Security Operations Management: Oversaw security operations, including application and infrastructure security, ensuring robust protection of company assets and data.Vulnerability Management Program: Managed the vulnerability management program, focusing on identifying, assessing, and remediating security vulnerabilities across systems and applications.Corporate IT Security Oversight: Directed IT security initiatives, implementing effective measures and policies to safeguard organizational data and infrastructure.Application Security: Supervised application security measures, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), to detect and address security weaknesses.Penetration Testing: Coordinated and managed penetration testing efforts to assess the security posture of systems and applications, addressing identified vulnerabilities.Bug Bounty Program Management: Oversaw the bug bounty programSecurity Incident Management: Led responses to security incidents, ensuring prompt resolution and adherence to incident response protocols.Security Policy Development: Developed and enforced security policies and procedures for application and infrastructure security, aligning with best practices and regulatory requirements.GDPR and CCPA Oversight: Managed GDPR and CCPA compliance, leading initiatives related to Data Subject Access Requests (DSAR) and associated processes.Security and Compliance Strategy: Developed and implemented strategies to align security and compliance efforts with industry standards and regulatory requirements.Compliance Program Management: Oversaw the design, execution, and maintenance of compliance programs for SOC 2, ISO 27001, PCI-DSS, HIPAA, GDPR, and CCPA.Collaboration Across Teams: Worked with various teams across the organization, including IT, development, operations, and business units, to integrate security practices and ensure comprehensive protection.

Compliance Framework Management: Oversaw and managed compliance with SOC 2, ISO 27001, PCI-DSS, HIPAA, GDPR, and CCPA, ensuring adherence to industry standards and regulations.Policy and Procedure Development: Developed, reviewed, and implemented information security policies and procedures aligned with various compliance frameworks and organizational needs.Audit Preparation and Coordination: Coordinated and prepared for internal and external audits, including SOC 2, ISO 27001, and PCI-DSS, ensuring all documentation and evidence are complete and up-to-date.Risk Management: Conducted risk assessments to identify vulnerabilities and compliance gaps, and implemented risk mitigation strategies to address potential issues.Training and Awareness: Developed and delivered training programs to educate employees on compliance requirements, security policies, and best practices for maintaining data protection.Incident Response and Management: Managed security incidents and breaches, ensuring timely response and resolution while maintaining compliance with regulatory requirements.Vendor and Third-Party Management: Assessed and managed compliance risks related to third-party vendors and service providers, ensuring their adherence to relevant security and privacy standards.

Risk Assessment and Management: Identified and assessed IT risks, developed mitigation strategies, and recommended controls to manage risks effectively.Audit Coordination: Coordinated and conducted internal and external IT audits, prepared documentation, and facilitated auditor access.Policy Development and Implementation: Developed, reviewed, and implemented IT policies and procedures to align with industry standards and regulations.Control Testing: Tested IT controls to ensure effectiveness and compliance with standards and frameworks.Reporting and Documentation: Prepared detailed reports on audit findings, risk assessments, and compliance status, and presented to senior management.Continuous Improvement: Identified opportunities for process improvements and implemented changes to enhance IT risk management and compliance.Vendor Risk Management: Assessed and managed third-party vendor risks, including due diligence and compliance monitoring.Web Application Security Audit: Conducted audits of web applications to identify security weaknesses and ensure adherence to best practices.Vulnerability Management Program Review: Evaluated and enhanced vulnerability management programs for effective identification, assessment, and remediation.PCI Compliance: Led assessments and audits for Payment Card Industry Data Security Standard (PCI DSS) compliance and implemented controls to protect cardholder data.IT SOX Compliance: Assessed IT controls related to financial reporting under Sarbanes-Oxley (SOX) to ensure accuracy and reliability.Application Controls: Evaluated and tested application controls to safeguard data integrity and support accurate transaction processing.

Engagements/Work Performed:Performed In-Charge role for many engagements (SOC readiness, SOC, IT SOX) including planning, budgeting, reviewing staff work, managing Sr. and associates across various projects. Service Organization Controls - both SOC 1 and SOC 2 engagements as well as readiness consulting to prepare clients for the final assessments, including designing controls identifying gaps, writing descriptions of controls. Planned, tested, and assisted in review of others work and creating deliverable reports.PCI DSS - Completing walk-throughs, document review, status updates and other activities to assist in completion of Reports on Compliance as well as reviews of SAQ's (Self assessment questionnaires).SOX (Sarbannes Oxley) - SOX readiness consulting to prepare clients for a SOX IT Audit by identifying gaps in the control environment and working with clients to re-mediate gaps. I also have experience performing both internal and external IT SOX audits.ITGC Audit - Performing ITGC consulting assessments for financial institutions to assess their IT control weaknesses. Including logical and physical security general controls as well as specific controls related to BCP/DR and Vendor risk management processes. NIST CSF Gap Assessments - Walk throughs, review of documentation, reporting, assisting in recommendations and prioritization of remediation as well as analyzing and reporting on maturity rankings.GDPR - Assisting in walkthroughs, report writing, evidence review, and remediation planning.

Engagements/Work Performed:Performed In-Charge role for many engagements (SOC readiness, SOC, IT SOX) including planning, budgeting, reviewing staff work, delegating work.Service Organization Controls - both SOC 1 and SOC 2 engagements as well as readiness consulting to prepare clients for the final assessments, including designing controls identifying gaps, writing descriptions of controls. Planned, tested, and assisted in review of others work and creating deliverable reports.PCI DSS - Completing walk-throughs, document review, status updates and other activities to assist in completion of Reports on Compliance as well as reviews of SAQ's (Self assessment questionnaires).SOX (Sarbannes Oxley) - SOX readiness consulting to prepare clients for a SOX IT Audit by identifying gaps in the control environment and working with clients to re-mediate gaps. I also have experience performing both internal and external IT SOX audits.ITGC Audit - Performing ITGC consulting assessments for financial institutions to assess their IT control weaknesses. Including logical and physical security general controls as well as specific controls related to BCP/DR and Vendor risk management processes. NIST CSF Gap Assessments - Walk throughs, review of documentation, reporting, assisting in recommendations and prioritization of remediation as well as analyzing and reporting on maturity rankings.GDPR - Assisting in walkthroughs, report writing, evidence review, and remediation planning.

Engagements/Work Performed:Service Organization Controls - both SOC 1 and SOC 2 engagements as well as readiness consulting to prepare clients for the final assessments, including designing controls and creating a control matrix. Planned, tested, and assisted in review of others work and creating deliverable reports.SOX (Sarbannes Oxley) - SOX readiness consulting to prepare clients for a SOX IT Audit by identifying gaps in the control environment and working with clients to re-mediate gaps. I also have experience performing both internal and external IT SOX audits.ITGC Audit - Performing ITGC consulting assessments for financial institutions to assess their IT control weaknesses.

ERP System Administration: Administered ERP systems, including configuration, troubleshooting, and routine maintenance, to ensure optimal performance and availability.User Access Management: Managed user accounts and access controls within the ERP system, ensuring appropriate permissions and enforcing security policies to protect sensitive data.System Monitoring: Conducted regular system monitoring to ensure ERP system health, including performance metrics, error logs, and operational status.

Client Engagement: Developed and maintained strong relationships with clients, serving as the primary point of contact and ensuring their needs and expectations were met.Account Management: Managed client accounts, including tracking account activities, resolving issues, and ensuring the timely delivery of products or services.Customer Support: Provided exceptional customer support, addressing inquiries, troubleshooting problems, and facilitating effective communication between clients and internal teams.