Transformative Cybersecurity Leader Driving Breach Prevention and Operational ExcellenceSpearheaded the transformation of a compliance-focused security program into a proactive breach prevention model, delivering 100% visibility into risks and integrating robust data into an enterprise-wide risk management framework.Regularly presented strategic updates and risk insights to the Board and Audit Committee on a quarterly basis.Designed and implemented a multi-cloud security program (AWS, GCP, Azure), achieving 100% observability of all assets and developing a multi-layered approach to addressing vulnerabilities and configuration drift.Oversaw AICPA SOC 2 Type 2, HIPAA, HITRUST, and PCI compliance programs, ensuring adherence to industry standards and building customer trust.Acted as a customer-facing security advocate for a Fortune 50 client base, addressing concerns and fostering confidence in the organization’s security posture.Directed a $12M annual security program, significantly reducing data breach risks and enhancing ransomware defenses.Streamlined vendor management, reallocating 50% of vendor spend to high-ROI breach prevention initiatives, improving cost efficiency and program effectiveness.Built and led three specialized security teams:Application Security Team: Focused on identifying exploitable code deficiencies pre-production.Security Operations Team: Managed incident response, IT defense, threat detection, and configuration drift monitoring.Governance Risk & Compliance: Focused on customer security support, HIPAA, AICPA SOC 2 and HITRUST audits, TPRM.Developed and executed an AI Policy and Governance framework, enabling AI adoption as a business differentiator and revenue driver.Championed the creation of cross-functional SLAs to align security outcomes with business objectives.Automated 80% of security questionnaire processes, enhancing scalability, operational efficiency, and customer retention for go-to-market initiatives.

Built, advocated, and sponsored information security initiatives across a fast-growing business, taking it through the security requirements required as a company traded on the NASDAQ, with Fortune 50 customers. Provided vision, strategy, and execution to transition from a compliance shop that was focused on audit controls, to creating a program based in observability and breach prevention strategies.• Executive responsible for the program strategy.• Created KPI’s that drove monitoring of security effectiveness• Advocated and created a budget >$6M/Annual for Cyber Security• Responsible for SOC2, HIPAA and PCI compliance programs.• Built a program that gave 100% visibility of our cloud assets, to detect any security events and avoid shadow IT• Built and led 4x security sub-teams to drive both business and security outcomes.• Interfaced with security leadership from Fortune 50 clients, to create trust and bridge any gaps.• Presented to the Board of Directors/Audit Committee Quarterly. Received strong support and kudos from the Audit Committee for leadership, transparency and strategy.

Built, advocated, and sponsored information security initiatives across a fast-growing business, taking it through the security requirements required as a public traded company. Provided vision, strategy, and execution to build a world-class cyber and information security program.• Executive responsible for the security of Signify Health's products, data and assets.• Lead Signify Health’s Multi-Cloud security vision, strategy and programs.• Partner with Product and Engineering for security enhancements to the product.• Responsible for SOC2, HIPAA and HITRUST compliance programs.• Responsible for information security policies.• Responsible for building and managing the corporate Risk Register.• Engage with customers for security related issues.• Responsible for building an application security program.

Act as the CISO and Data Protection Officer (DPO) for a variety of organizations, with an expertise in Cloud, healthcare and SaaS. Provide Application Security, Compliance, Privacy and Security Operations support.Owner, Managing PartnerAdvise organizations on information security, privacy and risk strategies. Propose and build security solutions, based on a variety of requirements.• Build information security policies• Act as the privacy director for customers. Designated as the organizational DPO for GDPR. Ensure programmatic compliance with CCPA and other legislative & privacy requirements.• Build Application Security Practices and automate the process. Includes dynamic and static code analysis.• Provide penetration testing activities.• Provide compliance direction for HIPAA, HITECH, GLBA, ISO 27001, PCI, GDPR and SOC II.• Act as the vCISO representing organizations to vendors and customers, resolving security questions, as part of the vendor-risk assessment and sales process.• Build effective third-party risk management programs.• Build and maintain Risk Registers and manage organizational risk committees.

Developed and executed the overall information security, privacy FedRAMP and risk roadmap, to include creation and implementation of effective and reasonable security standards and policies. Led the team through post-acquisition process from Aurea Software, and rebuilt the information security and FedRAMP verticals. Led the security team through the transition from securing on-premise data centers, to Amazon Web Services (AWS) as a cloud provider.Identified, tagged and controlled protected and sensitive data risk. Acted as liaison with Privacy and Legal from the Information Security team. Formed and empowered Compliance and Security Operations teams. Led the organization through new audits for ISO 27001, SOC2, HIPAA & GLBA. Create standardized customer security documentation (whitepapers, SIG, sales information) to automate customer discussions around the security program. Facilitated annual INFOSEC project planning events. Advised executives on privacy, risk and program objectives. Established a microservice & container security program, to ensure seamless IaaS and PaaS delivery. Incorporated a third party MSSP Security Operations Center (SOC), to monitor the environment 24x7.