* Act as the liaison between the business and Information Security, by enabling corporate strategies, while balancing the security risks. Articulate the security perspective by helping the business understand the potential impact and possible controls in relatable terms. Utilize Service Now for our Governance, Risk & Compliance (GRC) program.* Educate executive leadership on the risk implications associated with business technology decisions and communicate the likelihood, impact, and risk tolerance. * Collaborate with Anywhere’s Cyber Security & Incident Response Team to remediate Business Unit (BU) specific cyber security incidents and vulnerabilities.* Represent the business unit in the development and maintenance of Anywhere’s information security policies and standards. Identify, develop, and maintain supplemental standards unique to the BU. * Primary IT point of contact for all SOC, SOX, and New York State Department of Financial Services (NYDFS) audits and assessments. Participate in scoping and deliverable requests. Work in partnership with IT senior leadership to clear risk related reports and to help ensure effectiveness/completeness of action plans. * Provide leadership, direction, and guidance to ensure that employees, clients, and Third-Party vendors are adhering to Anywhere’s security policies and standards.

* Advise the Chief Information Security Officer (CISO) on cost/benefit analysis of information security programs, policies, and systems, in our Data Centers, Amazon Web Services (AWS) and Microsoft Azure environments. * Program Manager - Identity & Access Management (IAM) - using my “hands on” IT Infrastructure experience, I provide leadership and support for requirements gathering, project management, and implementations. We utilize two or more Identity platforms, such as Saviynt, Okta, and Microsoft Azure Active Directory (AD).* Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm’s reputation and safeguarding Epiq, its clients and assets, by driving compliance with applicable laws, rules and regulations and internal policies.* Support the audit and assessment life cycles of client systems and environments.* Work across all areas of security to ensure a cohesive security model from a technical and process perspective.* Drive awareness and education of cybersecurity issues with leaders within the business and product teams.* Assist development teams on how to apply secure coding practices, properly scan and remediate their code using tools such as Veracode. * Work with the Third-Party Risk Management teams on creating and completing remediation plans for their security related vulnerabilities.• Utilized the Service Now and RSA Archer applications for our Governance, Risk & Compliance (GRC) program.

* Collaborate with Product and Technology teams to ensure they are properly implementing and managing security controls. Utilized the Service Now and RSA Archer applications for our Governance, Risk & Compliance (GRC) program.* Work with the application development teams on creating and completing remediation plans for their security related vulnerabilities.* RSA Archer - Governance, Risk & Compliance (GRC) application - assess and document business application risks through a formal certification and authorization process prior to Go-Live. * Serve in a liaison role between the Global Cyber Security and Fraud (GCSF) teams and the Business Segments to identify, assess, manage, and monitor information security risks in adherence to the Information Risk Management Standard Operating Procedures (SOPs).* Leverage subject matter experts to discuss cyber security topics and trends to assist in developing accurate risk assessments. Provide security guidance during joint ventures, acquisitions, and integrations.* Security Risk Committee (SRC) - present information security risks from the Business Segments and the appropriate remediation plans. Aggregate information risk reporting and trends for Senior Management through the monthly Information Risk Governance Committee (IRGC).

* Utilized RSA Archer - Governance, Risk & Compliance (GRC) application - serve as a program owner and manage documentation, procedures and processes to ensure compliance with changes in business and regulatory policies. Consult with managers, third parties, and other business resources in support of information security governance solutions and requirements. Apply a deep understanding of business processes and technologies used within the assigned business units. Conduct complex security related assessments as part of SunTrust’s Information Security program and process. * Information Security Policy Committee (ISPC) - present information security issues and remediation plans, business risk impact analysis (BRIA), and online fraud & authentication risk assessments (OFARA) for review and approval. * Third Party Risk Management (TPRM) Program - Third Party Suppliers - Collaborate with business managers for project "Go Live" dates. - Document and assess the risk for information being shared during projects. - Research and approve internet connections and firewall requests.* Serve as a technical resource to others and reviews work performed by less experienced IT security teammates.

* I utilize my “hands on” IT Infrastructure experience to oversee the management of the information security policies, network infrastructure, and the central data center. The environment includes; Microsoft Office 365 applications, Cisco Meraki Firewalls, Mojo AirTight devices for the Wireless Intrusion Prevention System (WIPS), Solarwinds for Log & Network Management, Kaseya for Asset Management & Service Desk Tickets, and CloneSystems for vulnerability and penetration scanning.* Responsible for PCI/DSS compliance and procedures, SSAE16 audits and responses, internal audits, and IT Security risk assessments.* Effectively act as a liaison between the Hotel staff, Corporate IT, and 3rd party vendors.* Successfully manage IT projects by completing them on schedule and within budget.* Supervisory responsibilities for the network infrastructure and security teams include; hiring and training employees; assigning and directing work; rewarding and appraising performance and completing annual performance reviews; addressing complaints and resolving problems.

* Working within a federally regulated environment, I utilize my “hands on” IT Infrastructure experience to develop, coordinate, and implement policies, standards, and procedures that safeguard the MPI Research information systems and data; Ensure the information security policy is aligned with MPI Research’s business strategy. Participate in IT strategic planning meetings to ensure continuity and compliance.* Implemented MPI Research’s first computer use policy: Collaborated with IT, HR, Legal, Physical Security, Business Leaders, and Internal Auditors to implement the adoption of this policy for all employees and contractors, which reduces the risk and liability for the company.* Created a process to monitor the Personally Identifiable Information (PII) like social security numbers, date of birth, salary grade, and salary amount in our financial database. * Supervisory responsibilities including hiring and training employees; assigning and directing work; rewarding and appraising performance and completing annual performance reviews; addressing and resolving problems.* Acts as the primary liaison to the Legal, Data Integrity, Quality Assurance (QA), and MPI Proposal Response team for sponsor and internal audit responses, SOPs, and Request for Proposals (RFP) documentation. Participates in on-site vendor inspections with the QA auditors.* Serves as the IT Disaster Recovery coordinator and member of the MPI Research Business Continuity Core Committee (BCCC). Provide leadership and management for coordinating resources during emergency situations.* Knowledge and understanding of relevant legal, regulatory requirements, and common information security management frameworks such as; FISMA, FERPA, HIPAA, PCI/DSS, NIST, ITIL, COBIT, SAS/70, SSAE16, ISO/IEC 27001, and Sarbanes Oxley (SOX).