Career Highlights: • Management and execution of the Governance and Risk Program from the corporate office of the CISO, across all global brands/subsidiaries of the world’s largest cruise fleet. • Spearheaded the implementation of GenAI and natural language interaction capabilities into enterprise policy management program, enabling employees to easily search for content.Achievements:Executed CISO strategy for continued maturity of global security transformation, ensuring exposure to cyber risks are identified and managed to achieve business objectives.Program lead for organizational policy development and review to meet security, industry standards, and regulatory compliance requirements.Identification, evaluation, and monitoring of the overall security risk profile/posture across the company through the OneTrust GRC platform.Drove increased collaboration across Brands, Legal, Regional InfoSec and Compliance, IT, HR, and Global Data Privacy Council in the development of global security policies.Developed and delivered security awareness program content across multiple LMS platforms, and phishing simulations using KnowBe4.Delivered role-based security training for development and engineering teams.

Owner & President of boutique advisory and consulting practice, focused on SMB and emerging market clients. • Lead of the Governance, Risk Management, & Compliance (GRC) practice. Consulting on program structure and audit best practices. • Board Advisor and design partner for Israeli cybersecurity and GRC startups.

Career Highlights: • Delivered improved effectiveness of multinational compliance programs for this industry leading global cybersecurity company focused on critical infrastructure. • Created data analytics dashboards in Power BI, to focus company efforts on the enterprise vulnerability management program.Achievements:Delivered process optimization of the Governance, Risk Management, & Compliance (GRC) program working in partnership with operations teams in the USA, Europe, and Asia Pacific.Gained certification of cloud-based cybersecurity products in ISO27001 (internal and external), and SOC 2 Type 2 Trust Services Criteria.Prepared the organization for FedRAMP compliance of key technology platforms.Project lead and primary point of contact between multiple external auditors.Restructured policies and procedures in line with NIST CSF, ISO27001, and CIS Controls.Optimized processes for third-party risk and vendor assessments to Risk Management Framework.Developed and delivered executive reporting dashboards, pulling together multiple data sources into a “single pane of glass” view across both cloud and on-premise infrastructure.

Career Highlights: • Creation and deployment of security awareness and ethics compliance training program for the world’s second largest supermarket retailer, including on-site delivery in Chinese and English languages across sites in China, India, Bangladesh, Vietnam, Cambodia, and Turkey.Achievements:Responsible for ensuring all aspects of regional compliance to industry standards and regulatory requirements.Lead the ethics and safety compliance and audit governance, producing risk assessments, investigation reports, and conducting contract reviews/assessments, audit and contingency planning for budget alignment.Developed KPIs and reports for the board of directors on safety, security, and compliance.Measured inter-company and business-unit manufacturing, logistics, and supply chain compliance to company and regulatory standards, conducting audits, evaluating reports, and providing training to maintain accreditations.Conducted security awareness, ethics, and safety compliance training on-site in multiple countries.Spearheaded the deployment of a multilingual mobile app for education and violation reporting.Collaborated with business units and peers (Retail, Manufacturing, Commercial, IT, HR) to align business processes with safety, ethics, and security controls.Sourcing and evaluation of risks across new and existing third-party vendors and services.

Career Highlights: • Implementation of ISO27001 Information Security Management System (ISMS), as the lead auditor for this $2BN global BPO organization, servicing Fortune 500 clients.Achievements:Developed and maintained information security policies and controls to obtain ISO27001 certification.Designed an Information Security Management System (ISMS) to meet government and client requirements.Developed and conducted internal assessments and project managed external auditors.Implementation onboarding of GRC tool for ISO and PCI compliance.Creation of internal assessment process for both information and physical security control improvements across three diverse cities (Shanghai, Changshu, and Guangzhou).Established a Plan of Action and provided regular reporting to APAC regional leadership.Performed incident response and lead business continuity testing.

Career Highlights: • Management of ISO9001 Quality Management System as designated country-wide internal auditor.Achievements:Conducted internal ISO9001 audits and managed third-party auditors of Fortune 500 clients, to certify all business units.Established and maintained performance management policies and processes to meet the gold standard of COPC certification for the business process outsource industry.Performed root cause analysis of performance issues to identify areas of opportunity to improve employee training and calibration to meet client expectations.

Career Highlights: • Managed the monitoring, coaching, and calibration of contact center teams to meet performance targets as defined by multinational Fortune 500 clients of a global Business Process Outsource organization. • Primary point of contact for Microsoft China and Nokia for BPO quality management.Achievements:Performed weekly quality KPI review with strategic clients and business owners.Conducted customer satisfaction (CSAT) analysis of teams and individuals to ensure targets were met or exceeded.