Partner with Archer GRC customers to:1. Design and build tailored, sustainable Archer solutions that achieve risk & compliance goals and satisfy regulators 2. Provide temporary or ongoing Archer Administrator bandwidth when demand spikes3. Offer guidance on Archer customization, licensing, and hosting helping customers avoid costly mistakesRecent Archer projects include:- Serve as Archer Administrator for insurance company with active user base- Regulatory change management solution for global credit reporting agency- Insurance policy quality assurance solution for insurance company- Risk & control self-assessment solution for global financial services provider- Incident management solution for auto services organization- Pharmacy requests solution at healthcare solution provider- Led new Archer implementation at health insurance provider

Led GRC services at Security Risk Advisors including business development, project delivery, and thought leadership. Project work included:Guiding organizations through the GRC tool selection processDeveloping roadmaps for deploying Archer to meet stakeholder needs and address commonly overlooked critical success factorsHelped client realize and capitalize on Archer’s potential after a suboptimal experience with original implementation partnerDesigned and deployed custom employee review process in Archer that was successfully rolled out to 95 branchesDesigned, configured, and executed assessment processes focused on assessing business units, applications, vendors, etc against industry standards like PCI DSS, FFIEC guidelines, etc.

Managed Archer GRC tool implementation and team of 4 resources. After surpassing initial expectation of automating the Bank's annual IT risk assessment process, Archer emerged as the recognized enterprise GRC tool growing to support 10 processes, several of which were on the radar screen of our regulators. Other tools were retired in favor of Archer resulting in substantial savings and a better user experience.Led PCI compliance initiative with scope of 45 business units (merchants, service providers, card issuers, and a payment acquirer) and 120 applications - sought and received Executive Management support and budget, laid foundation for key program components including assessment process, planning/implementation of required controls (e.g. network segmentation, encryption of data at rest, log monitoring, etc), and reporting to Management, Acquiring Bank, and the Card Brands. Managed 8 staff responsible for acting as local PCI subject matter experts, documenting PCI relevant business processes and systems, seeking opportunities to reduce use and storage of full card account number (over 6 million records eliminated), and conducting assessments against relevant PCI SSC standards.Architect of IT risk assessment process (conducted in Archer GRC tool) that satisfies applicable industry standards (PCI DSS) and regulatory requirements (GLBA, HIPAA) via a single assessment.

Assessed and developed info security controls and processes for Fortune 500 Companies seeking to comply with the PCI DSS, Sarbanes Oxley, GLBA and HIPAA. Led successful, multi-year PCI compliance initiative at national telecommunications company (a level 1 merchant). Assessed compliance at 33 divisions and planned and oversaw enterprise-wide remediation activities. Planned and coordinated engagement activities, managed budgets, directed teams of two to five staff, provided formal feedback to staff during and after engagements.Participated in business development activities including recognition of opportunities at existing clients and proposal efforts.Acted as local market PCI subject matter expert, participated in national PCI core team responsible for PwC's PCI thought leadership, advised numerous client's on PCI DSS interpretations

Provided IT audit services including assessment of general computer controls and business processes. Led and documented interviews and prepared work papers and deliverables.