• Responsible for the planning, preparation and pre-assessment exercises related to PCI-DSS version change to version4.• Responsible for translating regulatory and compliance requirements for critical business operations into actionable project activities• Provide oversight and assist coordinating activities such as internal and external IT audits and IT compliance activities including SOC 1&2, PCI DSS, SSAE 18, HITRUST, and HIPAA• Conduct and oversee continual internal assessments to ensure compliance is maintained• Monitor and assist with IT governance including researching compliance frameworks as the environment changes, creating and/or updating corporate policies, standards, and procedures• Assess compliance and operational risks• Collaborate with other non-IT compliance organizations (Human Resources, Finance, Development, others) for organizational compliance requirements• Responsible for the administrating and maintaining the organizations Governance, Risk and Compliance (GRC) tool including building control objective templates aligned to compliance goals (SOC, PCI, etc), creating, assigning and tracking tasks• Responsible for evidence collection and review to ensure adherence to compliance objectives• Provide oversight of all identified control vulnerabilities• Coordinate, track and report control finding and observation remediation efforts• Lead the organization through successful HITRUST certification • Maintained SOC/PCI/EHNAC certification status

• Responsible for translating regulatory and compliance requirements for critical business operations into actionable project activities• Provide oversight and assist coordinating activities such as internal and external IT audits and IT compliance activities including SOC 1&2, PCI DSS, SSAE 18, HITRUST, and HIPAA• Conduct and oversee continual internal assessments to ensure compliance is maintained• Monitor and assist with IT governance including researching compliance frameworks as the environment changes, creating and/or updating corporate policies, standards, and procedures• Assess compliance and operational risks• Collaborate with other non-IT compliance organizations (Human Resources, Finance, Development, others) for organizational compliance requirements• Responsible for the administrating and maintaining the organizations Governance, Risk and Compliance (GRC) tool including building control objective templates aligned to compliance goals (SOC, PCI, etc), creating, assigning and tracking tasks• Responsible for evidence collection and review to ensure adherence to compliance objectives• Provide oversight of all identified control vulnerabilities• Coordinate, track and report control finding and observation remediation efforts• Lead the organization through successful HITRUST certification (2019)• Maintained SOC/PCI/EHNAC certification status

Responsible for performing scans against the environment to identify and lead the remediation of discovered vulnerabilities, respond to audit inquiries and ensure enterprise-wide DISA/NIST compliance. Core Job Functions• Monitor and analyze vulnerabilities within the enterprise including the prioritization and tracking of remediation efforts and plans of actions and milestones (POA&M)• Liaise with SPOC, leadership and SME’s on vulnerabilities discovered to drive remediation efforts • Evaluate and test controls in accordance with DISA, NIST STIGs • Provide oversight and support for incident escalations where applicable• Perform regular policy and procedure documentation reviews/updates

● Direct line manager - VP of Security and Risk (America’s)● Responsible for security exception and change governance pertaining to:o DLP controls (in partnership with CISO)o Full disk encryption (in partnership with eDiscovery)o Data preservation (in partnership with eDiscovery)o Non-Standard/Unpackaged applications and browserso Symantec end point protection change management ● Facilitated the deactivation of unused or abandoned Networked applications and IBAC firewall rules closing likely security gaps● Liaison with the central data-leakage policy team for the change management and implementation of DLP policy changes and exceptions● Implemented a confidential data preservation lookup solution to meet existing and future regulatory needs

Accountable for the daily monitoring, identifying and responding to infrastructure vulnerabilitiesProven ability to gauge threat and risk ratings based on adversary and partner intel and disseminating these findings to minimize the organizations threat surfaceResponsible for proving, documenting and indexing threat indicators to ensure reliable and effective control and process techniques are implementedEstablish and maintain partnerships across the organization to drive swift threat mitigation efforts through testing and developmentProven ability to work with multiple FI organizations regarding new and emerging threats, best practices and minimizing deployment impact Utilized 3rd party tools to detect, assess and eradicate known threat actor techniques, tools and delivery

Role requiring advanced knowledge of information security regulations, best practices, attack vectors and security incident management including tracking and monitoring violations and breaches from detection to remediationAccountable for the daily monitoring, identifying and responding to infrastructure vulnerabilities and disseminating these findings and offer subject matter expert guidance and leadership throughout the enterpriseResponsible for the enforcement of enterprise policies and best practicesEstablish and maintain partnerships across the enterprise to drive remediation and enhance the organizations security postureRemediation control owner responsible for vetting and publishing control metrics on an executive levelIntroduced security process optimization and performance tuning solutionsAccountable for the development, implementation and management of enterprise security processes, including security event and incident management playbooks, training decks, and global policiesResponsible for leading remediation efforts in an environment that requires manual configuration and/or source code changes to resolveAccountable for proactively identifying and correcting critical control gaps

• Responsible for owning multiple security events/incidents of various severity and following through until the threat is eradicated or contained • Security event intake point responsible for the expeditious deprovisioning and mobile data remote wipe requests to aid aligned security teams during sensitive leaver and/or legal events• Ensured security controls and data assets are supported and performing as expected by providing support in an on-call, follow the sun capacity• Responsible for the intake, assignment, documentation, tracking and monitoring of various security events to ensure all resolutions meet or exceeds the organizations standards pertaining to indicators of compromise and validated intel (CVE/NVD’s, Definitions, Hash’s etc)) in a fast paced, highly visible, request based corporate environment

• Supported the integration of legacy operational teams into a single functional entity during a time of acquisition  This role was responsible for creating an encapsulated environment and testing tool compatibility / integration through virtualization as a precursor to an organizational roll out• Responsible for the daily implementation and monitoring of enterprise RBAC/DAC/MAC controls• Responsible for the provisioning / deprovisioning and administration of various enterprise assets including non-interactive service accounts, security groups, testing (UAT), end user, secondary user accounts (Privileged) and Unix accounts; shared directories, corporate LDAP management, Exchange access requests and mailbox creation, shared mailing lists and distribution group access in active directory (Quest Active Roles Server) supporting Windows, Solaris and Unix/Linux environments• Remote/Mobility user administration: RSA Token/FOB access request administration• Performed ongoing access control assessments to identify process and/or control gaps and security concerns in addition to identifying opportunities for improvement • Provided leadership and consultation regarding requests for access to legacy transaction management systems and frameworks (CICS app servers/TSO environment) which required working closely with various mainframe RACF administrators to satisfy access requests• Maintained various script repositories comprised of PowerShell, bash, visual basic, SQL (Oracle, MySQL, MSSQL) and Excel macros used in the creation of bulk access and revocation requests in active directory• Responsible for the daily assignment, processing, tracking, documentation and follow-up of multiple IAM requests in a fast paced, SLA driven environment• Accountable for maintaining the accelerated account on-boarding process for critical business function accounts• Maintained Identity and Access Management (IAM) process documentation and training decks