Head of Information Security GRC

- Teams: Leader of security compliance teams responsible for a wide breadth of products covering analytics, AI/ML, commerce, platform, and marketing- People: Supporting the development of people on my team by enabling opportunities, career coaching, and impactful feedback- Process: Development of strategies for process improvement to maximize effectiveness and efficiency of the GRC function in areas such as control operation, reporting, and root cause analysis- Business and customer focus: Design and implementation of a structure to support compliance for products onboarding to Salesforce’s new multi-substrate architecture that enable current revenue, customer experience, and future growth

- Overall leader of Regulatory Compliance responsible for delivery of Tableau product and corporate compliance- Built the compliance function and grew a team focused on a mission and strategies aligned with corporate strategic planning and delivering results that contributed to the achievement of corporate goals- Developed a program structure to standardize the delivery of compliance services across corporate and product compliance initiatives including SOC 2, SOX, and privacy- Advised the Chief Information Security Officer and other executive leaders on matters such as compliance risk and strategies to leverage compliance as a driver to achieve business goals

- Leader and architect of the QTS GRC team and function spanning core elements that included: - Creation of the QTS enterprise policy and control sets including methodologies for governance - Risk assessment capabilities that delivered actionable insights on threats and vulnerabilities - Comprehensive compliance enabling revenue through delivery of SOC 1, SOC 2, ISO 27001, PCI DSS, HITRUST, FedRAMP, EU Privacy Shield, GDPR, OFAC, HIPAA/HITECH, and support of customer- specific compliance- Managed the team that performed the initial implementation and launch of ongoing certification of new standards including HITRUST, ISO 27001, GDPR, and EU Privacy Shield standard- Led the implementation and continued management of the Keylight GRC Compliance Manager software- Managed the team performing ongoing monitoring and executive and regulatory reporting of compliance standards supported by QTS- Led the initiative to harmonize all compliance requirements supported by QTS into an integrated enterprise control set to reduce duplication and increase operational efficiency

- Managed the overall QTS compliance controls framework- Led the implementation of the QTS OFAC compliance monitoring program- Collaborated with control owners across QTS business units to monitor the health of compliance controls and implement process changes to improve business functions to efficiently meet control requirements- Managed the implementation of the SailPoint IDM software platform to centralize and automate provisioning, deprovisioning, and access review processes

- Led the implementation of the SOC 2 standard and launch of QTS' ongoing SOC 2 reporting process- Led the implementation of the PCI standard and launch of QTS' ongoing PCI Level 1 Service Provider reporting process- Led the implementation of the FedRAMP standard and launch of QTS' ongoing FedRAMP reporting process- Facilitated periodic third-party audits performed in support of maintaining compliance standards reporting- Performed internal audits over various business processes including system implementation and payroll

- Experience planning, leading and completing projects - Evaluation of IT systems in support of Financial Audits - Reports opining on the operation of the IT internal controls of Service Organizations - SOC 1, SAS 70- Advisory services focused on assisting clients with specific IT needs- Regularly performed audits for SOX compliance covering Business Process Controls and Logical Access, SDLC Management, and Computer Operations General IT Controls- Investigated root causes of internal control exceptions and presented findings to management with solutions based on Industry Leading Practices - Developed data mining tools used in an IPO Readiness project for a Fortune 500 Company- Performed Financial and Operational internal control testing for a global Insurance Company- Supported Disaster Recovery Feasibility testing of a Fortune 500 company by extracting specific information from non-uniform data sources