SELECT PROJECTS

◾ Conducted a Risk Assessment: Cybersecurity, Threat Landscape & Controls Analysis, Risk Register Process, Insider Threat and Fraud Prevention (500+ Controls).

◾ Conducted a Security Operations Center (SOC) assessment of a Managed Security Service Provider (MSSP).

◾ Established an Internal Control Framework and Cybersecurity Metrics, KPIs & KRIs.

◾ Established a Third Party Risk Management program, including process, procedures and GRC system of record business requirements.

◾ Established a Cloud Security Strategy, complete with action items and a multi-generational plan.

◾ Established Strategic Plans for two CISOs. Provided program development services.

◾ Established a Risk Management process, inclusive of Policy, Risk Register Form, Log, Tollgates and an Executive Forum.

◾ Established an Adaptive Cybersecurity Assessment Methodology with a focus on the NIST Cybersecurity Framework, insider threat, privacy, fraud prevention, process design, application governance and data management.

◾ Established a NIST 800-53 Information Security Program. Leveraged 10 projects to implement supporting processes and technology.

◾ Designed and implemented an Information Risk Management Program within Consumer Data and Analytics. Risk Hunting activities included risk scenario development, related assessment activity and identification of preventive controls.

◾ Led an Application Security Program. Established ethical hacking and dynamic application scanning functions.

◾ Established the Program Architecture and Initiations Team within Supplier Resiliency. Established process design function and standards. Led a project to consolidate data from teams throughout the company, providing one view of assessment findings and scheduling.

◾ Established two payment card security programs within a large financial institution. The Merchant PCI program evaluates merchant customers' adherence to PCI standards. The Enterprise PCI program evaluates internal compliance with PCI standards.