• Manage and maturate information security program requirements. Develop policies and standards, promote security awareness, manage vendor risk assessments, compliance initiatives, and BCP/DR planning• Manage and support all IT Compliance initiatives; PCI (cloud solutions), SOC2 (cloud solutions; corporate network), ISO (Internal), and GDPR (cloud solutions; corporate network)• Direct governance of vulnerability management program• Security advisor for architectural frameworks of new and current solutions• Establish and facilitate customer security program requirements and audits

• PCI Core Team administrator – PCI-QSA, PCIP• Direct and facilitate PCI DSS security assessments. Guide the overall assessment, conduct gap analysis, develop remediation recommendations, and design sustainable programs. Deliver ISA program self-assessment guidance and recommendations for client RoCs• Advisor for security framework assessments based on HITRUST, NIST, and PCI DSS requirements• Support ISO 27K readiness assessments. Perform gap assessment with remediation recommendations, and proposed ISMS implementation roadmap• Manage and lead project teams and security training courses on PCI and data flow mapping

Certified PCI QSA • Performed PCI DSS security assessments. Directed interviews and site visits. Evaluated overall client information security program. Delivered PCI DSS Report on Compliance• Coordinated on SSAE16/ Type 2 SOC1 audits with internal audit team. Provided PCI framework guidance to assist in client audits

EMC Consulting - Security & Risk Management PracticeCertified PCI SSC Internal Security AssessorRSA Archer Certified Consultant• Consultant for PCI and ISO 27K readiness assessments. Conducted interviews and site visits, and examined client’s current security posture against DSS and ISO requirements. Delivered recommendations and a remediation roadmap to assist with regulatory requirements. Conducted PCI gap analysis and scoping exercises for TransArmor solution clients• Consultant for incident management projects. Developed an incident management process framework to effectively manage cyber threats and security incidents. Performed project oversight of data collection, client analysis, and IR partner activities. Developed infrastructure security and information protection roadmap• Consultant for information security policy and standards development project. Developed and expanded priority security policies and standards. Delivered future state roadmap for policies and standards • Consultant on data classification project for RSA DLP Suite client. Conducted data classification workshops with key stakeholders. Reviewed policies to formulate a client specific DLP strategy roadmap

• Project Manager for PCI Compliance Project and current Compliance Program. • Evaluate and monitor PCI compliance standards for all program areas. Assist internal teams with PCI DSS guidance and interpretation. Responsible for determining scope and prioritization of requirements.• Coordinate and participate in all PCI assessment activities. Monitor remediation activities and resources in order to maintain QA processes. • Direct management of the Managed Security Services implementation. Lead the outsourcing partner through complete project life-cycle and to final hand-off to internal users.• Core team partner on the Tokenization Project. Direct coordination with internal project, development and application teams. Assessed and reviewed proposed solutions for legacy applications integrating into current enterprise infrastructure. • Managed capitol budget for internal project planning codes. This included resource, software, and hardware spend amounts.

• Project Manager for legacy Delta Air Lines, Inc. and legacy Northwest Air Lines, Inc. Information Security Integration Project. Developed and implemented project plans based on the ISO 27K standard.• Directed and monitored integration activities and resources to mitigate risk and meet strategic vision. Lead milestone and deliverable reviews with project teams and project sponsors.• Managed multiple teams through delivery of an integrated compliance and information security program in headquarter locations

• Knowledge Management subject-matter specialist for enterprise software. This included support, testing, training, software evaluation, and future development. Provide technical writing and approval of application documentation. Additional duties include test plan creation and execution along with test defect reports.• Project leader for the Technology Control Center and Enterprise Systems Management. Projects include Knowledgebase renewal, operational plan conversion, and contact list renewal.

• Developed Brio reports and processes. Including gathering requirements, setting target dates, testing and implementing reports in production.• Supported conversion of Service Desk data to Teradata and report conversion to Brio.

• End user support for Sales Force Automation, airport renewal, Atlanta general offices, and Delta international users.• Airport renewal deployment team. Installation of PC’s and associated peripherals in the airport. On-site user support and mentoring.