◾ Established a Risk Management process, inclusive of Risk Register Form, Log, Tollgates and an Executive Forum.

◾ Established an Adaptive Cybersecurity Assessment Methodology with a focus on the NIST Cybersecurity Framework, insider threat, privacy, fraud prevention, process design, application governance and data management.

◾ Established a NIST 800-53 Information Security Program. Leveraged 8 projects to implement supporting processes and technology.

◾ Designed and implemented an Information Risk Management Program within Consumer Data and Analytics. Risk Hunting activities included risk scenario development, related assessment activity and identification of preventive controls.

◾ Led an Application Security Program. Established ethical hacking and dynamic application scanning functions.

◾ Established the Program Architecture and Initiations Team within Supplier Resiliency. Established process design function and standards. Led a project to consolidate data from teams throughout the company, providing one view of assessment findings and scheduling.

◾ Established two payment card security programs within a large financial institution. The Merchant PCI program evaluates merchant customers' adherence to PCI standards. The Enterprise PCI program evaluates internal compliance with PCI standards.