Chief Information Security Officer
- Information security and technology risk management leader with 20+ years designing and leading $MM in security programs and operations.
- • Defines enterprise security strategy, delivers information integrity and confidentiality, ensures legal and regulatory compliance.
- • Advises the board and executive team on threat environment, risk trends, and alignment of security strategy and business objectives.
- • Provides risk analysis, enterprise security governance, risk mitigation, IS policy, IT audit/compliance, and incident response in banking, securities, electronic payments, insurance, and resort management sectors.
- • Leads teams in change management processes, comprehensive incident response capabilities, vulnerability management, penetration testing, and business continuity/disaster recovery planning.
- • Built Charles Schwab's first Information Security Department, sold plan to board, and directed implementation.
- • Created First Republic Bank's first formal IS/IT Risk and Compliance program to meet GLBA and SOX standards. Significantly improved the bank's URSIT scores.
- • Obtained MGM Resort's first PCI-compliant ROC resulting in slashing cyber insurance premiums while raising coverage.
- • Integrated GRC processes and reporting for 3 VISA global security departments, streamlining assessments by leveraging compliance with key controls.
- • Developed ICOFR-compliant IT and security control structure for Allianz. Consolidated and addressed all audit issues.
- • At Fireman's Fund's breakup, worked with personal lines buyer Chubb/ACE to ensure security and monitoring during the transition, ensuring all commercial lines' security during integration with Allianz.
- • Financial regulations and standards: SOX, SEC, GLBA, FISMA, FFIC, and PCI.
- • Healthcare regulations: HIPAA, HITECH, HITRUST.
- • Application control structures: Open-SAMM, OWASP.
- • Government frameworks: NIST, FEDRAMP, and industry standards ISO27001/002, CCM, COBIT, COSO, CSF, UCF, COBIT, COSO.