Security GRC Leader

• Feb 2022 - Present

VP of Security and Privacy Risk, General Counsel

• Aug 2019 - Feb 2022

Built a privacy large and successful consulting practice from the ground up, and expanded technical consulting for IT GRC and security. Leader of multiple security and privacy projects with clients ranging from stat-ups to industry leaders. Manager of SW US region and all staff/budgets. • Developed and deployed innovative strategies and tools serve client needs and meet internal requirements • Initiated, facilitated and led team efforts to gather, analyze and interpret data to formulate conclusions and recommendations for privacy and security projects (many security and privacy frameworks) • Ensured efficient use of resources through project planning and management • Developed solutions for complex client situations to ensure timely realization of goals and objectives • Developed staff performance through mentoring, performance reviews and recruiting • Communicated with all client management levels • Met or exceeded budget and deliverable expectations both internally and with clients • Senior Qualified Security Assessor (PCI) • FTC (Bureau of Consumer Protection) approved independent third party auditor

US Privacy Consulting Practice Lead

• Feb 2018 - Jul 2019

• Leading the US unit of the Cognizant global privacy practice and exceeding business development targets • Working on proposal development and providing presentations and content to drive deals • Creating Statements of Work (SOWs) • Organizing and managing approaches and teams for privacy (including GDPR AND CCPA), security, BCDR and regulatory compliance projects, including: - business and system assessments for privacy and security, data mapping/lakes; - remediation and implementation solutions • Demonstrating credentials in one of the privacy, security and compliance domains while also representing overall Cognizant privacy services capabilities • Training and mentoring team members on GDPR, privacy, compliance and data protection, and establishing capability and skills models for the core privacy domain

Senior Consultant for Privacy and Regulatory Compliance

• Oct 2017 - Feb 2018

Managed GDPR implementation and compliance for all SAP Ariba products and services, including: - Data mapping, data flow diagrams, Data Protection Impact Assessments (DPIA) - Audited existing privacy and security controls and processes, gap assessment, risk assessment - PM remediation, development and implementation of new controls, policies, and processes - Validated and tested controls, processes, and applications to ensure compliance - Documented, organized and maintained the results so compliance can be demonstrated and certified. - Delivered a GDPR maintenance program to ensure continuous compliance

Internal Audit Lead (Infosec and Privacy)

• Jan 2016 - Oct 2017

• Managed IT security audits, auditors and risk assessments primarily for PCI DSS and GDPR. Also supported ISO 27001, SOx, FISMA, FEDRAMP, COSO, COBIT and enterprise risk management efforts • Drafted privacy and security sections of vendor service agreements, negotiated security and privacy clauses with vendors, and conducted vendor risk assessments • Implemented a tokenization program which reduced risk and saved $2.6 million in audit and compliance costs • Tested, analyzed, validated and recorded technical controls including: - Routers and firewalls, IDS / IPS - AV, DLP, DCS, Red Seal, FIM, SIEM - Network security architecture and diagrams, vulnerability scans, penetration tests, security and privacy policies and procedures, access control methods, multi-factor authentication, physical security controls, biometrics, database security, cryptography / encryption - Assessed SaaS / IaaS / cloud, SLA / MSA / SOW for vendors with impact to security or privacy risk • Performed data analytics to identify threats and vulnerabilities. Developed PCI and IT risk programs. • Reported, control effectiveness and risk to senior and executive management, proposed remediation strategies. • Addressed inquires of external auditors, stakeholders, and regulators

Regulatory Compliance Specialist

• 2014 - 2016

• Assessed regulatory compliance posture and advised commercial clients in highly regulated industries • Acted as a primary resource for legal compliance counseling with clients, ensuring compliance with all applicable laws, regulations, policies, and best practices • Identified and assessed compliance risks and opportunities, then worked collaboratively with all stakeholders to develop and implement appropriate mitigation strategies • Drafted and updated legal memos, policies, procedures, and communications with regulators and law enforcement related to client compliance activities • Educated clients and stakeholders on compliance and legal matters, policies and procedures • Established and maintained relationships, credibility and trust with clients, stakeholders, other attorneys, government regulatory officials, law enforcement and law makers • Worked on litigation matters at the trial level and on appeal in state and federal court • Consulted on IT matters

Military Police (Active Duty/Reserves)

• 2002 - 2016

• Worked Joint Missions with the US Secret Service (protective details and investigations) • Subject Matter Expert on information technology and telecommunications • Performed physical security assessments and enforced security policies and procedures • Worked Counter-Terrorism and Protective Services details • Various law enforcement duties, conducted investigations, made arrests and testified in court • Worked with prosecution attorneys to develop evidence and prosecute cases • Worked Joint Missions with the US Secret Service (protective details and investigations) • Subject Matter Expert on information technology and telecommunications • Performed physical security assessments and enforced security policies and procedures • Worked Counter-Terrorism and Protective Services details • Various law enforcement duties, conducted investigations, made arrests and testified in court • Worked with prosecution attorneys to develop evidence and prosecute cases

Senior Compliance Consultant

• 2013 - 2014

• Consulted on IT security and privacy, data centers build-out strategy and architecture, commercial leases, SLAs, M&A, and application development • Worked on federal IP litigation matters • Consulted on IT security and privacy, data centers build-out strategy and architecture, commercial leases, SLAs, M&A, and application development • Worked on federal IP litigation matters

Compliance Officer (and other roles)

• 2007 - 2013

• Oversaw network infrastructure, architecture and security for commercial data center/ISP CLEC startup clients including Fortune 500 firms and government agencies • Initiated and led ERM, PCI DSS, SSAE 16 (SAS-70), HIPPA, HITECH, ISO 27001 / 27002 internal audit, vendor risk management, privacy, compliance and security programs • Hired and supervised privacy and litigation counsel • Drafted and maintained customer MSAs/SLAs, 3rd party agreements/SOWs, and commercial leases. • Led M&A and ultimately facilitated acquisition of the company by a major tech firm

IT Manager

• 2004 - 2007

• Managed information systems and security, deployed web servers and other infrastructure. • Developed applications and products, integrated products and third-party applications with services and products. • Performed security and compliance assessments • Managed information systems and security, deployed web servers and other infrastructure. • Developed applications and products, integrated products and third-party applications with services and products. • Performed security and compliance assessments