SUMMARY

• Self - motivated, certified IT Risk Management Professional with a proven track record in technology risk management.
• This includes collaborating with key stakeholders to build an effective risk-based system to identify, measure, and monitor relevant security safeguards.
• Emotionally intelligent communicator with strong leadership capabilities and a skilled people connector who can relate necessary information to internal partners of all levels.
• Excels in project management with the ability to proactively coordinate and balance multiple projects in a time-sensitive environment.
• Knowledgeable in relevant regulations and GRC frameworks to synthesize information and drive strategic alignment to ensure regulatory compliance.

PROFESSIONAL EXPERIENCE

Confidential

Corporate VP, IT Risk Assessments

Responsibilities:

• Conducted risk assessment and gap analysis of business unit areas to identify critical applications/systems that process, maintain, transmit, or receive ePHI data to ensure HIPAA compliance.
• Provided guidance and oversight to staff for the Identity & Access Management (IAM) and Application Risk Assessment Programs
• Assisted in training business partners in all areas related to technology in accordance with the three lines of defense framework which resulted in greater efficiency and adherence to security processes and guidelines
• Coordinated and tracked information technology/security-related audits including scope, timelines, remediation actions and outcomes to ensure quality and success in addressing underlying risks
• Collaborated with internal teams to provide documented evidence of compliance to regulators and external clients
• Facilitated completion of records retention activities (retention schedule, hold orders and records disposition day) to achieve annual Records Management Certification

Confidential

IT Security & Governance Consultant

Responsibilities:

• Held regular forums for senior-level IT management to provide governance of technology risk profile and transparency of technology risk to senior management
• Analysis of KPI metrics on InfoSec risk exposures to detect trends and determine the effectiveness of existing controls
• Utilized technical and business knowledge to create infrastructure key risk indicator (KRI) baselines and provided analysis and graphical dashboard of metric data for performance management & process improvement to Chief Technology Officer.

Confidential

Sr. IT Risk & Security Officer

Responsibilities:

• Customized rules and policies to create reports to capture violations for business applications. This enabled the Information Technology Group to monitor privileged accounts data access attempts on 900+ distributed databases
• Evaluated, developed, and coordinated user testing and installation of Data Loss Protection (DLP) & Threat Management software to align with business objectives & security initiatives to promote a heightened security culture.
• Re-designed enterprise customer review process resulting in a fully functional and integrated process that eliminated inefficiencies and reduced the turnaround time for response to external customers
• Identified, documented, risk-ranked and reported on open issues to provide leaders with insights and metrics into risk trends and security gaps across the enterprise.