• Lead interactions between Security Governance and Technology (IT) teams. Intake security requests and apply BD’s cybersecurity framework to identify requisite security services as needed.• Lead discussions and clarify objectives with eleven project owners of twenty-two projects resulting from recent NIST CSF maturity assessment. Regularly present status updates to C-Level executive leadership.• Assist in the development of 3-year cybersecurity roadmap in partnership with IT… Show more • Lead interactions between Security Governance and Technology (IT) teams. Intake security requests and apply BD’s cybersecurity framework to identify requisite security services as needed.• Lead discussions and clarify objectives with eleven project owners of twenty-two projects resulting from recent NIST CSF maturity assessment. Regularly present status updates to C-Level executive leadership.• Assist in the development of 3-year cybersecurity roadmap in partnership with IT leadership.• Collaborate with security risk owners to strategize and develop risk treatment plans to manage identified security risks as part of Information Security Risk Register. Effectively triaged over 200 security risks over the last two months.• Collaborate with IT and IS Strategy leaders to develop, improve, and report out cybersecurity metrics to executive leadership, including the Cybersecurity Risk Committee. Areas measured include endpoint protection, disaster recovery, patching compliance, and removable media exceptions. Show less

• Led and managed a team of Senior IT Auditors who delivered over 50 global IT audits on various subject matter including NIST CSF, security operations, privacy (GDPR), application and cloud security, data centers, distribution centers, and operational technology (OT) (manufacturing sites) over 5 years identifying over 300 IT risks.• Conducted semi-annual qualitative and quantitative IT risk assessments and leveraged results to generate annual IT Audit Plan. Presented results to Audit, IT… Show more • Led and managed a team of Senior IT Auditors who delivered over 50 global IT audits on various subject matter including NIST CSF, security operations, privacy (GDPR), application and cloud security, data centers, distribution centers, and operational technology (OT) (manufacturing sites) over 5 years identifying over 300 IT risks.• Conducted semi-annual qualitative and quantitative IT risk assessments and leveraged results to generate annual IT Audit Plan. Presented results to Audit, IT, and Information Security leadership teams.• Managed technology and security risks as identified during internal audits; collaborated with risk owners and IT risk management counterparts to mitigate and remediate risks.• Led NIST CSF maturity and capability assessment of the Information Security function, covering both IT and Security. Collaborated with external vendor to plan, execute, and report out on results to internal stakeholders and executive leadership. Show less

• Managed and executed IT internal audits using internal or co-sourced Big 4 resources. Audits included application implementations/upgrades, program management (IT outsourcing), privacy / HIPAA /cybersecurity, and GDPR.• Implemented ACL software for data analysis. Designed and executed ad-hoc data analytics for use on audits. Supported financial audit teams with custom data analytics support.• Evaluated automated application controls (JD Edwards) for design and operating effectiveness… Show more • Managed and executed IT internal audits using internal or co-sourced Big 4 resources. Audits included application implementations/upgrades, program management (IT outsourcing), privacy / HIPAA /cybersecurity, and GDPR.• Implemented ACL software for data analysis. Designed and executed ad-hoc data analytics for use on audits. Supported financial audit teams with custom data analytics support.• Evaluated automated application controls (JD Edwards) for design and operating effectiveness in support of SOX compliance. Show less

IT audit, operational audit, fraud investigations, computer forensics, contract compliance, ACL analytic design, ACL implementation, source data manipulation and configuration. Experience auditing and automating controls in the following process areas: Accounts Payable, T&E expense, Purchasing Card, Procurement, Payroll. Experience with EnCase v6 & EnCase v7.

IT Audit Consultant. Worked on SOX compliance. Tested/designed General Computer Controls at Bristol-Myers Squibb Co. Administered OpenPages testing repository for General Computer Controls.