Functional Skills
Information Security Management
Project Management
Vendor Management
Incident Response
Budgeting
Regulatory Compliance
Risk Management
Good Clinical Practice (GCP)
Innovation Management
Operations Management
Leadership Development
Marketing Analytics
Data Collection / Research
Systems Integration
Compliance and risk
Software Skills
AWS
Active Directory
Amazon Marketplace
Ansible
Application monitoring
APT
AWS Redshift
AWS S3
Azure Active Directory
BigData
BitBucket
Blockchain
Board
C
Cisco networking
Certifications
CISMCertified Information Security Manager
CISSPCertified Information Systems Security Professional
Sector Experience
Business Services
Financial Services
Media & Entertainment
Social & Public Sector
Technology
Experience
ADTHEORENT, INC.
Corporate Strategy & Development
Chief Information Security Officer / Chief Procurement Officer (CHIEF INFORMATION SECURITY / PRIVACY OFFICER
3/2019 - Present
• Responsible for the strategic leadership of product and data Information Security programs in a 100% Cloud/SaaS applications environment, building secure ecosystems that support innovation and growth.
• Technical Leadership: Leading the implementation of Information Security and Privacy Programs from the ground up, led initiatives, reduced the number of vulnerabilities by 60% in three years.
• Digital Fraud and Abuse: Implemented fraud and abuse solution to identify invalid traffic to ensure fraudulent ad placements detection and protection.
• Information Security Strategy: Created a strategic product and data information security roadmap, with leadership buy-in, to build and sustain a world-class information product, data security, and privacy program (ISO 27001
● NIST CSF 2.0, SOC 2, CIS, HIPAA, GDPR, CPRA California Privacy law).
• InfoSec Risk Management: Established an information security risk management committee and working groups to determine acceptable levels of risks,
• Technical Leadership: Leading the implementation of Information Security and Privacy Programs from the ground up, led initiatives, reduced the number of vulnerabilities by 60% in three years.
• Digital Fraud and Abuse: Implemented fraud and abuse solution to identify invalid traffic to ensure fraudulent ad placements detection and protection.
• Information Security Strategy: Created a strategic product and data information security roadmap, with leadership buy-in, to build and sustain a world-class information product, data security, and privacy program (ISO 27001
● NIST CSF 2.0, SOC 2, CIS, HIPAA, GDPR, CPRA California Privacy law).
• InfoSec Risk Management: Established an information security risk management committee and working groups to determine acceptable levels of risks,
Washington Trust Bank
Finance
VP, INFORMATION SECURITY OFFICER
4/2017 - 6/2019
• Strategy and Leadership: Led the development and documentation of the information security vision, roadmap, objectives, strategies, budget, and training plans for the Information Security Office.
• Program Management: Developed an Information Security Program from the ground up, including a governance model, policy framework, marketing/branding strategy, and awareness campaign that reduced phishing incidents by 25%.
• Risk Management: Conducted ongoing information security compliance assessments (FFIEC, FDIC, ISO 27001:2013, PCI), and acted as primary liaisons for all internal and external audits.
• Compliance / Auditing: Successfully led the bank through ISO 27001:2013 and SOC 2, Type 2 certification, and re-certification process.
• Led multiple external information security program audits provided by PwC and Deloitte.
• Innovative Technologies and Continuous Improvement: Led continuous development and automation of the overall security assessment program, reducing the labor re
• Program Management: Developed an Information Security Program from the ground up, including a governance model, policy framework, marketing/branding strategy, and awareness campaign that reduced phishing incidents by 25%.
• Risk Management: Conducted ongoing information security compliance assessments (FFIEC, FDIC, ISO 27001:2013, PCI), and acted as primary liaisons for all internal and external audits.
• Compliance / Auditing: Successfully led the bank through ISO 27001:2013 and SOC 2, Type 2 certification, and re-certification process.
• Led multiple external information security program audits provided by PwC and Deloitte.
• Innovative Technologies and Continuous Improvement: Led continuous development and automation of the overall security assessment program, reducing the labor re
Everbank/TIAA Bank
Finance
VP, DIRECTOR OF INFORMATION SECURITY ENGINEERING & ARCHITECTURE
10/2014 - 4/2017
• Program Management and Compliance: Responsible for the administration and execution of the information security program and regulatory compliance frameworks (FFIEC, GLBA, SOX, HIPAA, NIST).
• Information Security Operations: Developed short-term and long-term approaches for managing security operations and architecture using both in-house and third-party resources.
• Streamlined incident response processes, leading to a 30% reduction in incident resolution time and improved incident response effectiveness.
• Compliance: Successfully led the bank through SOC 1
● Type 2, and SOC 2, Type 2 certification and re certification processes.
• Auditing: Led multiple external information security program audits provided by PwC and EY.
• Identity and Access Management: Designed and guided implementation of IAM solution on-promises and cloud
• Project Management: Provided information security oversight, guidance, and consulting for security projects.
• Information Security Vendor Manageme
• Information Security Operations: Developed short-term and long-term approaches for managing security operations and architecture using both in-house and third-party resources.
• Streamlined incident response processes, leading to a 30% reduction in incident resolution time and improved incident response effectiveness.
• Compliance: Successfully led the bank through SOC 1
● Type 2, and SOC 2, Type 2 certification and re certification processes.
• Auditing: Led multiple external information security program audits provided by PwC and EY.
• Identity and Access Management: Designed and guided implementation of IAM solution on-promises and cloud
• Project Management: Provided information security oversight, guidance, and consulting for security projects.
• Information Security Vendor Manageme
Harvard University
Corporate Strategy & Development
EXECUTIVE DIRECTOR OF INFORMATION SECURITY & RISK MANAGEMENT
6/2011 - 10/2014
• Leadership and Strategy: In coordination with the Harvard University CIO, responsible for the creation and implementation of the information security program, roadmap, strategy, and risk management.
• Harvard hospitals and research experience: HIPAA / HITECH compliance support for Harvard hospitals and medical / pharma research labs.
• Information Security Risk Management: Developed and maintained an information security risk management process to identify, quantify, catalog, and remedy information risk across the university, reducing cybersecurity risks by 25% in the first year.
• Continuous Improvement: Key contributor in the development and documentation of the information security vision, roadmap, objectives, strategies, budget, and training plans for the Information Security Office.
• Information Security Program Management: Led budgeting, acquisition, and implementation of information security technologies and services
• Compliance: Played a key role in creating, designing
• Harvard hospitals and research experience: HIPAA / HITECH compliance support for Harvard hospitals and medical / pharma research labs.
• Information Security Risk Management: Developed and maintained an information security risk management process to identify, quantify, catalog, and remedy information risk across the university, reducing cybersecurity risks by 25% in the first year.
• Continuous Improvement: Key contributor in the development and documentation of the information security vision, roadmap, objectives, strategies, budget, and training plans for the Information Security Office.
• Information Security Program Management: Led budgeting, acquisition, and implementation of information security technologies and services
• Compliance: Played a key role in creating, designing
Washington State University
Management Consulting
UNIVERSITY INFORMATION SECURITY MANAGER
2/2006 - 6/2011
• Information Security Program Management: Responsible for overseeing the university-wide Information Security program across five campuses.
• Information Security Design &Architecture: Initiated and chaired the Enterprise Architecture Board, driving information security standardization and documentation of systems and technologies.
• Leadership and Strategy: Conceptualized strategic and architectural roadmaps through baseline and target architecture definition, gap analysis, emerging technology research, and business strategy and requirement analysis.
• Vendor Management: Conducted gap and impact analysis against contract changes and negotiated compensation for added expenses.
• Continuous Improvement: Developed and executed security awareness/training, incident response, and vulnerability management plans.
• Information Security Design &Architecture: Initiated and chaired the Enterprise Architecture Board, driving information security standardization and documentation of systems and technologies.
• Leadership and Strategy: Conceptualized strategic and architectural roadmaps through baseline and target architecture definition, gap analysis, emerging technology research, and business strategy and requirement analysis.
• Vendor Management: Conducted gap and impact analysis against contract changes and negotiated compensation for added expenses.
• Continuous Improvement: Developed and executed security awareness/training, incident response, and vulnerability management plans.