Experience

Legends

• United States
• Retail Apparel and Fashion
• 1 - 100 Employee

• Director of IT GRC, IAM, Help Desk, IT OPS

  • Apr 2023 - Present

  Frisco, Texas, United States

• Director of IT Governance, Risk Management & Compliance

  • Nov 2021 - Present

  Frisco, Texas, United States • Establish vision, strategy, and tactical initiatives to ensure that Legends protects their information and organizations overall governance, enterprise risk management and compliance with regulations. • Working with IT leadership/CIO to develop and implement strategies for governance and compliance related to corporate-wide security initiatives • Advises and make recommendations to executive leadership about regulatory compliance issues on a regular basis as required • Manages… Show more • Establish vision, strategy, and tactical initiatives to ensure that Legends protects their information and organizations overall governance, enterprise risk management and compliance with regulations. • Working with IT leadership/CIO to develop and implement strategies for governance and compliance related to corporate-wide security initiatives • Advises and make recommendations to executive leadership about regulatory compliance issues on a regular basis as required • Manages company compliance with industry standards like PCI, SOX and expand their coverage to additional functions as required to support the business strategy • Partners with the IT security team to implement and maintain an information security risk management process that provides visibility and accountability on the part of the business for managing risk • Provides oversight and guidance for periodic security assessments to ensure compliance with information security policies and established security controls • Develops metrics and compliance dashboards to monitor progress for security initiatives, measure effectiveness of security controls, and communicate progress in reducing risk • Directs the company security awareness program, using metrics to drive effectiveness of the program in changing behavior • Operationalizes various information security governance functions, such as enterprise security risk management, compliance management, policy management, third party risk management, software security, and metrics and reporting • Develops a compliance aware culture ensuring stakeholders are informed of changes to the regulatory and compliance landscape, the impact of these changes, and stakeholder obligations under these changes • Conducts and oversees vendor and third-party service provider due-diligence and assessments and help lead overall third-party risk management efforts • Matures the Risk Register, Policy Exception Tracking, and Security Dashboard processes, standards, and components



At Home Group Inc.

• United States
• Retail
• 700 & Above Employee

• Information Security Manager, GRC

  • Jul 2021 - Nov 2021

  Plano, Texas, United States Information Security Manager, GRC will be responsible for building and enhancing Information Security’s efforts to raise the overall security and compliance posture and reduce risk levels for a customer. Directly responsible for implementing, maintaining, and improving policies, procedures, and internal controls to assure compliance with applicable regulatory and legal requirements, as well as best practices. The Manager will partner with business units and stakeholders to drive risk analysis,… Show more Information Security Manager, GRC will be responsible for building and enhancing Information Security’s efforts to raise the overall security and compliance posture and reduce risk levels for a customer. Directly responsible for implementing, maintaining, and improving policies, procedures, and internal controls to assure compliance with applicable regulatory and legal requirements, as well as best practices. The Manager will partner with business units and stakeholders to drive risk analysis, design controls, and implement industry best practice processes for teams and technologies across the organization. In addition, lead efforts in the areas of information security policy, technology risk management, data protection, software security, and compliance with standards, frameworks and regulations such as ISO, NIST, CCPA, SOX, and PCI. • Responsible for implementing and maintaining procedures and controls to assure compliance with applicable regulatory, contractual, and legal requirements as well as good business practices • Bridge gaps between IT controls and business controls • Operationalize various Information Security governance functions, such as enterprise security risk management, compliance management, policy management, third party risk management, software security, and metrics and reporting • Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments and other requests from the business • Training & awareness, manage and grow the annual training/awareness program • Work closely with business, technology, and compliance counterparts to understand business objectives, initiatives, and ensure alignment with Information Security policies and best practices • Operationalization of a metrics and reporting function to continually report on meaningful Information Security risk and compliance metrics for leadership/executives. Show less



ClubCorp

• United States
• Hospitality
• 100 - 200 Employee

• Information Technology Compliance Manager

  • Jun 2019 - Jun 2021

  • Responsible for understanding PCI data security compliance with the Payment Card Industry Data Security Standard, asses existing controls to determine level of compliance to inclusive of their maturity, state of compliance. • Implement enterprise policies/procedures and supporting security standards to ensure compliance with corporate policies, and relevant legislative and regulatory requirements. • Prepare reports for Senior Management (Leadership) and external regulatory bodies as… Show more • Responsible for understanding PCI data security compliance with the Payment Card Industry Data Security Standard, asses existing controls to determine level of compliance to inclusive of their maturity, state of compliance. • Implement enterprise policies/procedures and supporting security standards to ensure compliance with corporate policies, and relevant legislative and regulatory requirements. • Prepare reports for Senior Management (Leadership) and external regulatory bodies as appropriate, monthly-Quarterly. • Manage and Monitor the Incident and Change Management processes. • The ability to maintain a Security Continuous Monitoring Program in support of PCI DSS compliance (e.g. vulnerability management, patching, SIEM, FIM, Anti-Virus) • Knowledge of vendor/supplier contracts reviews, Security Governance, Risk Management and Compliance initiatives • Participate and provide input to IT SOX testing, including risk assessments, in-scope systems analysis, and coordination of the testing approach. (Includes walkthroughs), analyzing operating effectiveness. • Provide input to periodic progress reporting including status of overall testing progress, open control deficiencies, and assist with escalation when deficiencies are not re-mediated timely. • Identify risk and control gaps and partner with the IT department to ensure internal control guidelines exist in ClubCorp systems and applications. • Manage Privacy data initiatives (GDPR, CCPA, NY23, PII), Responsibility for oversight of data or computing systems with access to protected data and with primary responsibility for determining the purpose and function of any data resource • Manage detailed risk assessments by analyzing processes, existing controls, reports and data exchange, evaluating, and monitoring the company’s risk • Manage Vulnerability assessments (Internal, ASV external) to identify, analyze, and report vulnerabilities and findings from internal/external scans. (Alert Logic) Show less



PFSweb

• IT Compliance Manager

  • Apr 2015 - May 2019

  Allen, Texas • -Develop and oversee control systems to prevent or deal with violations of legal guidelines and internal policies • -Serve as a Primary IT Compliance Manager with external audit Team to deliver timely responses and data collection requests for vulnerability/risk assessments. (Sarbanes Oxley, PCI, SSAE 18, FedRAMP, US MINT). • -Manage Incident Response Management- Report, document security incidents • -Manage access reviews of production access, security, operations as required… Show more • -Develop and oversee control systems to prevent or deal with violations of legal guidelines and internal policies • -Serve as a Primary IT Compliance Manager with external audit Team to deliver timely responses and data collection requests for vulnerability/risk assessments. (Sarbanes Oxley, PCI, SSAE 18, FedRAMP, US MINT). • -Manage Incident Response Management- Report, document security incidents • -Manage access reviews of production access, security, operations as required SOX/PCI standard and other regulatory/industry requirements. • -Revise policies &procedures, reports etc. periodically to identify hidden risks or non-conformity issues • -Assess the business’s future ventures to identify possible compliance risks • -Manage Privacy data initiatives (GDPR, PII and EU Privacy Shield) • -Review the work of colleagues when necessary to identify compliance issues and provide advice or training • -Keep abreast of regulatory developments within or outside of the company as well as evolving best practices in compliance control • -Prepare reports for senior management and external regulatory bodies as appropriate, monthly-Quarterly (Board Meetings, Monthly CIO Meetings) • -Manage changes to the compliance requirements and in-scope systems on an on-going basis, ensuring that new requirements are translated into new operating procedures. • -Lead/Manage detailed risk assessments by analyzing processes, existing controls, reports and data exchange, classifying, evaluating, and monitoring the company’s risk. • -Manage and perform security vulnerability assessments to identify, analyze, and report vulnerabilities and findings from internal/external scans. (Qualys, NESSUS, and BURP Suite). • -Design and populate policy libraries with regulatory authority from diverse industry oversight groups such as PCI Data Security Standards, ISO 27001 and 27002, HIPAA, GLBA, NIST 800-53, Cloud Security Alliance, FISMA, PIPEDA, EU Data Privacy, and state data breach law

• Senior IT Compliance Analyst- Internal Auditor

  • Sep 2015 - Apr 2016

  Allen, Texas • Responsible for monitoring with defined internal control policies and procedures in relations to Sarbanes Oxley, PCI, SSAE 16, and other regulatory and industry requirements to which the business must conform. • Responsible for client audits, reviews and assessments and for retaining all documentation around policies, procedures, audits and assessments. • Serve as a Primary IT representative with external audit Team to deliver timely responses and data collection requests for… Show more • Responsible for monitoring with defined internal control policies and procedures in relations to Sarbanes Oxley, PCI, SSAE 16, and other regulatory and industry requirements to which the business must conform. • Responsible for client audits, reviews and assessments and for retaining all documentation around policies, procedures, audits and assessments. • Serve as a Primary IT representative with external audit Team to deliver timely responses and data collection requests for vulnerability or risk assessments and testing. • Work to promote effective IT management through adherence to global standards and compliance providing greater efficiency and accountability along with reducing risk. • Monitor daily, weekly and monthly audit requirements to ensure effectiveness of controls. • Maintain central repository of documentation and evidence of process outputs related to IT policies and procedures. • Facilitate reviews of production access, security, operations as required PCI standard and other regulatory/industry requirements • Partner with IT operation users to compiles audit requests, including requests regarding windows security, network security and topology and all other logical security for separation of duties and other required controls. • Respond to all internal events in a timely manner and take the necessary actions to maintain compliance with Sarbanes Oxley, PCI, SSAE16, Client requirements and other regulatory requirements. • Proactively conduct research on new laws, regulations and compliance best practices/standards in order to provide guidance to management and staff on regulatory requirements, audit concerns and process improvements.



Bank of America

• United States
• Banking
• 700 & Above Employee

• Officer; Specialist-Info Security Engr| Audit Engagement & Support

  • May 2014 - Sep 2015

  The Colony, TX • Production processing for HL & CIS (Home Loans and Consumer Banking). • Defines, executes and manages Information Technology audits to assist in completion of the annual audit plan (SOX and/or SSEA16). • Assist in the drafting of a risk based internal audit report and work with management in the development of a suitable response. • Continued support for Audit requests providing Control documentation, evidence for reviews and process overviews. • Interact with Auditors (Internal… Show more • Production processing for HL & CIS (Home Loans and Consumer Banking). • Defines, executes and manages Information Technology audits to assist in completion of the annual audit plan (SOX and/or SSEA16). • Assist in the drafting of a risk based internal audit report and work with management in the development of a suitable response. • Continued support for Audit requests providing Control documentation, evidence for reviews and process overviews. • Interact with Auditors (Internal & external) Perform follow up on audit issue results to monitor and assess management’s implementation of recommendations. • Evaluate and provide assurance that risk management, control and systems are functioning in compliance. • Identify Security concerns, escalate and remediate any compliance issues. Report GAPS, Risk Management issues and/ or Controls deficiencies to Management, maintain communication and provide recommendations for improving controls. • Review/Analyze Data within applications for HL and Consumer. • Access Controls Testing (ACT)– Global Information Security-SPEAR-Specialized Engagement Assessment and Remediation system- Obtains, analyzes and appraises internal system controls for adequacy, effectiveness and efficiency, while evaluating the controls compliance with established policies, procedures, regulations and plans. • Simplify and improve the access request management user experience across the bank by consolidating (ARM CAM, ARM HLI & ARM ENT) to a single access management tool (ARM PORTAL). • Consistently communicates, (both verbal and written), any potential audit issues to all levels of the audit area in a timely manner.

• Officer; Team Manager-System & Data Security Access Management

  • Jan 2009 - Apr 2014

  Carrollton, TX • Manage day to day operations of System & Data Security staff (22 Associates). • Responsible for the development and implementation of security standards, procedures and guidelines. • Participate in the establishment of the corporations’ information security policies. • Oversee execution of security controls to mitigate data security risks. • Control access management to internal and vendor applications (Approx: 600 Applications) Web, Lotus notes, Interfaces and AS400. • SME:… Show more • Manage day to day operations of System & Data Security staff (22 Associates). • Responsible for the development and implementation of security standards, procedures and guidelines. • Participate in the establishment of the corporations’ information security policies. • Oversee execution of security controls to mitigate data security risks. • Control access management to internal and vendor applications (Approx: 600 Applications) Web, Lotus notes, Interfaces and AS400. • SME: Subject Matter Expert for (Approx: 150 applications in the BK & Foreclosure Group). • Certified Security Point of Contact (SPOC) through Consumer Information Security and Access Management. • RBAC: Implement Role Base Access centralization

• Officer; Compliance & Audit Specialist

  • Jul 2007 - Dec 2008

  Plano, TX • Oversee/Manage Subordinate Lien/ Real Estate Management Product – Mitigated the potential fiscal. • Tested Quarterly SOX (Sarbanes Oxley), remediated on an annual basis for Sarbanes Oxley. • Held quarterly meetings with 1st VP, VP, and AVP regarding processes. • Updated all annual policies/procedures for Subordinate Lien. • Monitored CORAD (Countrywide Organizational Risk Assessment Database) & Risk Rankings of the Foreclosure, Bankruptcy and REO Department. • Analyzed Coso… Show more • Oversee/Manage Subordinate Lien/ Real Estate Management Product – Mitigated the potential fiscal. • Tested Quarterly SOX (Sarbanes Oxley), remediated on an annual basis for Sarbanes Oxley. • Held quarterly meetings with 1st VP, VP, and AVP regarding processes. • Updated all annual policies/procedures for Subordinate Lien. • Monitored CORAD (Countrywide Organizational Risk Assessment Database) & Risk Rankings of the Foreclosure, Bankruptcy and REO Department. • Analyzed Coso Types, Control Activities, Control Environment, Monitoring/Detective

• Team Manager Control Tower/ Loss Mitigation

  • Nov 2006 - May 2007

  Plano, TX • Managed production of 12 Site Ambassadors Staff: Managed 5 different sites (CA, TX Plano, AZ, TX FW and CA Lancaster) • Centralized Site Ambassador Roles into Control Tower • Maintain discussions with Management Team to ensure production numbers were within SLA • Consistently hired, trained and supervised all personnel within Control Tower • IDP Reporting- Analyzed volumes- Monitored Canvas for call volumes; Maintained & Monitored Compliance issues:… Show more • Managed production of 12 Site Ambassadors Staff: Managed 5 different sites (CA, TX Plano, AZ, TX FW and CA Lancaster) • Centralized Site Ambassador Roles into Control Tower • Maintain discussions with Management Team to ensure production numbers were within SLA • Consistently hired, trained and supervised all personnel within Control Tower • IDP Reporting- Analyzed volumes- Monitored Canvas for call volumes; Maintained & Monitored Compliance issues: Wrap/Idle/Available • Collaborated with management to determine department goals, Develop annual appraisals and create development plans.

• Team Manager / Loss Mitigation Cash Management

  • Oct 1999 - Oct 2006

  Plano, TX • Managed production of 12 Site Ambassadors Staff: Managed 5 different sites (CA, TX Plano, AZ, TX FW and CA Lancaster). • Centralized Site Ambassador Roles into Control Tower. • Maintain discussions with Management Team to ensure production numbers were within SLA. • IDP Reporting- Analyzed volumes- Monitored Canvas for call volumes; Maintained & Monitored Compliance issues: Wrap/Idle/Available.

• Loan Resolution Counselor

  • Oct 2001 - Jan 2003

  Simi Valley • The duties of a Collections Specialist include collection calls and/or correspondence in a fast paced goal oriented collections department. 90+ delinquencies. • Providing customer service regarding collection issues, process customer refunds, process and review account adjustments, resolve client discrepancies and short payments. Responsible for monitoring and maintaining assigned accounts- customer calls, account adjustments, small balance write off, customer reconciliations and… Show more • The duties of a Collections Specialist include collection calls and/or correspondence in a fast paced goal oriented collections department. 90+ delinquencies. • Providing customer service regarding collection issues, process customer refunds, process and review account adjustments, resolve client discrepancies and short payments. Responsible for monitoring and maintaining assigned accounts- customer calls, account adjustments, small balance write off, customer reconciliations and processing credit memos. • Accountable for reducing delinquency for assigned accounts. • Weekly and monthly reporting to direct supervisor. • Monthly Delinquency notices. • Processing monthly credit memos and the appropriate reporting. • Create a reinstatement calculation and provide total amount due within Reinstatement figures. • Offer alternate methods for foreclosure; Deed in Lieu, Short Sales, and Repayment agreements.

• Call Center Collections Representative

  • Oct 1999 - Oct 2001

  Simi valley • The duties of a Collections Specialist include collection calls and/or correspondence in a fast paced goal oriented collections department. 30, 60 + delinquencies. • Providing customer service regarding collection issues, process customer refunds, process and review account adjustments, resolve client discrepancies and short payments. Responsible for monitoring and maintaining assigned accounts- customer calls, account adjustments, small balance write off, customer reconciliations and… Show more • The duties of a Collections Specialist include collection calls and/or correspondence in a fast paced goal oriented collections department. 30, 60 + delinquencies. • Providing customer service regarding collection issues, process customer refunds, process and review account adjustments, resolve client discrepancies and short payments. Responsible for monitoring and maintaining assigned accounts- customer calls, account adjustments, small balance write off, customer reconciliations and processing credit memos. • Accountable for reducing delinquency for assigned accounts. • Weekly and monthly reporting to direct supervisor. • Monthly Delinquency notices. • Processing monthly credit memos and the appropriate reporting. • High volume phone calls to assigned delinquent customers.