SUMMARY:

• Experienced Security and Privacy Executive adept in development and execution of strategic Policies and Program, conducting effective risk assessments, gap analysis and remediation planning in cyber security, privacy and risk management operations leveraging extensive background in technology, vulnerability management and data protection, GRC practice consulting, security solutioning, service management of key cybersecurity offerings

• Cyber Risk Management and Frameworks
• Technology Risk Assessments
• Cyber Security Policies and Standards
• PMO oversight for VMDP
• Regulatory Frameworks - NIST/CSF FFIEC, GLBA, SOX PCI, etc.
• Cybersecurity frameworks such as NIST 800, CSF, CIS Benchmarks
• Technology and Risk Management Frameworks
• Security By Design and Privacy By Design Controls Frameworks
• Vulnerability, Patch Management and Data Protection Controls
• Audit & Regulatory Reporting and Stakeholder Management
• Data Taxonomy & Classification
• Audit and Regulatory reporting

PROFESSIONAL EXPERIENCE:

Vice President, Truist, Technology Risk Management

Confidential

Responsibilities:

• Lead the review and effective challenge process for Commitments and Deliverables for Regulatory Matters (FDIC/FRB)
• Lead the review of artifacts and effective challenge process for Board Matters Reporting.
• Lead review of Audit issues scope, reporting and review deliverables for final submission
• Lead oversight of Truist PMO portfolio for VMDP Technology MOE activities
• Lead the review and effective challenge of metrics and commentaries for KRI and Risk Scorecards
• Engage with partners in VMDP for metric roadmap development
• Lead the POV (Point of View) for Data Protection
• Lead the COBIT maturity ratings and Residual Rating for 2020
• Led the TRA 2019/20 team efforts for review of the capabilities defined under the InfoSec Cyber
• Lead process improvements in collection and documentation of issues to have risk lens, resulting in risk remediation and reduction and maturity improvements.
• Engaged on multiple Risk Acceptances for Data Privatizations
• Risk Oversight for compliance 2019 for SWIFT, NYDFS and GLBA attestation, resulting in timely review and approval by risk leadership.
• SOX compliance - provide risk oversight on SOX controls, owners and attestation efforts overseeing the appropriate owners and documentation of InfoSec controls.
• Partner with Capability leaders and domain leaders with InfoSec in remediation planning and work stream milestone development, resulting in quality deliverable reflecting process and capability maturity.
• Be a risk partner to the capability and domain leaders in Data Protection, Vulnerability Management, Security and Incident Management influencing strategy, roadmap development and remediation planning and execution, resulting in capability improvements
• Trusted Partner - Attend risk routines and governance meetings for capability leaders and provide meaningful guidance on improvements.
• Developed independent point of view for EIS Risk for Capital One Breach, SharePoint Platform improvements resulting in business partners reviewing current operational practices and policies.
• Assist in developing point of view for Data Privatization Controls.

Senior Security Consulting Manager

Confidential, NA

Responsibilities:

• Lead the efforts for a vulnerability patching and remediation orchestration effort with the client and security delivery teams for platforms and assets discovery, scheduling and delivery output and reporting process optimizations to have almost 55%-85% success across multiple platforms.
• Led the client and consulting team in Technical Security Standards (TSS) remediation efforts targeting a Zero Failed Controls Program following Remediation, Exception and Root Cause Analysis.
• Lead an offshore Security Reporting Team to develop a cadence in reporting metrics.
• Comprehensive GDPR & Privacy assessment focused on security and privacy, resulting in risk prioritized approach for compliance.
• Advocated for establishment of Global Privacy Program Office, resulting in development of Program Charter and Privacy Policy.
• Establish various work streams for Privacy Program resulting in acquisition of budget and staffing of $11M for capability development.
• Established Privacy dimension criteria and requirements for Security By Design and Privacy by Design, resulting in review of 150 applications with high user impact.
• Conduct Risk and Security Analysis utilizing data flow diagrams, traceability, and other privacy properties, risk analysis and controls documentation resulting in Privacy Impact Assessments for 100+ applications
• Design an Operational Privacy by Design process to initiate privacy maturity model aligned with privacy frameworks and standards to result in operationalization of PbD principles.
• Use Case development for Privacy templates and data protection controls.
• Developed a detailed Need Analysis based on current capability of the organization that included development of Security Solutions with Key Systems Attributes (KSA), Key Performance Indicators (KPI), Key Performance Parameters (KPP) and Key Risk Indicators (KRI).
• Development of Governance, Risk, Compliance & Privacy (GRC/P) Program to oversee the development of Policies, Procedures and Standards, Detailed Project Plan for technology implementation.
• Led the program for strategic risk assessment for current Identity and Access Management (IAM) profile for client, resulting in establishment of key gaps for IAM control, establishment of enterprise governance, Role Back Access Controls (RBAC), automated workflow and provisioning, Identity Governance and Intelligence program, Segregation of Duties and Privileged Access management.

Technologies and Processes: ITIM and ITAM, IGA, PIM, RSA, SAP, GRC, Firefighter, Sailpoint.

Senior Manager, Global Security Services

Confidential, Atlanta, GA

Responsibilities:

• Workflow enhancements for Firewall management leading to drastic reduction in execution time and cost reduction for client.
• New security orchestration service offerings integration of Automated End Point Threat Detection Services
• Developed the As-Is and gaps and pain points in the workflow of current process between the client and vendor.
• Collaborated via Agile Process in delivery key Business, Sales Engineering, Enterprise Architecture and Engineering capabilities for prioritized features (projects) for development.
• Facilitated alignment and communications for client executive leadership and SecureWorks executive leaders on key business goals for delivery innovation services in cybersecurity for the client.
• Collaborated with business, CISO, SME and Operations to report on enterprise business portfolio.
• Coordinated security delivery with onshore/offshore and outsourced Agile Teams for development platform.
• Deliver using Agile platform innovative SIEM correlation tools for the client base innovative solutions in VMS OS and VMS Host Correlation, Intra-Location Cache Correlation, Flexible Event Matching, Watch Lists, Annotation Service, IP Blacklist Monitoring
• Provide scrum leadership in development of Counter Threat Platform Portal for monitoring, review and tracking of security events and key metric collection and reporting dashboard
• Led 3 SCRUM software application development teams to design and deliver innovation in SIEM tools for security correlation.
• Participated in the development of security vendors and partners program in positioning for Managed Security Services Operations functions.
• Participated in SOC 2 evaluation criteria for selection of vendors and integration into the Data Center, Cloud and on customer networks/endpoints etc.
• Participated in Risk Assessment Framework of Vendor requirements from enterprise Dell and its MSP customer data.
• Developed Vendor Governance including data classification process for vendors.
• Developed Assessment of Risk Profile for ability to provide secure services to Dell and ability to protect data of MSP customers.
• Led an innovation concept from the Service Delivery Organization (SDO) resulting in the establishment of the of Enterprise Security Performance Analytics dashboard
• Led the delivery of a Machine Learning / Knowledge Expert System Program in the SOC

Technologies : Agile Framework, Atlassian suite (JIRA, confluence) Incident Escalation

Database Architect

Confidential, Atlanta, GA

Responsibilities:

• Designed and implemented a Database migration strategy from Confidential to Confidential as part of the acquisition.
• This included a ‘high availability’ architecture to migrate databases and services with zero down-time and instituting disaster recovery processes.
• Assisted the CISO office with guide lines on DRP testing guidelines and procedures.
• Designed and lead the implementation of the dashboard for monitoring system to be used by the Incident Response Team, CISO and Internal Audit teams for access history.
• Key Contributor for the Enterprise Business Continuity Planning and Disaster Recovery Team. Lead the Business Continuity Planning for all data assets.
• Led Multiple efforts that had high visibility impact to the business operations.
• Design and implementation several Oracle Data Warehouse and operational applications.
• Designed various High Availability and Clustering solutions to support operational business needs.
• Developed and operationalized best practices for database security guidelines for CISO office.
• Facilitated the process for data labelling and delivered the standards for enforcing RBAC for enterprise.

Sr. Software Developer

Confidential, Atlanta, GA

Responsibilities:

• Developed functional specifications for enhancements to a financial sub ledger.
• Developed the logical and physical model for the reengineering team in rewriting Informix applications to Oracle.

Lead Web Content Developer

Confidential, Elizabethton, TN

Responsibilities:

• Developed practice of web content development for over 200 clients of the publishing group.
• Hired a team of web site graphics, content writers and Web administrator.