• Implement risk-based, sustainable solutions for Identity and Access Management, Asset Inventory Management, IT Governance, and Training• Support implementation of Cybersecurity Program in alignment with Information Technology initiatives, and business requirements• Collaborate with technology and business stakeholders to facilitate security and IT governance solutions and project efforts best suited to the firm’s business environment

• Develop solutions for security governance, technology risk management, and security program implementation• Provide and tailor policies, standards, and plans for security program development projects• Support cyber remediation efforts after business risk management and security risk assessment activities• Provide guidance for enterprise technical planning in support of business strategy and process management

• Provided guidance on security programs, policies, and plans to ensure compliance with relevant laws, regulations (e.g., FFIEC, NYDFS, SEC, NFA), and key areas of security risk• Developed communications plans, policies, and strategic roadmaps for security incident response, cyber tabletop exercises, service-provider risk reviews, and security control implementation• Delivered business risk-management services such as portfolio company security control assessments and incident response program-maturity evaluations• Evaluated industry-leading GRC and risk management technical solutions in support of client compliance and regulatory initiatives and security technical objectives

• Managed delivery of cyber risk management programs, and supporting governance practices, for hedge funds and private equity firms in $7MM North American Cyber Risk practice• Supported business strategy for PE firms with both technical and “red flag” risk assessments for security program expectations for portfolio companies• Transformed legacy cyber risk service offering for 50+ hedge funds from compliance-focused model to practitioner-guided, risk-based model following the acquisition of Kroll in 2018. Retained 70% of firms after raising fees 100-150%.• Co-developed service-provider risk management and assessment platform to support stakeholders in managing security of third-party data stewards• Ran cybersecurity and technology risk assessments, leveraging NIST and CIS frameworks, aligned to regulations and guidelines from the SEC, FFIEC, NYDFS, and NFA

• Managed cybersecurity program development, oversight, and stakeholder communications for $65BN AUM multi-strategy hedge fund• Led Cyber Risk Committee meetings with senior leadership, and drove ongoing security remediation projects • Led technical cybersecurity risk assessments; created strategic operational plans to remediate findings in partnership with lines of business• Served as Senior Project Manager for enterprise PMO office for strategic Back Office technology projects to ensure appropriate stakeholder communications and technology team effectiveness• Evaluated technical security risk-management solutions for data loss prevention (DLP), endpoint detection and response (EDR), security information and event management (SIEM), and mobile threat defense• Developed and implemented technology platform to assess data risk management and enterprise security practices of the firm’s third-party service providers, with $1MM budget• Executed business-audit processes for technology systems related to data risk management, regulatory compliance, and technology governance (e.g., SEC mock audits, market data audits, and accounting audits)• Implemented enterprise plan to ensure resilient data access, and data survivability, for advanced disaster recovery (DR) and business continuity plan (BCP) initiative

• Developed Cyber Incident Response Plan and led biannual tabletop exercises, lessons-learned sessions, and strategic IR process and program improvements• Implemented physical security and privacy control systems as part of $50MM build-out of 125,000 sq. ft. of AAA office space in midtown Manhattan• Managed regulatory assessment of the global enterprise data environment, including service providers, for PII data; implemented required technical, administrative, contractual, and procedural controls• Led technical security risk assessments against SEC and NFA business regulatory guidelines for cybersecurity protections for customer data and funds• Managed $2MM build-out budget, and coordinated RTO/RPO improvements, for high-security datacenter site

• Documented and managed IT policies, procedures, processes; authored templates to expedite user request incident response time and service quality• Supported optimal functionality and security of systems in the United States, United Kingdom, Hong Kong, and Japan• Procured, installed and configured employee workstations, networking systems, mobile devices and audio-visual equipment, adhering to $5MM annual technology budget• Configured and maintained VPN hardware and routers for remote network access, directly handling IT needs for off-site consultants, traders, and executives

• Managed communication hub for user inquiries, break-fix, and vendor relationships. Supported employees in international offices outside of local IT support hours.• Provided Level 1 technical support for user issues. Prioritized matters and coordinated technical resources.• Processed documentation for payment of vendor invoices, consultant hours, and purchase orders.• Developed IT policies, documented workflows, and created checklists for core IT department activities.