Supervise IT development to ensure control compliance and assess risk. Onboard IT solutions to information security requirements. Establish reporting relationships with business owners and Exec Committee members and foster accountability for development teams. Build compliance dashboard, risk register, and other reporting mechanisms. Be a trusted advisor and mentor.

Providing executive-level consulting, architecture, project management, team building, and product ownership / product management for enterprise risk management (ERM) and operational risk management (ORM) programs for medium and large financial institutions.Advocating for the business while delivering comprehensive BI solutions using software products such as Archer & ServiceNow by identifying, refining, and validating delivery of business product requirements.Providing information security oversight (DevSecOps) and data quality assurance for business intelligence (BI) systems. Planning and performing system migration and data transformation. Managing and validating data quality. Identifying information gaps and providing both strategic and tactical direction for prioritization and resolution.Establishing agile project management operating models, planning, and reporting using software products such as Jira and Rally. Providing transparent views of project status and risks.Recent Accomplishments• Helped Silicon Valley Bank (SVB) achieve goal of becoming a large financial institution by managing Galvanize HighBond and ServiceNow GRC software solutions, focusing on information system architecture, collection of foundational data inventories, defining / improving / validating data quality, migration of data from system to system, establishing customer support solutions, and establishing agile project management operating models and reporting systems.• Delivered enterprise compliance management solution improvements critical to Wells Fargo success, overseeing business user acceptance testing, business requirements gathering, dependency management, and internal testing / validation.• Assured successful initial business launch for Welkins Farms focusing on business operation planning, internal standards, licensing, and product quality control.

Provided Allstate Insurance Company with control effectiveness testing for seven business-critical applications and their supporting databases, platforms, and security processes in support of new and emerging state laws impacting information technology and non-public personal data. Developed test plans, reviewed evidence, and produced assessment documentation.• Provided the support needed to complete end-of-year goals for state cybersecurity compliance review.• Provided support owners and business partners with coaching and insight on strengths and weaknesses, and prepared recommendations for continued process improvements and success.

Managed four projects at Toyota Financial Services to develop and deliver Archer eGRC software applications for internal business partners. Spear-headed the teams’ first adoption of Agile practices to develop software as a factory. Established and implemented team standards for documenting business requirements and application design. Documented to-be business processes. Provided operational troubleshooting and integration testing. • Established Atlassian Jira as a collaboration tool which improved resource estimation, project planning, and progress tracking. • Delivered applications which reduced the cost of Sarbanes-Oxley internal controls testing, improved processes for issue management and regulatory change management, and provided new capabilities for hosting an authoritative sources library.

Led a project for initial adoption of PCI DSS and consulted on compliance management practices. Established an inventory of IT components. Defined the scope of PCI compliance for IT systems and processes Defined organization-specific controls for satisfying PCI DSS requirements. Performed an assessment of IT systems to identify deficient or missing controls. Participated in development and review of information security policy and standards.• Responded to six client audits of IT controls and improved the company’s ability to accurately respond to clients’ compliance assessments.• Assessed and evaluated two new info sec solutions prior to acquisition resulting in improved network intrusion detection and source code analysis capabilities.• Saved the company $4.1M+ that was invested in more profitable projects.

Assisted the company’s transition to Sarbanes-Oxley compliance for controls testing after acquisition by General Motors. Developed solutions and applications in RSA Archer eGRC for reporting on SOX-related IT controls. Documented business processes, project requirements, application design, and test plans for new security program.• Prepared and cross-referenced content for use in applications for Authoritative Sources, Policies, Control Standards, and Control Procedures.• Assessed control design and performance for vulnerability management, user access management, and network security.• Resulted in the company gaining new capabilities for governance and reporting on the state of controls for IT systems used for financial reporting.

Defined and evaluated comprehensive IT controls for Options Clearing Corporation security program to meet regulatory requirements imposed by U.S. Securities and Exchange Commission, Regulation SCI, for market utilities. Provided consulting, mentoring and technical advice to IT system owners.• Identified and corrected gaps between external regulatory requirements, NIST SP 800-53 security controls and NIST SP 800-64 software development lifecycle standards, internal policies, and IT controls.• Authored policies, documented procedures, and developed audit and reporting solutions in Microsoft Access, Excel, SharePoint, and RSA Archer eGRC software for the Director of IT, Director of Risk and Compliance.• Resulted in the client earning distinction by the Securities Exchange Commission as a leader in compliance achievement among its peers.

Managed the review and improvement of all information security policies and standards with business partners and technical subject matter experts. Supported the vulnerability remediation tracking program by validating evidence of remediation for host vulnerabilities.• Established RSA Archer eGRC as the source record for producing policy and standards documentation; • Updated policy and standards to reflect the new PCI DSS 3.0 requirements and expanded policy to address topics of social media use, system development, and information systems acquisition.• Improved the organization and quality of standards to provide better guidance, require less interpretation, and be more accessible for IT engineers and business managers to use and understand.

Supervised the BISO team’s risk assessment / compliance assessment engagements for 602 technology innovation projects. Directly supervised inclusion of security controls for 103 projects for the Payment Services line of business. Enforced PCI, SOX, FISMA, FFIEC, and HIPAA compliance requirements while strengthening ties as a trusted business partner and consultant. Provided information security consulting and mentoring to technology owners.• Authored over 350 risk assessments, root cause analyses, or remediation plans for information security incidents, findings, or compliance exceptions, which contributed to company’s recognition as the most innovative bank in North America.• Doubled team’s capacity for reviewing IT innovations and changes by implementing a triage process and new risk analysis scoring tools as part of the continuous improvement of service delivery.

Supervised an inventory of over 100,000 calibrated measuring instruments aboard the aircraft carrier, USS Carl Vinson CVN-70, with a direct impact on all flight and nuclear power operations. • Supervised technical assistants in 53 work centers resulting in being awarded “Best in Fleet” for maintaining superior readiness of assets while forward deployed.• Provided career development mentoring and supervised the safety training program for a division of more than 70 personnel.

Provided IT risk assessment and managed security services to various business clients.

Deployed, configured, and assessed firewalls and intrusion detection systems (IDS) and as a network security engineer. Responded and investigated information security incidents. Performed dozens of security control assessments for Fortune 500 companies and government entities. Developed my company’s penetration testing & security assessment team from concept to world-class competitor within two years.