Strategic thinker and trusted protector of Systems & Data with expertise in Information Security, IT/Cyber/Data Governance, Risk & Compliance (GRC), Operational Risk, Business Resilience, Incident Response, IT Operations, IT Audit & Program Management.Nov 2020 – Present: Business partner relationship with Bancsec, Inc to advise client Executives on Information Security Program & Operational Risk Management strategies/initiatives, execute Risk Assessments & IT Audits and serve as the Program Manager for complex engagements to drive cyber risk reduction & client satisfaction.May 2024 – Present: Hybrid contractor for a large Massachusetts-based investment advisor/broker dealer providing NYDFS part 500, amendment 2 advisory services & compliance program management for several InfoSec workstreams.Aug 2023 – May 2024: Remote contractor to a US-based G-SIB supporting 1st line IT/IS teams to address regulatory actions & high risk issues; led risk assessments of M365 Cloud & GenAI GitHub Copilot.Jan 2023 – Jul 2023: Remote contractor to a $93B California bank in 1st line Tech Risk advising on IT/IS application controls & conducting risk assessments for critical SaaS/on-prem apps.Sep 2020 – Dec 2022: Remote contractor to a large US bank & insurance provider in Texas & an international G-SIB in New York. Provided 2nd line Information Security & Operational Risk coverage. Advise 1st line IT/IS Leadership on program enhancements to meet Regulatory Compliance; provided credible review/challenge of cyber processes/policies, RCSAs, controls/testing & risk appetite metrics.Feb 2020 – Aug 2020: Independent IT/Cyber/Data GRC consultant. Led vendor security assessments, cyber policy/roadmap development, tech strategic planning, SWIFT CSCF reviews & FFIEC CAT/ACET assessments for banks/credit unions.Nov 2017 – Dec 2017: Contractor through Thompson Tech to PWC. Conducted IT Audits & assurance testing for SOX-404 compliance; advised clients on IT/cyber processes/controls.

InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard's membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

Executive responsible for Information Technology, Cyber Security, Business Continuity and Technology Risk for a small community bank. Led a team of technology professionals and managed multiple third-party partners/service providers. Worked closely with Business Execs to leverage technology to improve processes and support growth. Reported to the Chief Executive Officer (CEO).Completed a comprehensive assessment of people, processes and technology across the bank and presented risk-ranked findings and recommendations to Executives and the Board of Directors.Co-led the Bank-wide Innovation Team which collected, ranked and executed efficiency ideas that came from colleagues.

Led a team of operational risk professionals accountable for second-line risk oversight of IT, Information Security, Business Continuity and Records Management. Often referred to as the “second-line CISO.” Partnered with the first-line CISO and IT Infrastructure/Application teams to prioritize Cyber risk corrective actions. Reported to the Chief Operational Risk Officer (CORO).Provided credible review and challenge of risk management activities including identification of material risks, management of risk issues, development and maintenance of risk and control self-assessments (RCSAs), maintenance of control library and on-going assurance testing results and mitigation of material IT and Cyber Risks.Performed independent risk assessments of Information Risk processes in alignment with OCC Heightened Standards requirements to provide the Business a Second Line view of controls, residual risk and how well risk is being managed within the First Line.Long-Standing Risk Issue Closure: Drove development of repeatable first line processes through technical review and challenge workshops and recommendations to mitigate critical open risks related to RCSAs, IT control testing, technology obsolescence, application security testing, vulnerability management, cryptography and Cyber Resilience.Business Understanding of Technology Risk: Influenced enhancement of Board-approved risk appetite metrics, development and implementation of a process for second line independent risk assessments of IT processes which aligned to Heightened Standards and implementation of RCSAs to identify critical risks and key controls for the Business.Team Development: Built a comprehensive skills assessment process for personnel based on NIST 800-181 (NICE framework); results were used to drive personnel upgrades and creation of individualized training/development plans. Procured support and budget from CRO for on-going training, education and certifications for IRM Risk personnel.

Relocated to lead a team responsible for front-line technology risk management. Enforced Security policies, reduced risk and implemented programs to meet SOX, GLBA, PCI, OCC Heightened Standards and FFIEC requirements. Co-chaired Technology Risk Committee. Directed risk issue governance & reporting. Reported to the Head of Business Services Risk and Head of Technology.Regulatory Issue Reduction: Led pre-exam prep sessions with IT managers and introduced sustainable processes and controls. Reduced findings through negotiation with Federal Reserve Bank of Boston (FRBB), Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC) examiners to allow more self-identification.Risk Indicators & Appetite: Instituted new risk appetite metrics and key risk indicators to provide visibility and transparency of Technology Risk to Executive Management and the Board of Directors and comply with OCC Heightened Standards.Security & Risk Management Process: Revamped information security and risk management engagement process for technology projects to proactively assess/mitigate risks earlier in project lifecycle which greatly reduced post go-live risks and risk acceptances.Incident Reviews: Conducted deep post incident reviews of business-impacting outages. Presented recommendations and pushed architecture changes and process improvements to reduce future incident response times and downtime.Team Realignment: Moved less technical resources to other risk teams, recruited new team members, filled knowledge gaps and transformed team to align risk managers with solid technical skills to their IT counterparts.Workshops / Training: Led workshops and training sessions for IT managers to improve risk and security knowledge and the quality of risk and control self-assessments (RCSAs); created risk webcasts viewed by hundreds across the Bank.Community Service Recognition: Four-time member of the Citizens Bank “Credo Honor Roll.”

Directed a large, geographically dispersed team to oversee first line technology risk, outsourced assurance testing, IT Governance and IT budget and project oversight (approx. $60MM) for North and South America. Reported to Americas territory Chief Information Officer with dotted line to the Global Deputy CISO and Head of Technology Risk in Paris, France.Transformational Project Leadership: Co-led team of over 60 matrixed reports across Information Security, Business Continuity and Third-Party Risk to create a US Intermediate Holding Company (IHC) to meet Dodd-Frank requirements.Global Risk Reporting Consolidation: Led global adoption of RSA Archer GRC for IT Risk Management reporting which resulted in a consolidated view of risk across global systems and the ability to pinpoint areas of concern.Risk Assessments: Performed risk assessments to identify control deficiencies against industry standards, including NIST Cybersecurity Framework, CIS Critical Security Controls, FFIEC Guidelines and ISO 9001/20000/22301/27000.Regulator Updates: Entrusted to present quarterly in-person updates to the Federal Reserve Bank of New York and New York State Department of Financial Services (DFS) on the Technology Risk Program including progress on mitigation of top risks.Regulatory Responses: Partnered with Compliance, Legal, Regulatory Relations, Information Security, Business Continuity and IT teams to collect and provide standardized responses to regulatory inquiries.End User Awareness Training: Revitalized Security and Business Continuity training using updated online content, production-quality videos of C-level execs with targeted messages and onsite sessions led by native speakers.

Led a diverse internal team in NJ, NYC and Canada and managed multiple vendor contracts to maintain global alignment of security policies and ‘best practices.’ Managed/reviewed security architecture, network flows and firewall/proxy coding, security infrastructure management, ISO 27000/NIST 800-53/CobiT/SSAE16 security assessments, vulnerability management and security monitoring/investigations. Reported to the North America Chief Information Security Officer (CISO).Infrastructure Processes, Updates & Implementations: Improved Security Program and risk posture of the bank by implementing and upgrading enterprise security tools and processes around the tools, including HP ARCsight for security information and event management (SIEM), HP Tipping Point for intrusion detection and prevention (IDS/IPS), Checkpoint endpoint protection, Tufin for firewall rule management, CyberArk as a generic ID password vault, ObserveIT to record administrative access sessions and Gemalto smart cards for multi-factor authentication of Windows desktops.Trading System Security: Formulated minimum set of security controls for low-latency algorithmic trading systems infrastructure co-located in exchange data centers which led to significant increase in compliance and fewer investigations.Vulnerability Prioritization: Designed/facilitated implementation of process for patching based on priority and criticality of systems resulting in significantly fewer vulnerabilities on critical systems and mechanism to quickly address zero-day issues.Annual Security Risk Program: Developed annual Security Risk Assessment and Penetration Testing Program.Business Continuity: Served as interim Head of Business Continuity Management, North America (Apr 2013 – Nov 2013).

Directed a transversal team of IT professionals supporting territory-wide Change Management, Change Auditing, Outage and Problem Management. Designed/implemented permanent controls, liaised with Global and local Information Security, Internal Audit, external auditors/regulators, Operational Risk Management, Business Continuity Management, Compliance, and Legal.Security Baselines & Key Performance Indicators (KPIs): Developed Security Baselines for critical platforms, improved KPIs.Trained NYC Community Emergency Response Team (CERT) member.US & Canada ISO 9001 Quality Management System (QMS): Led creation and formal ISO 9001 certification of QMS.Trained New York City Community Emergency Response Team (CERT) member.

Reported to the North America territory Deputy Head of IT Production and led a team of 13 IT engineers in New York, NY and King of Prussia, PA responsible for design, 24x7x365 support, security and maintenance of the network, server and market data infrastructure for the Equity & Derivatives trading business.

Partnered with other independent contractors and companies to provide specialized IT, Security and Risk services for small and medium sized hedge funds, healthcare and retail/service company clients. Services included Microsoft Active Directory, Exchange and Web Services, secure local area and wide area networks, IT assessments and audits, disaster recovery and business continuity planning, IT project management, negotiation of vendor contracts, data center and managed cabling.Performed network, security, DR/BCP, PCI, SAS70, HIPAA assessments and IT Audits.Documented Disaster Recovery and Business Continuity plans.Provided technology due diligence services for private equity companies to assess technology infrastructure, systems, personnel and capabilities.

Hired by a hedge fund called Stafford Trading which was acquired by TD Equity Options, a subsidiary of TD Securities. Led a team of IT professionals split across three cities that provided 24x7x365 support of the firm's infrastructure, systems and traders at the American Stock Exchange, New York Mercantile Exchange, Philadelphia Stock Exchange and Pacific Coast Stock Exchange.

Tenth employee of Internet start-up company that provides online printing services.Recruited, hired and managed an MIS team of professionals in New York City and Memphis, TN to build-out a redundant network, server and phone/call center infrastructure from scratch in NYC, Memphis, and New Jersey co-location facility.Developed initial vendor relationships and managed tight budget based on investor funding.Wrote and implemented initial firm-wide technology policies, procedures and standards.Co-inventor with EasyCopy/Mimeo colleagues on US Patents 6714964, 7095519 (filed in 2000), 8792114 (filed in 2003).

Positions:Vice President, Fixed Income Trading Y2K Coordinator (5/99 – 6/99)Vice President, NY Trading Floor Support Manager (8/98 – 4/99)Assistant Vice President, Server Administration Group Team Leader (8/97 – 8/98)Senior Analyst, Equity Systems Administrator (9/95 – 8/97)

Positions: Senior Analyst, AXIS Emerging Technology Group (6/94 – 9/95)Analyst, PC Client Support Group (1/94 – 5/94)Developer, Imaging and Personal Systems Group (7/93 – 12/93)