Chief of Staff to the CISO supporting the Information Security and Risk Management department. Additional responsibilities include:* Departmental budgets and investment spend* Information security project management office* Global communications and security awareness* Executive communications including Board of Directors * Cross departmental initiatives

The National Technology Security Coalition ("NTSC") is a non-profit, not-partisan organization that seeks to drive the national dialogue on technology security in the United States. NTSC's vision is to forge a coalition of information security stakeholders which will promote the development of technology security solutions and policies that impact Chief Information Security Officers (CISOs) across the nation and industry segments. Our goal is to become the national voice of the CISO in Washington, D.C.Represent Cardinal Health in discussions with key national CISOs, participate in the NTSC Board of Directors, and work to influence industry cybersecurity initiatives. Meet with members of the US House of Representatives and the US Senate in support of NTSC initiatives.

Established first end-to-end Governance, Risk and Compliance capabilities throughout IT by expanding team from 14 to 50 and establishing several capabilities. Lead the quarterly update process for the CIO and CISO to update the Board of Directors on the cybersecurity program. Improved diversity, inclusion and equity in the team while achieving above average voice of employee scores, and below average turnover in a hot cybersecurity labor market.* Established end-to-end Governance, Risk and Compliance function to identify, assess and quantify risk* Drive quarterly processes for CIO and CISO to present to the Board of Directors including driving review processes with CEO, C Suite Executive Leadership and the BOD Audit Committee Chairman* Lead first and second line of defense IT general controls capabilities throughout the enterprise* Expanded vendor third party risk management program globally from 2 to 21 team members to provide global coverage of new and legacy vendor risk. This includes creation of a new off shore function in Asia* Established customer third party risk management program to support customer inquiries into Cardinal Health’s information security capabilities. Lead SOC, HITRUST and CMMC third party certification capabilities* Global privacy compliance team established to improve regulatory compliance and to drive governance of key issues. Focus is expanding to include alignment with data protection capabilities* Extended RSA Archer capabilities to include business aligned risk governance processes, policy management, and enterprise cybersecurity risk assessment* Directly drive ongoing diversity, inclusion and equity conversations that have led to improved team interactions

Expand and align IT FDA compliance program to support rapidly expanding portfolio of FDA validated applications. Build initial third party vendor risk assessment program. Establish foundational risk governance program. Deploy RSA Archer platform and supporting processes.* Deploy lean measurement system to baseline work performed by the department to determine resource and process gaps throughout various compliance and risk programs* Build initial third party risk assessment program that analyzes third party risks for vendors to ensure Cardinal Health networks and information assets are protected including established cloud security control requirements* Integrate and harmonize IT FDA compliance program to ensure ongoing compliance with GxP and 21 CFR Part 11 requirements* Design and implement RSA Archer governance, risk and compliance solution to drive resolution of issues

Stabilize and rebuilt the SOX compliance program while increasing team efficiency and effectiveness. Transition IT audit to a business partner model resulting in improved alignment with IT leadership. Implement lean visual management and workflow processes through the department to improve speed and quality. In 2013, responsible for managing all financial and operational audit activities for the $11 billion Medical segment. * Stabilize and rebuilt the enterprise-wide Sarbanes-Oxley (SOX) 404 compliance process (both IT and financial) including coordinating with external auditors (EY). Enhanced 33% of controls and added an additional 16% to better manage risk, owned COSO 2013 adoption, and drove efficiencies in testing methodology* Reposition IT Internal Audit function into a business partner model that has realigned project activities to advance the IT organization’s strategy and to help identify and manage risks. Feedback from senior leaders through IT has been very positive noting that IT Internal Audit is delivering increased value* Complete the quarterly audit committee book process for the board of directors, working with the CFO, CIO, General Counsel, and Chief Compliance Officer to ensure quality deliverables are shared with the board* Consistently receive high voice of employee (VOE) scores that demonstrate a commitment to leadership and career development

Transitioned into the Operational Excellence department to build upon existing strategic and project management experience by obtaining deep, hands-on experience driving process efficiency and quality efforts. Helped lead the push for lean thinking into transactional and back office teams through the build out of lean capabilities in blackbelts and kaizen leaders, demonstrated financial savings to leadership, and delivering strong repeatable processes.* Drive the cultural change and process improvement agenda, responsible for interacting with and influencing organizational leadership to drive a process improvement vision* Facilitate lean transformation of the 260 person Financial Shared Services team. Implement training and governance structures needed to empower employees and modify management behaviors* Manage corporate process improvement program office averaging 30 to 40 projects at any given time * Responsible for the annual transformational and continuous improvement annual work plan including project identification, scoping, portfolio prioritization, benefits analysis and execution* Generate ~$97 million in hard cost and resource reallocation capacity during five plus years* Align process improvement opportunities with corporate and business unit strategic and operating agendas including leading the annual strategy process for the CFO and the Finance organization

After supporting Cardinal Health while at PwC, hired by the SVP of IT Shared Services to implement the first information security and risk organization at Cardinal Health. Assessed the organizational capabilities to design a future state IT and shared services risk management function and then grew the team from 10 to 50 team members to provide the support necessary for a large, global organization.* Cross functional risk and regulatory compliance experience including Sarbanes-Oxley, HIPAA privacy and FDA, financial risk, information risk, information security, disaster recovery and business continuity planning* Coordinate audit and compliance activities with Internal Audit, EY (external audit), enterprise risk management and Sarbanes-Oxley (SOX) program offices* Lead the annual strategic goal setting and project planning process to align compliance and risk activities with Finance, IT and the rest of the enterprise* Improve the efficiency and effectiveness of compliance and risk management practices* Develop certification and accreditation capability to ensure that requirements are proactively addressed during the implementation of new projects and processes* Member of enterprise steering committees to align compliance and risk management activities

Rapidly progressing career that started as a part time IT help desk resource in college and then promoted to Senior Manager within 7 years of graduation. Continually expanded leadership, business and technical acumen, and project management skills. Recognized for my ability to influence senior leaders both with clients and within PwC. Selected by the national practice leader to spend a year researching the information security and risk markets to define new threat and vulnerability management and identity and access management service offerings. * Senior leader in consulting practice responsible for regional regulatory compliance, information security, risk management, privacy, disaster recovery and business continuity service offerings* Responsible for interacting with and influencing senior leaders including CEOs, CFOs, CIOs, Internal Audit leads, CISOs and other risk officers for organizations of various sizes and industries* Requested by clients to lead large, cross-functional project work teams as large as 50* Nationally engaged expert in regulatory compliance helping organizations implement business and privacy control structures to comply with SOX, HIPAA, FERC/NERC, EU Privacy and other regulations* Develop and execute risk management strategy projects to define the vision, supporting roadmap and projects necessary to support an organization’s business objectives* Deep people management experience including participation on the annual review committee, acting as a coach, giving performance appraisals and managing staff spread across a geographically dispersed area* Extensive project management experience including staff management, scheduling, budget management and quality control of work product* Lead financial, operational and IT internal audit co-sourcing engagements to develop and execute client's internal audit strategies* Consistently received high 360 feedback scores from leaders, peers and team members