Cloud Security Risk Management
Resume:
Profile Summary
Cloud Compliance Leader with **+ years of experience delivering enterprise-scale security and compliance solutions across cloud and hybrid environments. Proven record leading PCI-DSS, SOC 2, and NIST assessments, embedding security controls into AWS and Azure architectures, and automating evidence collection using ServiceNow, Jira, and CMDB integrations. I am known for bridging technical and GRC domains, driving audit readiness, and aligning cloud-native controls with regulatory frameworks. Deep expertise in IAM, KMS, CI/CD integration, and third-party risk management.
Comprehensive Cloud Security and Compliance: Demonstrated skill in cloud security and compliance across multiple platforms, with a particular emphasis on the seamless migration of ERP and other critical systems from on-premises to SaaS cloud. This includes ensuring the security and compliance of these systems during and after the migration process.
Compliance Frameworks & Governance Expertise: Exceptional ability in enhancing security postures through a focus on compliance frameworks, including the authoring of standards and governance documents, vendor risk management, and conducting security risk assessments.
Framework & Standard Implementation: Proficient in drafting and implementing security frameworks and standards, ensuring adherence to regulatory requirements and best practices.
Leadership in Security Operations: Proven leadership capabilities, with the ability to effectively lead and mentor teams. Experience working with Security Operations Centers (SOC) and Security Incident Response Teams (SIRT), promoting a culture of security awareness and responsiveness.
Effective Communication Skills: Recognized for excellent communication abilities, capable of conveying complex security concepts to a broad audience and fostering collaborative efforts towards achieving comprehensive security objectives.
Diverse Compliance Framework Implementation: Experienced in implementing a variety of compliance frameworks, further strengthening the security infrastructure of organizations.
Core Skills
Functional: Domain Security, IT Governance, Security Engineering, Governance Risk and Compliance, Security Policy, Documentation, ERP System Security, Compliance Framework Alignment (NIST, SOC, ISO, CIS, PCI-DSS)
Technical: Microsoft Purview, Splunk, Service Now, Jira, Wiz, SailPoint, Workday, Tenable.io, Azure Security, HashiCorp Vault and Terraform, Okta, Delinea Secret Server
Work Experience
Technical Program Manager PCI-DSS Compliance I Nordstrom 01/2025 t0 09/2025
At Nordstrom, I lead PCI-DSS compliance efforts across multiple environments, having successfully completed two separate Reports on Compliance (ROCs). I served as the technical subject matter expert (SME) during these assessments, working directly with a Big 4 Qualified Security Assessor (QSA) firm to ensure accuracy, completeness, and technical rigor in all responses and evidence submissions.
My responsibilities include:
Implementing and monitoring PCI security controls across cloud, on-premises, and hybrid environments.
Driving audit readiness and execution by coordinating with infrastructure, application, and business teams to collect and validate evidence.
Leading technical remediation efforts to close gaps identified during assessments.
Maintaining continuous compliance by partnering with engineering, security operations, and governance teams to improve controls and processes.
Managing stakeholder relationships with both internal leadership and external assessors to ensure clear communication and successful outcomes.
My focus is not just on meeting compliance requirements but on building sustainable, security-first practices that support Nordstrom’s long-term PCI posture.
CLOUD SECURITY GOVERNANCE MANAGER-GRC I Alaska Airlines (Contract) 04/2024 to 01/2025
Selected CIS as the framework for AAG for their overall cloud governance program
Mapped controls for PCI-DSS 4.0 for compliance with our PCI policies.
Sure, I would be happy to help with that! Here are the revised sections for your profile summary and core skills:
Profile Summary
Experienced Technical Program Manager with a strong background in PCI-DSS compliance, cloud security governance, and security engineering. Proven record in implementing security controls, developing policies, and improving compliance scores. I am skilled in data governance, compliance, and security policy enforcement.
Core Skills
Microsoft Purview: Expertise in data governance and compliance
PCI-DSS Compliance: Implementation and management of security controls
Cloud Security: Development and enforcement of security policies
Security Engineering: Migration of passwords and user folders for improved security
I hope this helps! If you need further adjustments or have any other sections, you'd like me to review, please let me know. Sure, I'd be happy to help with that! Here are the revised sections for your profile summary and core skills:
Profile Summary
Experienced Technical Program Manager with a strong background in PCI-DSS compliance, cloud security governance, and security engineering. Proven track record in implementing security controls, developing policies, and improving compliance scores. I am skilled in data governance, compliance, and security policy enforcement.
Core Skills
Microsoft Purview: Expertise in data governance and compliance
PCI-DSS Compliance: Implementation and management of security controls
Cloud Security: Development and enforcement of security policies
Security Engineering: Migration of passwords and user folders for improved security
I hope this helps! If you need further adjustments or have any other sections, you'd like me to review, please let me know. Developed and enforced cloud security policies for Azure and GCP, ensuring compliance with CIS industry standards and organizational requirements.
Managed cloud governance frameworks, including policy enforcement, compliance monitoring, and role-based access control (RBAC) for Azure and GCP.
Conducted risk assessments and implemented mitigation strategies, including disaster recovery and business continuity plans.
SECURITY ENGINEER Avalara - Seattle, WA 06/2020 to 04/2024
Spearhead the development and implementation of security policies and procedures to protect the organization's digital assets.
Provide domain Security by safeguarding domain environments against cyber threats and deploying domain-level security tools and protocols.
Oversee security governance frameworks and security risk assessments and policy compliance across departments.
Design and implement comprehensive security architecture, integrating security considerations into the development of IT infrastructures, and conducting regular security architecture reviews and updates.
Proficiently align IT practices with various compliance frameworks (e.g., ISO 27001, NIST CSF and participated in audits and ensured adherence to controls and policies for self-owned controls.
Migrate thirty thousand passwords and six thousand user folders from our legacy on-premises environment to a fully SaaS cloud version.
Manage enterprise-grade secrets vault to secure sensitive credentials, implemented best practices in secret management and access control, and provided high availability and disaster recovery capabilities for secrets storage.
Provide identity and Access Management (IAM) by overseeing the implementation and management of Secret Server and SailPoint, defining access privileges and control structures, and streamlining identity lifecycle processes, enhancing security and user experience.
Review vendor risk by conducting comprehensive risk assessments of third-party vendors using the eighteen risk domains and evaluating existing security architecture and protocols for risk of vulnerability and recommended improved tools and protocols to management.
SECURITY ENGINNER Apptio (Contract) 03/2020-07/2020
Oversaw FedRAMP continuous monitoring process for Apptio and their monthly submissions to the JAB every month on the 15th.
Multitasked with SOC 2 reporting/compliance, AWS Security Configuration for Apptio deployment, Nessus Remediation.
Protected secure data files and regulated access and audited networks and security systems to identify vulnerabilities.
SENIOR CONSULTANT First Information Technology Services, Microsoft 11/2019 to 03/2020
Conducted comprehensive IT assessments, including infrastructure audits, security evaluations, and performance analyses, to identify areas for improvement and optimization.
Designed and implemented cloud migration strategies, leveraging platforms such as AWS, Azure, and Google Cloud, to enhance scalability, reliability, and cost-effectiveness of IT environments.
Achievements include:
oMy project at Microsoft was security benchmarks and baselines for Microsoft offerings.
oEvent Hub baseline security https://docs.microsoft.com/en-us/azure/event-hubs/security-baseline Azure Container.
oRegistry baseline security https://docs.microsoft.com/en-us/azure/?product=security.
oAzure Kusto https://docs.microsoft.com/en-us/azure/kusto/management/security-roles
TECHNICAL PROGRAM MANAGER Microsoft, Artech LLC (Contract) 12/2018 to 11/2019
Collaborated with the team to achieve FedRAMP and HITRUST for Microsoft Genomics and get Azure service certified.
Conducted team training on FedRAMP, created audit framework and plan for compliance and revised service threat model for updates and S.T.R.I.D.E methodology.
SENIOR PRINCIPAL PRODUCT STRATEGY MANAGER Oracle 07/2018 to 09/2018
Conducted security and compliance audit for each of Oracle SAAS customers.
Collaborated with Archer GRC to standardize the audit input, Backup of complete Oracle RMAN environment to Avamar and Data Domain redundant grid using NFS mounts and custom scripted agents.
Partnered with internal and external agency teams to create innovative strategies and implement marketing plans that drive awareness, engagement, and product adoption.
Translated business goals, feature concepts and customer needs into prioritized product requirements and use cases.
CLOUD SECURITY ARCHITECT IOT Sysgain - Redmond, WA 03/2018 to 07/2018
Published a security guide on the software that was on GitHub for CI/CD.
SENIOR SECURTY CONSULTANT VACO – Remote 09/2017 to 01/2018
Managed and ensured compliance for NIST 800-171, SOC 2, and DFARS.
Oversaw gap analysis, Remediation planning, Practical application, and Security Architecture implementation.
SR. CONSULTANT/SALES ENGINEER Network Computing Architects 03/2017 to 08/2017
Multitasked with NIST 800-171 SME compliance, VMWare deployment and configuration, Remediation Planning, Security consulting, Nutanix Presales and deployment, Cohesity Presales and deployment, Hyper-converged Technologies implementation, and Security and OS Hardening- Oracle and Windows.
DATACENTER MANAGER Crane Aerospace and Electronics 03/2016 to 03/2017
Oversaw all aspects of data center operations, including infrastructure management, security, and maintenance, ensuring 24/7 uptime and reliability.
Led a team of technicians and engineers, providing guidance, training, and performance evaluations to ensure high-quality service delivery.
Developed and implemented data center policies and procedures to streamline operations and enhance security and compliance.
Managed vendor relationships and contracts, negotiating service agreements and optimizing costs while maintaining high-quality services.
Mitigated risk by ensuring regulatory compliance for required licensing and secured the Oracle ERP system to NIST-800-171 standard.
SENIOR INFRASTRUCTURE SOLUTIONS ARCHITECT Sysorex, Lilien Systems 06/2015 to 02/2016
Served as a pre-sale and post-sale customer facing infrastructure consultant - advising customers based on assessments of physical and virtual environments.
Led the design and implementation of complex infrastructure solutions for enterprise clients, ensuring alignment with business requirements, industry best practices, and regulatory compliance.
Conducted requirements gathering sessions with clients to understand business needs and translate them into technical requirements and solution designs.
SENIOR INFRASTRUCTURE ENGINEER Doughnuts - Bellevue, WA 10/2014 to 06/2015
Oversaw the management and delivery of all Storage, VMWare, Cisco UCS, NFS, CIFS and other infrastructure related products as advisors.
Led the design and implementation of cloud-based infrastructure solutions utilizing AWS/Azure/GCP, including virtual networks, EC2 instances, S3 storage, and RDS databases.
SENIOR STORAGE ENGINEER Denali - Redmond, WA 04/2014 to 10/2014
Oversaw post-sale deployment of EMC and Cisco UCS Equipment, and deployment of EMX XtremIO, VNX and VMAX-400K, VPLEX and Recover Point.
Conducted VMWare upgrades and Cisco UCS field installation and server profile configuration.
Designed, implemented, and maintained storage solutions for enterprise-level clients, including SAN, NAS, and object storage technologies.
Led storage infrastructure POC and RFP projects for customers from conception to completion, ensuring alignment with business objectives and technical requirements.
PROFESSIONAL SERVICES CONSULTANT Contender Solutions 02/2014 to 04/2014
Conducted site assessments for storage migration and visualization and performed Field installation/support of EMC VNX, VPLEX and Recover Point.
Education and Certification
Northern Illinois University Bachelor’s degree
GIAC Security Essentials (GSEC)
OWASP member
Contact this candidate