Information Security Risk Management

SENIOR IT SECURITY AND GRC LEADER

INFORMATION SECURITY GOVERNANCE RISK COMPLIANCE A.I. BLOCKCHAIN

Strategic and hands-on leader with 15+ years of experience driving cybersecurity programs, GRC frameworks, and risk mitigation initiatives in highly regulated environments (finance, healthcare, tech). Repeatedly trusted to lead third-party risk assessments, implement enterprise controls, and deliver secure digital transformation. Known for rapidly delivering results across diverse industries and technologies, including AI and blockchain.

CORE COMPETENCIES

Information Security Governance (NIST, HITRUST, ISO, PCI)

Third Party Cyber Risk Management (TPCRM)

Vendor Risk Assessments

Business Continuity Planning / Disaster Recovery

Program/Project Leadership

Acquisitions and Divestiture security reviews

AI Use case Design and Risk analysis

SELECTED ACHIEVEMENTS

Created and implemented a Cybersecurity program including Governance, policies, controls, and standards.

Initiated a Risk Management program including identification, prioritization, and mitigation of known risks.

Achieved Compliance with financial and healthcare industry standard frameworks including third parties.

Applied new technologies including Blockchain and A.I. to potential case studies for improved efficiencies.

PROFESSIONAL EXPERIENCE

PNC Bank (via SSi People) - IT Third Party Security Manager Remote, TX 2024 – 2025 (Contract)

Lead Third party Security Assessments and policy development.

Validated technology and security controls are in place and operationally solid.

Independently managed multiple assessments ahead of SLA targets.

Bank of America (via Akkodis) - IT Project Manager GRC Plano, TX 2024 – 2024 (Contract)

Managed audit projects for Bank of America

Executed, reviewed, and analyzed identified control deficiencies to drive remediation and best practices.

Performed Cybersecurity assessments on vendors to ensure minimum security requirements are met.

Coordinated internal audits and technology compliance and operational reviews within Global Technology.

MTY Group - IT GRC Manager / Project Manager Remote, TX 2021 – 2023

Implemented and maintained cybersecurity controls framework mapped to NIST CSF, CIS and PCI DSS.

Created Information Security Policy with supporting standards and processes for company-wide rollout.

Developed Third-Party Risk Management program including people, process, technology, assessments and risk register.

USAA - Senior Risk Management Analyst Plano, TX 2019 – 2021

Performed Second Line of Defense functions by overseeing/monitoring risk management policies and processes.

Provided independent challenge/oversight/review of First Line Defense execution of risk management activities.

Executed $1.2 billion modernization program, risk management coverage plan and implementation roadmap.

PRIOR EXPERIENCE (Condensed)

7-Eleven - Third Party Risk Manager 2019 (Contract)

Brinks - Information Security Risk Manager 2018 (Contract)

Toyota - Cybersecurity Leader 2017 – 2018 (Contract)

Bank of America - Information Security 2016 – 2017 (Contract)

State Farm - Information Security Risk Analyst 2015 – 2016

HMS (Acquired by Gainwell Technologies) - Information Security Analyst 2013 – 2015

GE Capital - IT Leader – Information Security 2011 – 2012

Federal Reserve Bank of Dallas - Information Security and Audit Manager 2010 – 2011 (Contract)

Alliance Data - Senior Information Security and Risk Analyst 2005 - 2009

Children’s Medical Center - Senior Information Security Technician 2004 – 2005

PROFESSIONAL RECOGNITION

On the Spot Award for Information Security area representation at Symposium event at State Farm.

Awarded outstanding achievement for disaster recovery exercise at HMS.

Multiple recognition events for outstanding achievements at various companies.

EDUCATION CURRENT CERTIFICATIONS

UTD - University of Texas at Dallas CRISC (Certified in Risk and Information Systems Control)

BS, Business Administration CISSP (Certified Information Systems Security Professional)

CISM (Certified Information Security Manager)

UCLA – University of California, Los Angeles CISA (Certified Information Systems Auditor)

Blockchain Technology Management Certificate

BTA Certified Blockchain Business Foundations

Blockchain Training Alliance BTA Certified Blockchain Solution Architect

Enterprise Training BTA Certified Blockchain Security Professional

BTA Certified Blockchain Project Manager

COURSES

Blockchain Solutions, Governance and Collaboration

Digital Transformation: Blockchain, IoT, AI, and Trusted Data

Fundamentals of Blockchain Technology

Blockchain Cryptocurrency Applications in Business and Finance

NFT Foundations (Non-Fungible Token training)

DAO Fundamentals (Decentralized Autonomous Organization training)

HITRUST CCSFP Certified Common Security Framework Practitioner

National Institute of Standards and Technology (NIST), Dept. of the Treasury Financial Management Service

Advanced IT Auditing Training; Auditing Practices Training, Information Systems Audit and Control Assoc. (ISACA)

Privacy and Information Security Training, International Association of Privacy Professionals (IAPP)

Contact this candidate