Experience

Reveal Risk

• United States
• Business Consulting and Services
• 1 - 100 Employee

• Senior Consultant

  • Aug 2022 - Present

  Reveal Risk (RR) is a boutique cyber security, privacy and risk management firm that employs experienced leaders and practitioners of corporate and military experience in delivery and operations experience in the field. Reveal Risk (RR) is a boutique cyber security, privacy and risk management firm that employs experienced leaders and practitioners of corporate and military experience in delivery and operations experience in the field.



Zipari

• United States
• Software Development
• 100 - 200 Employee

• Security Operations Manager

  • May 2021 - Aug 2022

  Managing the Cyber Operations team as part of the Zipari Information Protection team to continuously assess and improve risk posture across the organization and technical environment. Responsiblefor vulnerability management, patch management, risk management, data protection, incident management, and identity and access management.Developed vulnerability management program to assess and address security weaknesses and gaps in controls across the organization's technical landscape, including coordination of remediation of issues of over 2000 servers, 500 endpoints, and 100+ third-party technologies. Completed HITRUST validated assessments in 2020 and 2021, resulting in successful HITRUST certification for the organization. Implemented new security solutions including application security scanners, SIEM/XDR, EDR, antivirus, encrypted email, asset management tools, and more. Developed corresponding policy and process for the use and management of these solutions, as well as educated and trained team members on these processes.Assisted in review and revision of policies and processes across the organization.Coordinated access reviews across the technical landscape.

• Manager, IT Support & Compliance

  • Aug 2020 - May 2021

  Manager for IT Security, Compliance, and IT Support within the IT Operations group, administering the security program as well as overseeing the IT Support team. Completed Healthx's HITRUST certification for 2020 by leading the assessment engagement from planning through submission review with HITRUST.Assisted with the successful shift from a fully-staffed office to a fully-remote organization during the COVID-19 pandemic, increasing security controls for remote access and remote endpoints and improving monitoring capabilities for infrastructure.Worked within a budget, identifying cost-saving opportunities and improvements for financial planning/ approval process.Managed the service desk team to consistently meet established SLAs for incident resolution for the duration of tenure at the position.

• Security Analyst

  • Feb 2019 - Aug 2020

  Served as the primary privacy and information protection subject matter expert.Represented the voice of the data protection/privacy stakeholders, managing stakeholder needs.and requests.Maintained multiple security operational policies and plans, and tested these policies and processes regularly.Worked closely with management on development and implementation of policies to address security issues.Expanded upon current knowledge of applicable data protection laws and regulations, and monitored advancements in best practices for implementation into the organization.Managed the SIEM and analyzed activity and alerts across the organization's technology environment. Assisted with the development/implementation of corrective action plans for mitigation of privacy and data protection risk, and provided general guidance on how to mitigate such risk to staff, executive leadership, and clients.Reviewed daily and periodic data to identify, report, and remedy vulnerabilities.Managed the process to determine root cause of incidents.Provided forensics expertise for security incidents and investigations.Maintained, updated and implemented annual employee security training.Created new policies and training options as needed and requested.Completed security questionnaires and audits from clients.Managed large and complex projects; example: improving secure software development lifecycle, incident response and management process, implementation of new issue tracking software. Influenced key stakeholders across the organization to prioritize and drive project completion and raise awareness for security concerns/improvements.



EY

• United Kingdom
• IT Services and IT Consulting
• 700 & Above Employee

• Technology Risk Senior Consultant

  • May 2018 - Feb 2019

  Business and IT risk management consultingSarbanes-Oxley compliance supportPerformed IT system evaluations and business risk mitigation and remediation procedures Created and reviewed ITGC walkthroughs for mainframe, open systems and in-house developed applicationsCreated and reviewed IT Infrastructure control evaluations for TSS, LDAP, AD, AIX, UNIX, SQL, DB2 and various Windows server distrosManaged engagement economics and engagement budgetingCreated and reviewed business control walkthroughs for various core business processesSOC I and SOC II reporting experience

• FSO Risk Advisory Associate

  • Jun 2016 - Feb 2019

  IT Risk Advisory Associate in the Financial Services Office Risk Advisory Program



Fifth Third Bank

• United States
• Financial Services
• 700 & Above Employee

• Information Technology Leadership Program Intern

  • May 2015 - Jul 2015

  Worked in the Information Security division, managing employee access and increasing security and risk awareness across the bank. Worked in the Information Security division, managing employee access and increasing security and risk awareness across the bank.