Profile

• Accomplished IT Security, Governance Risk Compliance Transformation Expert with experience in the roles of Principal Advisor, Program Manager, Product Manager, Project Manager, and Systems Configuration Advisor with an exceptional leadership background developing and implementing world - class infrastructure and enterprise-wide security solutions with an emphasis on risk mitigation tracking systems, implementation of IT security policies, internal controls, DR/BCP preparation, and verification processes for the financial, energy, and healthcare sectors.
• Superior communication skills are proven, in developing high-performance domestic and international teams in building sustainable applications, driving effective security based methodologies, maintaining integrity of the systems and data for Fortune 500 companies, including Visa, Chevron, Pacific Gas Electric Company, Kaiser Permanente, First Republic Bank, Bank of America, Citibank, JP Morgan Chase, and several others.

Key Leadership Strengths

• Executive Planning, Strategic Deployment
• High-Performance Team Development
• Program Management, Project Management
• PCI-DSS, SOX, PCAOB, HIPAA, NIST, UCF, COSO, COBIT ISO 27001, 27002, FedRamp, GLBA, AML, FINRA, GAPP
• Regulatory, Compliance and Privacy Law
• IT Security / Risk Assessment Mgmt.
• GRC System Design, Deployment Mgmt.
• External Vendor hosted SAAS environment
• IT Service Management
• Principal Advisor, Program Manager, Project Manager and Product Manager in leading an International Information Risk Management Transformation Program for twelve satellite locations around the world. Designed, developed and deployed the GRC risk tracking tool, coordinated business and IT process re-engineering and developed training for all deployment locations. All activities were to ensure each location complied with corporate policies, US and International Laws including SOX, HIPAA, EU Data Privacy, PCI-DSS, utilizing the following frameworks: COBIT, COSO, ISO 27000 Series, UCF, NIST, and CSA.

Selected Achievements:

• Manage and perform IT security technical assessments of all vendors applications and supporting systems and infrastructure supporting IT processes throughout Kaiser Permanente, resulting in the development of a vendor risk profiling system to better manage and track all vendor risk, in support of HIPAA, SOX, and US National Critical Infrastructure Regulations.
• Led and conducted comprehensive security/risk assessments of system dev., test and production, environments including security configs. and data handling of applications, databases, servers and network infrastructure, on a wide range of Visa projects including the online mobile wallet product, mobile payment system infrastructure, including system implementations supporting Legal, Marketing, Disaster Recovery/Business Continuity, Anti-Bribery, AML, Vendor Management, FCPA, RSA Archer eGRC, VMs, SAAS implementations, DLP, and numerous others. Advised Project Executives on risk mitigation.
• Consulted Kaiser Permanente Management on the implementation of the RSA Archer eGRC System to track applications, servers, databases, network appliances and personnel, to ensure proper handling of HIPAA compliance assessments, Meaningful Use and related risk management processes, findings remediation and automation of workflow processes to capture efficiencies and hardening of the system.
• Directed the Oronite Global Risk Management Transformation Project, which was recognized by Chevron for saving over 3.5 million per year, enabling Chevron Management to track the risk management work of more than 35,000 employees and contractors, in real-time, assisting in managing Chevron's risk portfolio for applications, databases, servers, infrastructure and SCADA systems.
• Created standards and processes to monitor critical data related to decommissioned systems and assets, for more than 200 IT applications, databases and server systems around the world, resulting in the savings of over 50 million in licensing fees and support expenses, and mitigation of risk due to outdated systems sitting in the production network.
• Managed the partnership between Chevron and Citibank's Commercial Banking Application IT Group creating Citibank's flagship enterprise online banking system, CitiDirect, which enabled Chevron to begin centralized management of all global cash movements throughout Chevron Corporation, and resulted in the decommissioning of more than 100 inefficient and outdated banking systems, around the world. Additionally, I was equally involved in the business and technical integration of global banking systems for JP Morgan Chase, Wells Fargo, Bank of America, CIBC, Royal Bank of Canada, Bank of China and several others, including the creation of internal controls and DR Plans to support each system.

Professional Experience

Confidential

IT Security, Data Privacy and Risk Consultant TRO Vendor Risk Management

• Work with all business and IT groups throughout Kaiser to ensure risk to the organization is mitigated when utilizing third party vendors.
• Developed a third-party vendor management system that reports real-time risk metrics enabling the business management to better understand and manage risks resulting from external vendors.
• Streamlined IT risk management processes enabling the Enterprise IT risk Organization to focus on risks that could have real impact.

Confidential

• Manager Information Security, Data Privacy Risk
• Work with clients of all sizes and verticals to lead efforts to improve risk stature related to PII, PCI, or HIPAA related data
• Supported Senior Management on the development of strategic communication materials for various potential clients who were seeking strategic and operational guidance with implementation of systems, processes and assessment of current data protection programs.
• DIRECTV El Segundo, CA Assessed the overall IT DirecTV Security program, utilizing industry and organization benchmarking, to deploy next generation data protection, enabling better synchronization between the business and IT organizations. Evaluation included assessing their entire IT Security organization from both governance process and tactical processes which included Infrastructure Security Architecture, Security Innovation, External Vendor Management Security, BI Business Intelligence, Big Data Security, Threat Analytics, Risk Analytics, Mobile Device Management, Patch and Configuration, Asset Management, DR/BCP processes, and DIRECTV's process to evaluate takeover targets for IT Security processes before concluding the M A process.
• Independent IT Security Consultant
• Chief Security, Governance Risk and Compliance Consultant to San Francisco Bay Area / Silicon Valley based B2B financial startups based on the use of SAAS based cloud solutions.
• Assess security configurations related to SAAS applications, servers, databases and internal control logging including monitoring related to DLP, firewalls, SIEM Management systems, and Privileged Access Management.
• Create comprehensive GRC and SIEM Management programs, aligning with ISO, FFIEC, GLBA, NIST, SOX and SSAE16 SOC 1 2 requirements, including creating corporate policies, corporate standards and documenting internal controls and the creation of the Business Continuity / Disaster Recovery Programs. Assessed data security by reviewing app, Db, server and infrastructure security configurations.
• Executive Management Consultant on IT Security, Governance, and Risk Management practices and capabilities, allowing my clients to dramatically expand their business opportunities, including partnering with the largest banks in the world.
• Project Manager responsible for overall direction of the creation and streamlining of existing processes enabling clients to expand their clientele and gather traction as financial startups while ensuring compliance with financial regulations. Over the past two months, one client has added more than five thousand paying customers.
• Managing the day to day business process requirements to conduct business as a small business in the State of California as Product Manager, Client Acquisitions and backend office management.

Confidential

Sr. IT Security and Risk Management Project Manager Consultant Global Information Security

• Project Manager for security and risk assessments, risk advisory services, and oversight to Visa project teams on a wide range of flagship projects including the online mobile wallet service, including project and system implementations supporting Legal, Marketing, Disaster Recovery/Business Continuity, Anti-Bribery, Vendor Management, Data Loss Prevention DLP, centralized Privileged Access Management TPAM Tracking systems, Single Sign On SSO, Federation, RSA Archer eGRC platform upgrade project, and numerous others.
• Managed and performed risk assessments of internal and external vendor system implementations, including vulnerability testing reviews, threat and impact assessments, and security architecture reviews, SSAE-16 reviews, ensuring alignment with PCI-DSS, FFIEC, SOX, ISO 27001 ISO 27002, as well as Visa's corporate policies, and Visa's technical security requirements.
• Advisor to the Risk Management Process Team for streamlining risk management processes to ensure that compliance and risk management processes project go live dates were met, and that operational and technology risk was identified, graded, remediated or accepted, using the RSA Archer eGRC tool and MS SharePoint collaboration.
• Partnered and championed opportunities with the Visa Legal, IT Security, Vendor Management, and Vendor Risk Groups to develop governance processes and new contracts for onboarding new external vendors, ensuring compliance with Visa's corporate policies and ensuring risk is mitigated to credit card holders. .

Confidential

Lead Business Consultant IT Compliance Project Manager

• Consulted Management to ensure Kaiser's 2,000 IT Infrastructure systems continued to comply with HIPAA, Meaningful Use, ePHI, and other governmental mandates, as required by Health and Human Services, and in alignment with NIST framework for the HIPAA Mandate
• Project Manager for multiple enterprise regulatory assessments of IT infrastructure, network and application systems.
• Senior Advisor to KP Leadership on the implementation of the RSA Archer eGRC tool to ensure proper handling of HIPAA assessments, resulting in what is to be one of the world's largest RSA Archer implementations. Designed and configured Archer GRC, including apps, iViews and system integration.
• Performed risk assessments of IT Infrastructure systems, including applications, servers, databases, network devices, and their related configuration settings, supporting all areas of Kaiser Permanente.

Confidential

Principal-Global Information Risk Management and SOX Compliance Consultant Program Manager

• Principal Project Manager, Program Manager and Product Manager responsible for ensuring that multiple compliance projects spanning worldwide operations were completed on time and under budget.
• Performed IT security reviews, risk assessments, business impact assessments, BCP/DR plan creation and testing, IT General Control reviews of applications, servers, databases, network devices, and SCADA systems to ensure compliance with Chevron IT Security Policy, and alignment with applicable security frameworks for each of twelve international locations.
• Directed and managed all aspects of the Information Risk Management Program Transformation Project for all of Chevron Oronite, which included twelve international operating units, impacting more than 1,000 employees and contractors, and more than 4,000 systems.
• Guided Executive Management in centralizing the support services and the standardization of risk management practices of more 2,000 additional applications, servers, and databases located around the world. Provided Risk Advisements on the buildup of the Gonfreville, France Oronite Data Center.
• Project Manager and Risk Management SME for Oronite France's IT Risk Transformation Project. This project resulted in a massive transformation of risk management practices for applications, servers and databases.
• Communicated with all ranks of personnel, educating business and IT personnel on risk fundamentals, ensuring the workforce had a baseline understanding of risk and information security.
• Created the vision, strategy and managed all facets of the global implementation of Oronite's Global Information Risk Management GRC system, including staff selection and development, further automating internal control processes saving the company more than 40 million, and establishing this system as a corporate standard.
• Awarded for creating the Oronite GRC system, that was built using the agile methodology, and in alignment with SOX, COBIT, COSO, ISO 27001 and 27002 Standards, HITECH, HIPAA, EU Data Privacy Regulations, and others. The entire global implementation cost less than 1,000,000.
• Created the Management Metrics Program, including automating reporting workflows, enabling the Management Teams at the global and field location levels to see real-time risk health indicators and status updates.
• Hired, directed and mentored the Global Solutions Group Information Risk Management Team consisting of 5 direct reports, including providing guidance to an additional 24 contractor resources, based in Europe, Asia, The Americas, and India.
• Maintained all internal and external Compliance Requirements for more than 2,000 IT Systems ensuring compliance with SOX, HIPAA, HITECH, EU Data Privacy Act, and Chevron Corporate Policy.

Confidential

Sr. Compliance Analyst Supply Chain Operational and SOX Compliance

• Oversaw the review of all SOX controls within the Supply Chain organization, reducing the number of tested controls by 95 and an annualized savings of more than 750,000.
• Directed the SC Audit Team in performing User Acceptance Testing driving the transformation of how new IT systems were on-boarded, resulting in faster implementations with higher quality results.
• Performed SAP Compliance Reviews, including SAP Security, SCM, BW, and GRC .

IT Auditor

• Conducted risk assessments, gap analysis, business and IT process documentation, and the creation of risk mitigating internal controls, in alignment with corporate standards, policies, NERC and NIST.
• Compliance Advisor for a major SAP ERP implementation supporting Supply Chain and Business Warehousing, ensuring compliance with Federal and State laws pertaining to a regulated utility.
• Consulted on the implementation of IBM's Openpages for GRC tracking related to SOX testing.
• Consulted PG E Management on IT Disaster Recovery and IT Business Continuity Processes with the implementation of the SunGard/Strohl LDRPS online Disaster Recovery/Business Continuity Tool.
• Created BCP/DR Plans for utility headquarters and groups supporting critical infrastructure.
• Received certification in 1st Responder training for high rise buildings, covering fires, medical incidents and earthquake response management.

Confidential

Treasury Security Analyst Banking Systems Security

• Chief advisor to the VP-Corporate Treasurer for Information Protection requirements for all banking and user system implementations responsible for educating the Management on data and IT system security.
• Managed over 1000 financial audits, and rectified over 1MM in payment errors.
• Implemented mandatory SOX control enhancements in 2002 for all Treasury and financial systems.
• Consulted on the implementation of more than ten major banking systems, representing the largest banks in the world, allowing Chevron to better manage cash positions and investment movements.
• Consulted Management on the implementation of Disaster Recovery and Business Continuity Planning, including the implementation of satellite phone systems and hot sites and testing of DR/BCP plans for regional and global banking operations.
• Treasury BCP/DR response team member.
• Project Manager to develop technical documentation for the Disaster Recovery response for all IT systems including banking systems involving response with banks, primarily in New York and London.

Confidential

New Business Acquisitions Assistant Contractor

• Collaborated daily with clients, investors, domestic marketing operations, corporate legal team members and project managers throughout the enterprise.
• Oversaw regulatory documentation and requirements including permits, licenses and corporate approvals, ensuring accuracy.
• Performed contract reviews with Corporate Investors.

Confidential

General Accountant Contractor

• Managed the General Accounting Desk for review of all accounting transactions related to Chevron operations throughout Japan, Singapore, Thailand, and Australia.
• Managed Australia LNG billing to power utilities customers throughout the Pacific Rim.
• Oversaw payroll and billing of resources to the various Joint Ventures throughout Chevron Corporation.

Confidential

Aviation Maintenance Support Supervisor Secret Clearance

• Desert Storm/Gulf War Veteran, supervising a team of 20 as directed by the Commander in Chief.
• Ensured that the squadron's fleet of aircraft was ready for service 24x7x365.
• Attached to Carrier Air Wing Seven aboard the USS Dwight D. Eisenhower CVN-69 and USS George Washington CVN-73 .