EXECUTIVE PROFILE

Information and Cyber Security leader with over 15 years of diverse experience in IT Security, Risk and Compliance as well as a substantial background in Accounting and Finance, including a BSBA in Accounting. Certified Fraud Examiner and Certified PCI Internal Security Assessor. Significant expertise in PCI Compliance, Information Security, business systems analysis, SAP, project management, requirements gathering and security awareness training. Broad knowledge of Information Systems concepts. Possess strong ability to convey complex information in a clear and concise manner, serving as a liaison between technical and non-technical professionals. Recognized for building and sustaining rapport at all levels of the organization. Detail-oriented with an eye for maximizing bottom-line results.

PROFESSIONAL EXPERIENCE

Confidential

AVP, Enterprise Security, Risk Compliance

• Worked closely with a variety of internal departments and external vendors to build and execute a unified security, risk and compliance strategy to reduce risks, enhance security and compliance across the platform
• Broad oversight from ecommerce transactions to internal departmental processes, security controls, OWASP controls, account management, and areas susceptible to fraud
• Managed day to day activities for Security, Risk and Compliance Department
• Develop and refine metrics to measure security compliance and risk status, identify gaps and show effectiveness of countermeasures implemented to close those gaps
• Established Fraud thresholds and quantify the rate of loss in relation to what is acceptable
• Drove compliance with the Payment Card Industry Data Security Standard PCI-DSS
• Integrated industry best practices and identify/develop leading edge risk security, risk and compliance solutions
• Implemented processes and methods for auditing and addressing non-compliance to information security standards
• Facilitated migration of non-compliant environments to compliant environments
• Managed chargeback process establish metrics and seek out areas for improved efficiencies
• Optimized fraud operations in all channels mobile, online, call center, and internal , including fraud customer complaint resolution
• Built tightly coupled relationships and processes with other areas in the company to ensure accountability and tracking examples would be working with Engineering, Legal, Accounting and Business Intelligence

Supervised Risk Compliance team

Confidential

PCI Internal Security Assessor

• Managed the Payment Card Industry compliance required by payment brands
• Created and drove Security Policies and Standards related to PCI Compliance, Personably Identifiable Information, Data Retention and others related to Information Security
• Conducted internal annual audits as a merchant that stores, processes and transmits credit card data. This includes Corporate Headquarters, Brand Retail stores and International offices
• PCI ISA certified
• Reviewed legal contracts related to third party suppliers for information security language requirements
• Worked collaboratively with Legal, HR, IT and business partners on a global basis to ensure compliance
• Provided expertise in interpretation, clarification and applicability of Policy, Standards and Controls for the Enterprise
• Developed and managed the enterprise Information Security Awareness program for annual employee compliance training
• Worked closely with other security and operational team members to coordinate IT risk assessment, decision support and remediation planning, security program development, incident response
• Assisted with remediation by collecting, organizing, analyzing and summarizing requirements for technical and process improvements
• Consulted as PCI Compliance expert on projects across organization
• Serves as IT Project Manager and subject matter expert for Loss Prevention initiative and other areas of Information Security as required

Confidential

Infrastructure Engineer Senior Specialist contract

• Provided Level 2 support for email and web security applications
• Provided technical support and troubleshooting for URL content filtering, Email and Web Security, DLP, IPS
• Upgraded, configured and monitored security products
• Provided support for environment and infrastructure problems in the production and non-production environments
• Worked with external partners to implement TLS secure mail
• Performed in-depth troubleshooting of complex and business critical perimeter issues including email, web and data leakage

Confidential

IT Project Manager

• Led all phases of several SAP projects while managing, motivating and leading multiple project teams of up to ten associates from both business and technical areas.
• Managed the full project life cycle of projects totaling up to 500,000, including analyzing processes, requirement gathering, needs assessment, strategic planning, project scope definition, development, implementation and reporting. Consistently forecasted and maintained project budgets within 5 of allocated amount and presented monthly for the senior management Review Board.
• Researched and analyzed variances from budgeting and forecasting, including cross-referencing SAP reports with the general ledger. Consistently drove over 25 increased workflow efficiency for accounting and finance.
• Developed and authored a document SAP Financials How To explaining how to reconcile monthly operations plans and general ledger reports with SAP for a staff of 35 in three departments. Streamlined operations and reduced the number of outstanding issues by 10 over a six month period.
• Created and executed project detailed work plans for projects of up to 500,000 and 20 resources, ensuring immediate flexibility and revisions to meet changing business needs while maintaining budget allocations and mitigating project risk.

Confidential

• Assistant Technical Lead on project to implement SAP eRecruiting module.
• Developed and configured SAP eRecruiting module in 12 months for over 5,000 internal users and thousands of potential external candidates increased the efficiency by 25 .
• Effectively consulted with HR and technical business areas to assess individual requirements and developed methodologies to seamlessly adapt to competing priorities.
• Provided production support as required to include upgrades, fixes and enhancements.
• Served as Technical Lead for the implementation of two critical system components Resume Mirror and Virus Scan , liaisoning with over 10 business partners, 3rd party vendors and associates to ensure a successful implementation.
• Conducted risk mitigation assessments and worked closely with compliance and legal to obtain project sign off.
• Worked with Portal team to design the layout of the Manager and Employee Self Service portal, enhancing the communications and usability for over 5,000 employees.
• Engaged in full life cycle experience, including customer reviews/meetings, requirements gathering, architectural review, high- and low-level design, usability testing, functional testing, acceptance, delivery/installation, and technical support and maintenance tasks.
• Information Security Specialist
• Selected to create, develop and implement the first corporate security awareness program, reporting directly to CISO. Participated in leading edge forensic investigations.
• Participated in Forensic Investigations as needed. Worked in conjunction with Senior team members to perform forensic investigations on digital media.
• Utilized proprietary forensic tools to conduct investigations exposure to enCase under the guidance of senior forensic team members.
• Enhanced awareness and decreased corporate risk exposure through a broad array of educational sessions for over 5,000 employees that included Identity Theft, Phishing, Internet Safety, Laptop Security, Password Security, Shoulder Surfing, Dumpster Diving, Worms, Viruses Botnets, Denial of Service attacks, Spyware, Travel Laptop Security, Visitor Control and Physical Security, Individual Accountability, Desktop Security, and Tips Best Practices.
• Incorporated company's Information Security policies and procedures into concise, clear communications materials that increased awareness and decreased fraudulent activities.
• Organized, designed and developed marketing and advertising materials for employee Awareness booths for three campus locations, driving more than 1,000 attendees.
• Designed, developed, planned and organized the Annual Security Symposium for 75 cabinet members of the CEO. This resulted in an understanding and appreciation of corporate policies and standards for the executive members of the corporation allowed for increased exposure for the Information Security Department.
• Presented Information Security Who's your friend on the Internet session for over 120 parents and kids during Bring Your Sons and Daughters to Work Day.
• Provided compliance training to 900 employees during new hire orientation.

SAP Security Administrator

Confidential

• Administered R/3, BI, FI, HR, ESS, MSS systems which included Sandbox, Development, QA, Pre-Production and Production system for each environment.
• Designed, developed, tested, deployed and supported SAP security profiles, roles and authorizations for R/3 and BW as required by the business areas.
• Worked with tech lead on highly visible Sarbanes-Oxley project to address issues that were non-compliant. Developed a methodology and template that was adopted corporate-wide.
• Coordinate efforts for the setup of 165 new users for the Management Controls tool, resolving issues in a timely fashion while providing superior customer service.

Basis Administrator

Confidential

• Stabilized desktop environment for ERP Project including maintaining and planning desktop requirements, deploying PC's, installing software, licensing, troubleshooting, loading SAP applications GUI, ASAP , and applying appropriate patches for 100 users.
• Coordinated Technology Plans by producing a rolling 12 month desktop technology plan, detailing priorities by cost center per quarter.
• Streamlined support pack strategy process by creating the process documentation Applied OSS Notes
• Installed kernel patches/support packs each quarter developed technical procedures for team to follow updated procedures as needed.
• Monitored and maintained several SAP systems for optimum performance by proactively identifying potential problems provided technical day-to-day support and troubleshooting
• Authored Basis Newsletter which was distributed to the department monthly, allowing for enhanced collaboration between technical and non-technical teams.