SENIOR INFORMATION TECHNOLOGY LEADER
INFORMATION SECURITY GOVERNANCE RISK COMPLIANCE WEB3 BLOCKCHAIN
Blockchain, A.I., NFTs, Web3, De-Fi
Governance, Risk Management & Compliance (GRC)
Information Security and Privacy
Vendor Management/Contract Negotiation
Risk Assessments / Control Design
Business Continuity Planning / Disaster Recovery
Fortune 500, banking, and startup experience
Program/Project Leadership
Cross-functional Team Development and Leadership
Acquisitions and Divestiture security reviews
Audit Remediation: SOX, HIPAA, HITRUST, PCI, GLBA and Federal Regulations (FISMA, NIST)
ACCOMPLISHMENTS
Created and implemented a Cybersecurity program including Governance, policies, controls, and standards.
Initiated a Risk Management program including identification, prioritization, and mitigation of known risks.
Achieved Compliance with financial and healthcare industry standard frameworks including third parties.
Applied new technologies including Blockchain and A.I. to potential case studies for improved efficiencies.
EXPERIENCE
MTY Group IT GRC Manager Remote, Dec 2021 – Oct 2023
One of the largest restaurant franchisors in North America
Implemented and maintained cybersecurity controls framework mapped to NIST CSF, CIS and PCI DSS.
Created Information Security Policy with supporting standards and processes for company-wide rollout.
Developed Third-Party Risk Management program, including people, process, technology, assessments and maintains a risk register.
USAA Senior Risk Management Analyst Plano, TX, 2019 – 2021
Insurance, Banking and Investments
Performed Second Line of Defense functions by overseeing/monitoring risk management policies and processes.
Provided independent challenge/oversight/review of First Line Defense execution of risk management activities.
Prioritized $1.2 billion modernization program risk management coverage plan implementation roadmap.
7-Eleven Third Party Risk Manager - Consultant Irving, TX, 2019 –2019
World’s first convenience store with over 84,000 stores globally
Implemented assessment process and metrics for identifying and reporting on third parties.
Evaluated security posture of third-party vendors and partners to ensure proper data hygiene.
Reviewed and approved requests from procurement to initiate new vendor relationships based on data security.
Brinks Information Security Risk Manager – Consultant Coppell, TX, 2018 – 2018
Leading global provider of cash and valuables management services
Lead policy review, management, and consolidation of internal and third-party partners.
Provided assurance and evidence of security controls during customer audits / assessments.
Reviewed risk management processes and collaboration to ensure exposure is aligned with risk appetite.
Toyota Cybersecurity Leader - Consultant Plano, TX, 2017 – 2018
Motor Vehicle production and sales
Performed risk assessments on Third Parties and ongoing projects, solutions, and implementations.
Examined emerging technologies and scrutinized possible implementation risks and rewards.
Managed policy exceptions and track to ensure remediation.
Bank of America Information Security - Consultant Addison, TX, 2016 – 2017
One of the world's leading financial institutions
Advised business units on Cybersecurity controls using security framework and track remediation.
Reviewed Third-Party vendor security solutions for compliance with Bank policies and guidelines.
Coordinated with vendor managers and assessors on security solution implementation.
State Farm Information Security Risk Analyst Richardson, TX, 2015 – 2016
Auto and Home insurance
Applied industry standard risk management techniques to ongoing projects in application security.
Promoted security engagement through knowledge transfer and awareness.
Delivered risk reducing strategies to project teams via end-to-end security solution design.
HMS (Acquired by Gainwell Technologies) Information Security Analyst Irving, TX, 2013 – 2015
Healthcare digital services
Led HITRUST implementation to ensure protection of electronic Protected Health Information (ePHI).
Conducted Vendor Risk management assessments based on industry standards (HIPAA, HiTech, HITRUST).
Created and presented security awareness road show to promote Information Security knowledge sharing.
PROFESSIONAL RECOGNITION
STATE FARM: On the Spot Award for Information Security area representation at Symposium event
HMS: Awarded outstanding achievement for disaster recovery exercise
EDUCATION CURRENT CERTIFICATIONS
UTD - University of Texas at Dallas CRISC (Certified in Risk and Information Systems Control)
BS, Business Administration CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
UCLA – University of California, Los Angeles CISA (Certified Information Systems Auditor)
Blockchain Technology Management Certificate
BTA Certified Blockchain Business Foundations
Blockchain Training Alliance BTA Certified Blockchain Solution Architect
Enterprise Training BTA Certified Blockchain Security Professional
BTA Certified Blockchain Project Manager
COURSES
Blockchain Solutions, Governance and Collaboration
Digital Transformation: Blockchain, IoT, AI, and Trusted Data
Fundamentals of Blockchain Technology
Blockchain Cryptocurrency Applications in Business and Finance
NFT Foundations (Non-Fungible Token training)
DAO Fundamentals (Decentralized Autonomous Organization training)
HITRUST CCSFP Certified Common Security Framework Practitioner
National Institute of Standards and Technology (NIST), Dept. of the Treasury Financial Management Service
Advanced IT Auditing Training; Auditing Practices Training, Information Systems Audit and Control Assoc. (ISACA)
Privacy and Information Security Training, International Association of Privacy Professionals (IAPP)