Experience

Velo3D

• United States
• Machinery Manufacturing
• 100 - 200 Employee

• Head of Information Security and GRC

  • Apr 2023 - Present

  Fremon, California, United States



Google

• United States
• Software Development
• 700 & Above Employee

• Lead GRC & Compliance Engineering Programs for Google

  • Mar 2020 - Mar 2023

  Sunnyvale, California, United States 1. Lead RegReady Tooling (enterprise wide critical priority) to enable regulatory compliance readiness for global Google Ops & product areas (PAs): - Lead multiple Programs teams to develop hybrid (first party + 3rd party) tooling solutions for Regs lifecycle management from Decomposition (Legal) to Assurance (Compliance & Audit) to Remediation (all PAs) to compliance business intelligence (Audit Committee & Executive Leadership) - Concurrently manage implementation & status of ~2000… Show more 1. Lead RegReady Tooling (enterprise wide critical priority) to enable regulatory compliance readiness for global Google Ops & product areas (PAs): - Lead multiple Programs teams to develop hybrid (first party + 3rd party) tooling solutions for Regs lifecycle management from Decomposition (Legal) to Assurance (Compliance & Audit) to Remediation (all PAs) to compliance business intelligence (Audit Committee & Executive Leadership) - Concurrently manage implementation & status of ~2000 Projects across all Google PA teams to meet requirements for 66+ global Regulations 2. Managed Compliance Engineering Programs to deliver GRC solutions: Tooling strategy (in-house versus third party), stakeholder management, product management, end-to-end Agile SDLC, roadmaps, & service delivery for: - SOX Tool for end-to-end compliance across Google (Team size 125) - Enterprise Risk Management System (Team size 20+) - gHub tax compliance workflows for Google’s global presence (Team size 25) - Compliance Business Intelligence & Analytics (Team size 10) 3. Spearheaded tooling strategies and adoption for third party tools: - ServiceNow for Audits & Assurance, Regulatory Compliance, Policy Management & Binding Reportable Commitments (Team size 50+) - Logic Gate for Issues Management - IBM Blueworks for end-to-end business process visualization 4. PMO and Project Portfolio Management (PPM) for Compliance Engineering: - Automated Project Intake Process to manage tooling requests pipeline - Led a team of Program Managers to ensure projects remain on-track; mitigate risks, challenges, cross-program and cross-functional dependencies - Automated Compliance BRAID (Blockers, Risks, Actions, Issues & Decisions) - Identified Programs for turn down & reallocate resources to key initiatives - Conducted Quarterly Business Reviews for Compliance Engineering

• Lead IT SOX Compliance for Google

  • Aug 2018 - Feb 2020

  Mountain View, California 1. Spearheaded ITGC-SOX program for ~150 in-scope systems (Team size 40): - Implemented controls standardization to reduce assessments by 37%; operationalized for continued sustainable savings - Managed Testing for internal testers (PwC and Deloitte) and alignment with external auditors (Ernst & Young) to achieve 40% reduction in testing cost - Improved fractious relationship with External Auditors to significantly increase reliance on Management Testing: Achieved staggering 95%… Show more 1. Spearheaded ITGC-SOX program for ~150 in-scope systems (Team size 40): - Implemented controls standardization to reduce assessments by 37%; operationalized for continued sustainable savings - Managed Testing for internal testers (PwC and Deloitte) and alignment with external auditors (Ernst & Young) to achieve 40% reduction in testing cost - Improved fractious relationship with External Auditors to significantly increase reliance on Management Testing: Achieved staggering 95% reduction in testing performed by external auditors 2. Lead E2E Visualization of critical processes to enable Google’s compliance ecosystem to map processes with related regs, certs, risks, controls, assurance results and gaps, with recommendations for process improvements: - A highly visible and complex program, spanning 75+ teams, under direct stewardship of Google’s Chief Compliance Officer 3. Vendor & Budget Management for Compliance Engineering: - Transformed vendor management to save $4 million: Centralized and automated resource allocation to various programs, negotiated for lower rates and implemented processes & oversight to prevent excess billing - Effectively managed around 120+ contract engineers and allocations from 5 vendors (EPAM , HCL, PwC, Deloitte and IBM)



University of San Francisco

• United States
• Higher Education
• 700 & Above Employee

• GDPR & CCPA Compliance Lead

  • Mar 2018 - Jul 2018

  San Francisco Bay Area 1. GDPR & CCPA Compliance: Design and implement the GDPR & CCPA Compliance Programs for USF: * Provide guidance and consulting to various functions within the University for GDPR Compliance * Raise awareness about GDPR compliance and socialize the need to including GDPR / privacy in design * Systems Inventory Mapping, along with information sources and resting points, users, vendors / third-parties to identify systems in-scope for GDPR Compliance * Data Assessment and Analysis to… Show more 1. GDPR & CCPA Compliance: Design and implement the GDPR & CCPA Compliance Programs for USF: * Provide guidance and consulting to various functions within the University for GDPR Compliance * Raise awareness about GDPR compliance and socialize the need to including GDPR / privacy in design * Systems Inventory Mapping, along with information sources and resting points, users, vendors / third-parties to identify systems in-scope for GDPR Compliance * Data Assessment and Analysis to identify essential data / eliminate non-essential data * Mapping Business Process Workflows and identifying GDPR impact points * Work with cross-functional teams and stakeholders across the University to develop and implement the compliance strategy * Develop the Consent Strategy 2. Project Portfolio Management (PPM) for Application Service Projects: • Set up PPM & Program Dashboards on Service Now for high and medium priority projects • Design the Project Intake Process & manage the ITS Projects pipeline through Service Now • Coordinate with IT Project Managers for ongoing projects to ensure projects remain on-track; help resolve any challenges, risks & impediments to projects; regular review & report to C-level Management • Run ITS meetings with key stakeholders & business partners for high priority projects & issues Show less



Federal Reserve Bank of San Francisco

• United States
• Financial Services
• 700 & Above Employee

• Manager IT Audit

  • Jan 2017 - Oct 2017

  San Francisco 1. Manage Audits & Assessment for IT Applications and services based in the Federal Reserve Bank (12th District / San Francisco), including: • ITGC, Process, & Application Controls for SharePoint Application Development, infrastructure and network management, Enterprise Data Management, Information Lifecycle Management, Cyber Security, InfoSec • Manage the Annual Risk Assessments process and develop a risk-based IT Audit Plan, assign staff to audits, ensure timely delivery & quality of… Show more 1. Manage Audits & Assessment for IT Applications and services based in the Federal Reserve Bank (12th District / San Francisco), including: • ITGC, Process, & Application Controls for SharePoint Application Development, infrastructure and network management, Enterprise Data Management, Information Lifecycle Management, Cyber Security, InfoSec • Manage the Annual Risk Assessments process and develop a risk-based IT Audit Plan, assign staff to audits, ensure timely delivery & quality of audits • Collaborate with peer Managers for audit of IT controls in cross-functional business and national audits • Provide regular status reports and findings updates to Executive Management and Audit Committee 2. Liaison with IT Business Partners to understand evolving risks and to provide advisory services • Ensure full understanding of data flow, data integrity and system security and any upcoming key risks 3. Manage six direct reports • Hire, coach, train, motivate and mentor staff; help direct reports develop career goals and growth plans • Conduct performance reviews, approve employee vacation, time sheets, expenses, etc. Show less



Cisco

• United States
• Software Development
• 700 & Above Employee

• Senior Technical Program Manager: IT Governance, ITSM, and Personalization

  • Sep 2008 - Jan 2017

  San Jose, California 1. Personalization of Cisco Digital Interactions for customers and partners – Duration: 1 year • Personalize all digital interactions by tailoring content, mobile apps, search results, recommendations, offers, and capabilities for each individual. Deployed Adobe Target Premium across WEM & Eloqua pages and integrated with Big data segmentation tools like Oracle BlueKai, Profound, and D&B • Scale and operationalize personalization globally across different countries where Cisco operates… Show more 1. Personalization of Cisco Digital Interactions for customers and partners – Duration: 1 year • Personalize all digital interactions by tailoring content, mobile apps, search results, recommendations, offers, and capabilities for each individual. Deployed Adobe Target Premium across WEM & Eloqua pages and integrated with Big data segmentation tools like Oracle BlueKai, Profound, and D&B • Scale and operationalize personalization globally across different countries where Cisco operates 2. Personalized “My View / next-Gen My Cisco” for employees – Duration: 4 years • Develop responsive, re-usable Apps that integrate with various internal Cisco systems (HR systems, Approvals & Notifications, Expense Reports, Sales Systems, etc.) to provide a customized, unified view • Development / life-cycle management of custom applications to integrate multiple several back-end applications with Cisco Collaboration Platform to present a unified interface to all Cisco employees 3. Migration Projects – Duration 4 years • Transition users and active content from different legacy Platforms (Cisco Intranet, Jive Discussion forums, Confluence Wiki, Zed Wiki, Cisco Directory) to the new Cisco platforms • Archival and cleanup of Cisco Intranet, Cisco Wiki, and Jive • Migrate legacy forms & Applications to new Cisco supported framework & environment • EOL / decommission legacy platforms 4. Managed Cisco Intranet Application services & enhancements (globally used by 175000+ Cisco employees) - Duration: 4 years • Cisco Intranet portal (CEC) • Cisco Directory • Cisco Wiki’s: Wiki Central, Zed Wiki, Confluence Wiki, WebEx Social My View Custom Portlets 5. IT Governance, Processes Compliance and operationalization – Duration: 8 years • Operationalize IT Governance through all stages of the SDLC for all CCIT applications • Establish Defects Management Process, Support Processes, Design Review Processes, SDLC processes, Testing Processes, etc. Show less



Vodafone

• United Kingdom
• Telecommunications
• 700 & Above Employee

• Senior Manager IT Audit & Compliance

  • Apr 2005 - Aug 2008

  SOX Compliance implementation for IT and Telecom Network in Vodafone Group companies KRAs / Responsibilities: • Work with the IT, Finance, & Telecom teams to implement SOX Compliance in Vodafone group companies • Support external auditors (PWC, Deloitte), SOX consulting partner (Ernst & Young), & internal Audit teams • Manage transition to SAS70 documentation for IT operations outsourced to IBM to ensure that all controls documented and tested as per Vodafone quality… Show more SOX Compliance implementation for IT and Telecom Network in Vodafone Group companies KRAs / Responsibilities: • Work with the IT, Finance, & Telecom teams to implement SOX Compliance in Vodafone group companies • Support external auditors (PWC, Deloitte), SOX consulting partner (Ernst & Young), & internal Audit teams • Manage transition to SAS70 documentation for IT operations outsourced to IBM to ensure that all controls documented and tested as per Vodafone quality standards • Spearhead General IT Controls (GITC), IT Process Application Transactions (ITPAT), and Entity Level IT SOX and SAS70 documentation for Change Management, Logical Security, Physical Security, Computer Operations, Service Level Management and End User Computing (EUC) • Prepare SOX documentation (control summaries, process flowcharts & risk control matrices) to map processes to the COSO/COBIT control framework to address the What Can Go Wrong (WCGW) scenarios • Monitor/ track progress to ensure GITC SOX and SAS70 compliance • Ensure implementation of standardized GITC SOX compliant policies, processes, and best practices • Conduct / manage periodic walkthroughs, audits and tests to measure compliance of SOX and SAS70 controls and processes across all locations through periodic testing and audits, and reporting to international project management team, on progress updates and key issues • Act as a point of reference and guide for technical queries on various aspects of GITC SOX and SAS70 compliance implementation • Provide C-level updates on SOX compliance status Show less



Hutchison Essar Telecom Ltd

• Accounting
• 1 - 100 Employee

• Manager IT Projects

  • Apr 2001 - Apr 2005

  Managed IT SOX compliance & ITIL implementation for Hutchison Essar; developed & implemented IT Policies and processes, conducted IT Audits, implemented Knowledge Management, managed Intranet, Extranet, & Customer Website. Responsibilities: • Implemented and Managed Process Management Principles ITIL / ITSM Quality Standards • Conducted periodic gap analysis to measure process maturity in the IT Department against ITIL best practices using ITIL self-assessment techniques on Service… Show more Managed IT SOX compliance & ITIL implementation for Hutchison Essar; developed & implemented IT Policies and processes, conducted IT Audits, implemented Knowledge Management, managed Intranet, Extranet, & Customer Website. Responsibilities: • Implemented and Managed Process Management Principles ITIL / ITSM Quality Standards • Conducted periodic gap analysis to measure process maturity in the IT Department against ITIL best practices using ITIL self-assessment techniques on Service Delivery, IT Security, and Support standards • Developed strategies for closing gaps: developing & implementing policies, procedures, forms, workflows, & controls related to Change Management, Problem Management, Incident Management, Service Desk Management, Capacity Management & Release Management • Conducted Internal Audits to check compliance to IT processes and procedures • Conducted ongoing training for IT top and middle management in ITIL concepts • Conducted regular audits & reviews to measure performance against laid down standards and to ensure compliance. Reported non-compliance to the management and monitored remediation measures to prevent recurrences • Developed & implemented IT policies, procedures, and controls related to IT Infrastructure, IT Security, Systems, Applications, and Backup • Developed the IT Information Security Procedures (including Logical Security - Access Control Monitoring, Anti-virus, Remote Access, Password Management, User Management, Internet Access - System Monitoring and Reporting, Physical Security and Environment Security), Firewall SOP, Security Manual for Data Center, Baseline Security Standards, Backup Policies and Procedures, etc. • Implemented personalized Web self-servicing portal for customers for viewing bills, making payments & subscription to services • Established process metrics, performance dashboards, MIS preparation and presentation • Achieved operational efficiency through process enhancements and raise service delivery levels Show less