Jun 2024 – Mar 2025 · 9 mos · New York, New York, United States · Hybrid

• Lead and manage a team that delivers automation solutions to streamline compliance and risk management workflows through the design and development of a custom GRC tool.
• Drive comprehensive security governance and risk management initiatives, ensuring foundational alignment with industry standards and an increased governance culture across the InfoSec and Security Engineering organizations.
• Oversee vendor risk management programs, including design, delivery and mitigation of third-party risks by implementing scalable assessment frameworks and integrating compliance monitoring capabilities across multiple stakeholder organizations (ex. Procurement, Privacy, Legal, Internal Audit, Customer Trust, Engineering) and tools (ex. Zip, Graphite, TrustArc, Coupa).
• Develop and refine key security risk and compliance metrics / dashboards to enable oversight and actionable insights to key stakeholders for continuous improvement and cross-functional decision-making (ex. CISO, Privacy, Product, Engineering).

Dec 2021 – Jun 2024 · 2 yrs 6 mos

• Led the Security Risk Management Team, establishing a data-driven vision and measurable goals to align with organizational objectives.
• Built a scalable, compliance-focused approach, achieving ~80% adoption of the Security Issues Management Service and integrating GRC tools to automate security controls.
• Managed a high-performing team of 5–10 across core domains (Third Party Security, Vulnerability Management, Privacy), ensuring operational excellence in handling 100+ assessments and escalations.
• Mentored team members, streamlined risk assessments with ~85% process automation, and strengthened alignment between risk and business goals.
• Spearheaded quarterly Security/Privacy Risk Reviews with executive stakeholders (e.g., CISO, Privacy, Trust and Safety), advancing strategic alignment on risk reduction.
• Collaborated with internal audit and regulatory bodies to enhance governance and automate GRC workflows, creating real-time monitoring across 10+ custom dashboards tracking 30+ KPIs and KRIs.
• Provided expertise for high-visibility audits (NIST CSF, ISO 27001/27018, SOC2), ensuring compliance with GDPR, CCPA, DMA/DSA, and other standards.
• Enabled proactive security policy improvements, refining GRC reporting for streamlined risk data, which supported strategic, frictionless decision-making and compliance objectives.

Sep 2020 – Dec 2021 · 1 yr 3 mos

Sep 2018 – Sep 2020 · 2 yrs

Jun 2016 – Sep 2018 · 2 yrs 3 mos · San Francisco Bay Area

• Manage all phases of projects’ lifecycle including the planning, execution, and communication for all IT audits including change management, user access management, network & OS security penetration testing, physical/logical security infrastructure assessments, data reliability, completeness, & accuracy testing of key reports, data backup/disaster recovery testing, segregation of duties (SOD), and review of service provider organizations and data center facilities.
• Prepare IT audit scope, report findings, and present recommendations for improving data security, integrity, privacy, and availability operations.
• Drive SOX readiness activities for new technologies (ex. AWS Redshift Data Warehouse), acquisitions (ex. EAT24, NoWait, Turnstyle), and upcoming regulatory guidance (ex. GDPR).
• Improve/enhance existing policies/procedures/guidelines as well as identify new controls and operational improvements related to SOX in-scope systems (including cloud and complex home-grown systems).
• Represent, develop, and communicate compliance initiatives (i.e. PCI DSS) by proactively creating strong cross-functional relationships in a high growth environment and effectively addressing departmental compliance needs.

Apr 2015 – Jun 2016 · 1 yr 2 mos · San Francisco Bay Area

• Led Autodesk Enterprise Information Security (EIS) Compliance Program including developing and/or executing on risk based readiness assessments and large scale SOC1/SOC2/SOX internal audits of 85+ controls over EIS managed systems (including cloud and complex home-grown systems). Consistent improvement of previous audit quality to deliver up to 4+ audit reports annually.
• Prepared audit scope, report findings, and present recommendations for improving data integrity, security, and availability operations.
• Identified new controls and operational improvements for systems supporting over 100+ legacy/new products and services. Meritoriously completed Agreed Upon Procedures (AUP) audit of consumption usage data reporting platform supporting $35 million-dollar enterprise contract.
• Drive results and organize objective focused systems process/systems understanding meetings and interviews with minimal follow-up via successful cross-functional collaboration with multiple internal stakeholders (IT, Sales Operations, Product Teams, and Business), external auditors, and outside consultants.
• Documented technical details of desktop and cloud software products as related to audit and accreditations. Field technical compliance inquiries from enterprise customers, internal/external audit, and industry regulators.
• Managed accreditation projects including HIPAA, COPPA, and FERPA IS/IT compliance including risk development, analysis, and remediation and exposed to PCI DSS assessments.

Jul 2014 – Mar 2015 · 8 mos · San Francisco Bay Area

• Developed citywide IT risk assessment and IT audit program for over 25 city departments according to National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), Control Objectives for Information and Related Technology (COBIT), and IT Infrastructure Library (ITIL) standards.
• Recommended and/or developed operational changes for the City Services Auditor (CSA) division.

Aug 2011 – Jul 2014 · 2 yrs 11 mos · San Francisco Bay Area

• Engagement lead for SOX security audits and compliance reports (SOC I – III) for 15+ domestic/international Fortune 500 companies, enterprise merchants, service providers, and data center facilities.
• Managed over 10 domestic/international EY resources and client associates as well as up to three audit teams simultaneously for clients including HP, Oracle, Yahoo!, and salesforce.com.
• Identified and evaluated internal control gaps by conducting fieldwork, analyzing relevant evidence, and completing documentation; test remediation process(es) by analyzing weaknesses and deficiencies.
• Executed application controls (related procurement-to-pay, fixed assets, order-to-cash, treasury, payroll, and HR) by testing the design and operational effectiveness of controls (IT General Controls for SOX 404 compliance) relevant to financial statement assertions and the Federal Information Security Management Act (FISMA) for an assortment of domestic and international clients.
• Experienced in auditing technologies for applications and operating systems such as UNIX/Linux/Windows/Mainframe, AIX, HP-UX, Oracle, Equity Edge, Concur, Workday, SQL, Perforce, SAP, PeopleSoft, OpenVMS, NetBackup, Data Domain, Arc Sight, and IDS; Knowledge of GRC tools.

Jul 2009 – Dec 2009 · 5 mos · Greater Boston Area

Jul 2008 – Nov 2008 · 4 mos

Jan 2008 – Jun 2008 · 5 mos

Jan 2007 – Dec 2007 · 11 mos