SUMMARY:

• Strategic cyber security consulting and technology risk management leader focused on ensuring protection of confidentiality, integrity, and availability of enterprise assets in compliance with organizational policies, regulatory requirements, and international technology governance standards. Expertise in deploying or maturing first or second line of defense risk management capabilities.
• Expertise in planning and execution of due diligence relative to all aspects of cyber risk in order adopt an appropriate risk posture while facing a continuously evolving threat climate.
• Cyber Security strategy, roadmap planning & execution
• Cloud Migration and Cloud Security (AWS, Azure, GCP). Experience with Security Services in Azure and in AWS: AWS Inspector and Guard Duty, IAM, KMS, VPC, Security Groups, Condional Access Rules/Policies; CloudWatch, Lambda and AWS Config, AWS Networking/VPC, EC2, RDS, Docker, ECS, Kubernetes, and Container Security. IaC, PaC, Skyhigh
• Application of NIST CSF and based controls in cloud (AWS, Azure) environments
• Application Security, SAST/DAST, APIs, DevSecOps; Akamai WAF and WAAP Kona Site Defender (KSD)
• CICD security and automation
• Firewall Engineering/Firewall
• Security information and event management; Splunk ES; (SIEM)
• Security incident response, forensic analysis (DFIR)
• Vulnerability Management, Penetration Testing,
• IT strategy, roadmap planning & execution
• IT service management & operations
• IT Governance Risk and Compliance
• IT Infrastructure: Network LAN/WAN
• IT GRC Tools: (ServiceNow, RSA Archer, MetricStream, Brinqa)
• IT risk management & governance
• 3RD Party or Vendor Risk Management
• IT audit & compliance
• IT program & project management
• IT vendor & procurement management
• Business continuity and disaster recovery planning (BC/DRP)
• Cloud security (IaaS, PaaS, SaaS)
• Data Encryption
• Data Leakage Prevention (DLP)
• Identity and access management (IAM)
• Stakeholder management & executive / C - level communications
• Leadership, people management, Cross cultural management skills, international experience
• Technology transformation, leading through Change
• Regulatory audit and compliance (FFIEC CAT, GLBA, NYDFS, PCI, OCC/SEC, HIPAA, SOX, SOC1/SOC2; Global: GDPR, MAS, JFSA HKMA, PBOC, RBI)
• Technology governance and security standards (ISC2, ISO27000, COBIT, ITIL, FIPS, NIST, PCI-DSS, SOX, MITRE, OWASP, CIS)

PROFESSIONAL EXPERIENCE:

Confidential, Westlake TX

Application Risk Management Consultant

Responsibilities:

• Supported second line of defense risk management organization with execution of technology risk management oversight functions related to application risk
• Revised application security related policies and standards
• Produced monthly metrics to enable management reporting / dashboards related to application security posture
• Oversight of critical web application security activities includes WAF and WAAP solutions (Akamai WAF and Kona Site Defender)

Confidential, Plano TX

Vice President

Responsibilities:

• Served as the Control Domain Authority (CDA) for the second line of defence technology governance, risk, and control (TechGRC) function
• Provided risk management oversight of the 3rd party / vendor risk management function
• Provided risk management governance and oversight for ‘journey to cloud’ (J2C) program (including security controls within Azure and AWS)
• Drafted and Published firm wide Risk Assessment Policies
• Performed risk management oversight of first line of defence Cybersecurity and Technology Controls (CTC) group
• Performed assessment using FFIEC CAT (Cybersecurity Assessment Tool) as part of regulatory preparation exercise
• Executed regulatory readiness review based on FFIEC Examination Handbooks and evaluation of Confidential internal controls

Confidential, Irving TX

Cyber Security Consulting Sr Manager

Responsibilities:

• Partnered with Client CISOs and other executive leaders to shape the organization’s cyber security strategy to align with broader corporate objectives/goals and protect business value
• Designed, deployed, and managed service delivery / quality assurance of comprehensive global cyber security programs
• Executed business development and RFP response activities to increase revenue within security practice
• Coached and mentioned junior resources to maximize personnel contributions, drive career growth, and foster talent retention
• Participated in business expansion / revenue generation activities through driving expansion of services to existing clients or supporting deal closure activities with new clients
• Drove RFP Response, Service Transition, and Service Delivery / Quality Assurance of global cyber security program inclusive of:
• Technology risk management, risk assessments, security maturity assessments, first and second line of defense capability deployment or maturation
• Cloud security, cloud migration support (AWS, Azure, GCP, SaaS service integrations)
• IT Infrastructure (storage, data management and recovery tools (ie Cohesity), IBM, AWS S3, and Microsoft Azure based storage solutions)
• Security strategy development and organizational communication (middle management, C-Level, Board).
• Security event monitoring
• Security incident response
• Vulnerability management, SAST, DAST
• Application security include WAF and WAAP (Akamai WAF and Kona Site Defender (KSD) tools management / administration)
• Penetration testing
• Security architecture & engineering
• Security technology/tools management, tools rationalization
• Security awareness and
• Information security policies, standards, and procedures development and maturation
• Security maturity assessment, roadmap development
• Security risk assessment (Framework based: ISO 27001/2, NIST CSF, others)
• Governance, risk, and compliance (GRC); SOX compliance; Service Organization Control reviews (SOC1, SOC2)
• Led the data protection and risk management requirements relating to personally identifiable information (PII) and protected health information (PHI) for state sponsored COVID19 contact tracing solutions
• Collaborated with local boards of health, state and local governments, hospital and clinic administration, and volunteer or paid contact tracers.
• Led all cybersecurity and risk management activities as part of the contact tracing service
• Transformed TRM Risk Assessment function to improve effectiveness and efficiency
• Executed enterprise infrastructure, application, 3rd Party /Venodr Risk, and process risk assessments using TRM tools and procedures
• Conducted Cloud Security Assessments (IaaS, SaaS, PaaS), provided cloud migrations support and API security reviews (AWS, Azure)
• Evaluated NIST CSF controls against AWS hosted and/or SaaS based applications
• Presented Risk Assessment findings to business and technology stakeholders
• Assisted in aggregate risk assessment findings analysis to identify firm wide technology risks
• Developed and presented monthly business unit reports to summarize risk assessment progress based on annual plan
• Security Services Transition Manager (stood-up new services after winning $20MM 5yr services contract)
• Executed and monitored security controls across the cloud (AWS and Azure) and on-prem client environments.
• Security Service Delivery Lead (managed hybrid on-shore / off-shore teams)
• Security Breach Response Lead (lead full scale breach response for major security compromises within the corporate network)
• PCI Assessment Lead (deployed PCI-DSS based vulnerability scans, drove remediation activities, published compliance reports)
• SOX Compliance Liaison (support SOX Compliance Lead but participating in data gathering / control testing activities)
• M&A SMA support luxury retail merger
• M&A SMA support for financial services / bank mergers
• Led review of technology risk management / cybersecurity policies, standards, and procedures across both organizations involved in the M&A transaction, identified gaps, published recommendations to close gaps pre and post deal close
• Led review of risk posture and un-remediated vulnerabilities across both organizations
• Drafted 18-month TRM Roadmap to deploy singular and mature TRM capability post deal close

Confidential, Irving TX

Group Manager

Responsibilities:

• Minimum Satisfactory rating on all regulatory audits in previous 5 years
• : Led the Command Center’s Internet Threat Defense strategy including authoring Process Control Manuals for step-by-step threat response; executing security service contracts with strategic vendors including Verisign and Akamai; outsourcing external DNS services to maximize defensive capabilities; and engaging directly with Security Ops, Cyber Intelligence, and Application/Development teams to form a virtual cross functional threat defence team across the firm. Authored briefing for executive leadership on DDOS Threats, realized and potential business impact, and current and proposed mitigation strategies.
• : Led the Citi Technology Infrastructure Global Command Center Transformation initiative including formation and deployment of the Security Operations, Service Monitoring, Level-1 Support Operations, and Risk Management teams in Singapore
• : Led Command Center globalization efforts including transitioning from Senior Manager or Americas based out of Irving TX to Senior Manager of Asia Pacific based out of Singapore in 2013. Also participated in the build out of the EMEA Command Center in Warsaw Poland through a 3month assignment in Q3 2014 to further drive globalization and execute a 3-site strategy.
• 2014: Led Command Center resource optimization effort in Asia resulting in consolidation of Japan and Hong Kong Centers into the Singapore site achieving a $1MM run rate save.
• Network Analyst; Team Leader; AVP Operations Manager; VP Operations Manager; 2011 SVP Operations Manager
• Began in August 2005 and established a pattern of superior performance and increased responsibility as a network analyst and team leader culminating in entry into the Management Team in 2008 prior to joining the Senior Management team in 2009.

Confidential

Enterprise Support Manager

Responsibilities:

• Led team of technical support engineers responsible for handling enterprise level IT support under the following business units within Product Support Services (PSS): EPS (Enterprise Platforms Support), EBA (Enterprise Business Applications), and Developer Support. Maintained positive external and internal customer relations.
• Promoted to Lead Manager for Enterprise Platforms and Enterprise Business Applications group in March 2004. Added responsibilities included new-hire, peer coaching and evaluations, coordinating meetings and sessions, conducting regular reviews and updates of PSS policies and procedures, and measuring productivity of various Support Engineers and support teams based on case closure and customer satisfactions goals.

Confidential

Network Operations Center Engineer

Responsibilities:

• Designed WAN (wide area network) connectivity across multiple sites for new and existing clients based on the needs established by their networking or IT personnel.
• Executed change management work orders (CMWO) implementing configuration changes and updates to the networks as directed by EDS or WorldCom Network Engineering group.
• Monitored and configured Cisco routers for Electronic Data Systems at EDS Corporate headquarters in Plano, TX.
• Performed Tier1 network support including router hardware, software, or configuration issues and wide area network data circuit tests.
• Worked with local telecommunication companies to troubleshoot T1, T3, ISDN, ATM, SONET, and frame relay issues; worked to isolate issue to circuit issues, Telco equipment failures, or CPE (csu,/dsu, cabling, router, etc.) failure.