◾ Established a Risk Management process, inclusive of Risk Register Form, Log, Tollgates and an Executive Forum.
◾ Established an Adaptive Cybersecurity Assessment Methodology with a focus on the NIST Cybersecurity Framework, insider threat, privacy, fraud prevention, process design, application governance and data management.
◾ Established a NIST 800-53 Information Security Program. Leveraged 8 projects to implement supporting processes and technology.
◾ Designed and implemented an Information Risk Management Program within Consumer Data and Analytics. Risk Hunting activities included risk scenario development, related assessment activity and identification of preventive controls.
◾ Led an Application Security Program. Established ethical hacking and dynamic application scanning functions.
◾ Established the Program Architecture and Initiations Team within Supplier Resiliency. Established process design function and standards. Led a project to consolidate data from teams throughout the company, providing one view of assessment findings and scheduling.
◾ Established two payment card security programs within a large financial institution. The Merchant PCI program evaluates merchant customers' adherence to PCI standards. The Enterprise PCI program evaluates internal compliance with PCI standards.