification Process resulting in all reported significant events being reported to Executive Counsel on a weekly basis and improved visibility of potentially high risk incidents occurring throughout the organization.• Managed the Security Operations Center (SOC). Established initial processes, documentation, and reporting requirements improving efficiency, repeatability, and visibility in security operations. • Managed the resolution of 236 security incidents, and 195 changes to operational environment with 0 defects.• Lead creation and implemented security incident reporting and process metrics for major stakeholders including the Executive Council and Board of Directors.

• Coordinated NSA Red Team information operations and information assurance readiness assessment activities for the Joint Staff, Unified Commands, and Department of Defense agencies.• As Advanced Security Research Programmer developed computer applications and techniques to identify information security vulnerabilities in Department of Defense and U.S. Government information systems.• Individually recognized for performance in 2006 and 2007 Cyber Defense Exercises. Produced 80 operating system images and dedicated 180 hours of systems security engineering and penetration testing against the six service academies.• Developed technical documentation and user manuals for the applications and techniques used in information assurance assessments.