◾ Conducted a Risk Assessment: Cybersecurity, Threat Landscape & Controls Analysis, Risk Register Process, Insider Threat and Fraud Prevention (500+ Controls).
◾ Conducted a Security Operations Center (SOC) assessment of a Managed Security Service Provider (MSSP).
◾ Established an Internal Control Framework and Cybersecurity Metrics, KPIs & KRIs.
◾ Established a Third Party Risk Management program, including process, procedures and GRC system of record business requirements.
◾ Established a Cloud Security Strategy, complete with action items and a multi-generational plan.
◾ Established Strategic Plans for two CISOs. Provided program development services.
◾ Established a Risk Management process, inclusive of Policy, Risk Register Form, Log, Tollgates and an Executive Forum.
◾ Established an Adaptive Cybersecurity Assessment Methodology with a focus on the NIST Cybersecurity Framework, insider threat, privacy, fraud prevention, process design, application governance and data management.
◾ Established a NIST 800-53 Information Security Program. Leveraged 10 projects to implement supporting processes and technology.
◾ Designed and implemented an Information Risk Management Program within Consumer Data and Analytics. Risk Hunting activities included risk scenario development, related assessment activity and identification of preventive controls.
◾ Led an Application Security Program. Established ethical hacking and dynamic application scanning functions.
◾ Established the Program Architecture and Initiations Team within Supplier Resiliency. Established process design function and standards. Led a project to consolidate data from teams throughout the company, providing one view of assessment findings and scheduling.
◾ Established two payment card security programs within a large financial institution. The Merchant PCI program evaluates merchant customers' adherence to PCI standards. The Enterprise PCI program evaluates internal compliance with PCI standards.