Playing a critical role in ensuring the effective management of security controls and risks associated with enterprise data governance and privacy frameworks and consulting delivery engagements. Achieved by collaborating with network, compliance and specialist teams to address cybersecurity-related threats and issues, mitigating potential liabilities. Steering a team of skilled professionals in establishing governance and global strategies, in correlation with security requirements and risk management principles, aligned to NIST, ISO 27001/2 and Privacy standards.

Providing subject matter expertise on technical aspects of information security and risk management Develop, operationalize and maintain the Cyber Risk Management Framework and keep it aligned with the Information Security, Technology Risk and Operational Risk teams. Working with leadership to set and communicate the cyber risk appetite in alignment with overall operational risk appetite limits. Achieving SOC2 certification and compliance in order to strengthen their overall security programs and lower the potential risk of a security breach.

In partnership with the executive team, to develop an information security strategy with a roadmap governing investment, execution, and certification programs. More specifically, responsible for ensuring compliance with key certification standards, frameworks, regulations, and customer requirements. In particular, oversaw PCI, HITRUST, ISO 27001, HIPAA, and GDPR certification/compliance. (Team Size: CRO, Audit Director, Information and Security Privacy Managing Directors) • Enforcement of policies and associated processes by measuring and monitoring security programs and existing controls and conducted periodic audits and reviews to ensure their efficiency, operating effectiveness, and that compliance requirements were met.• Closely worked with engineering, legal, people and operations teams to ensure that best practices around information security are implemented and documented.• Incorporated processes that transform personal data in such a way that the resulting data cannot be attributed to a specific data subject without the use of additional information and keeping them separate, in compliance with HITRUST, GDPR and HIPAA.• Reviewed third-party and client contracts to understand how the data is stored and processed and an agreement on a compliant process for compliance reporting (GDPR, ISO, SOC 2 and PCI).