As the VP of Information Technology and Information Security at AML RightSource, I drive the selection, implementation, and operation of our global technology footprint. I oversee teams in AMER, APAC, and EMEA, ensuring that our technology initiatives are aligned with our lines of business and that we effectively manage IT budgetary spend.By developing and maintaining our Information Technology Strategic Roadmap, I balance resource allocation based on cross-organizational IT demand to ensure efficient resource utilization. I also oversee the implementation and maintenance of our IT general controls, based on COBIT/ITIL frameworks, to ensure compliance with regulatory requirements.As part of my role, I facilitate our third-party audits, such as SOC2 and ISO27001, and respond to client Compliance/GRC due diligence questions. This allows me to identify and implement mitigating controls to ensure compliance with both customer expectations and regulatory requirements.AML RightSource provides anti-money laundering and financial crimes consulting services to clients across various industries. Our lines of business include transaction monitoring, alert investigation, and compliance program management.

Responsible for leading the Platform, Network, Desktop, Training, Telecommunications, Helpdesk and Security & Compliance teams. Prioritized initiatives, staffing and budgetary allocations across teams while reducing year over year IT spend.Coordinated the Information Technology component of a 3rd party organizational benchmarking effort designed to reduce cost and headcount across the company. This effort resulted in multiple initiatives including contract renegotiations, service level reductions, infrastructure rationalizations, contractor eliminations and application portfolio reviews which reduced the IT run rate from $62.5m to $43.5m (30%) and IT headcount by 42 FTE.Developed an IT Operations workforce plan to quantify the activities being performed in each Operations Services team and ensure that any risks introduced by the reduced IT workforce are specifically identified and addressed.

Led the creation of a rolling 3 year IT forecast and demand analysis. This effort produced a visualization of anticipated business demand for IT services over the next 1-3 year time period. The output was used to prioritize infrastructure and application activities and identified teams that needed skills enhancement.Performed an information security risk analysis and identified areas of focus for the security program. This was used as the basis for the Information Security strategy and initiative roadmap.

Facilitated a comprehensive risk assessment with IT and business leadership to establish a baseline for the corporate information security and compliance program. The results from this risk assessment determined the prioritization for initiatives on the newly developed information security and compliance roadmap.Justified, scoped, planned and coordinated the execution of a vulnerability assessment (ethical hack) of the corporate environment. The results identified a number of opportunities that were addressed immediately

Assembled and lead a highly effective team of resources to perform all aspects of information security across Westfield including: Information security policy creation; Information security awareness and training activities; Project architecture and engineering; Network vulnerability scanning and security event correlation; Computer forensics and e-discovery; Incident response planning and integration; Disaster recovery planning and event coordination; Risk management and analysis activities and Compliance tracking activities.Facilitated the annual Information Technology (IT) unit risk assessment and represented IT on Westfield’s Enterprise Risk Management (ERM) team that identified, researched and prioritized the most significant risks to the organization. Regularly updated and presented to senior leadership status on the “Privacy Breach” and “Technology Service Interruption” risks which were both considered to be in the company’s top 10 risk scenarios.Utilized industry standard frameworks including COBIT, ITIL and ISO27002 to measure the current state process maturity across the IT organization. Facilitated meetings with senior leadership to determine target maturity levels and produced “heat maps” to drive improvements in areas that were not at their target maturity. Identified and published relevant information security, risk management and disaster recovery metrics. The analysis of these metrics allowed senior leadership to clearly link the financial expenditure associated with information security and risk management activities with the business value they return.Identified, justified and acted as project executive on multiple initiatives focused on reducing risk to the organization in the areas of information security.

Managed the VMIRT, which was responsible for identifying, implementing and monitoring the controls that balance business risk with information security. This team consisted of nine vulnerability management, incident response and computer forensic engineers.Identified relevant information security related metrics for activities that were performed by the VMIRT and other operational areas. These metrics were compiled into a monthly report that scores the effectiveness of existing security controls and processesCoordinated security posture assessments on critical infrastructure. Results of these assessments were organized into “security findings” documents which were used to initiate projects to remediate the identified vulnerabilities. Represented KeyBank on the Financial Services Technology Consortium (FSTC) committee on Counter-Phishing, which had participation from many of the largest Financial Institutions in the United States. Successfully implemented appropriate controls within the Key environment and handled the approximately 60+ unique phishing attacks targeted at KeyBank each month. Initiated and acted as technical owner for the security event correlation initiative. This initiative encompassed the definition of the corporate Intrusion Detection (IDS) and Intrusion Prevention (IDP) strategy, the creation of technical requirements, product selection, implementation and integration into existing monitoring technologies and processes. Initiated and coordinated the complete redesign of the computer incident response program, which included the creation of incident response plans, “live response” toolkits, computer forensic standard operating procedures and periodic “dry run” exercises