San Francisco, California, United States
Security and EngOps leader with 20+ years experience building globally diverse, engineering, operations, and PMO organizations focused on operational excellence and delivery of customer centric services, programs, and infrastructure. Experienced leader who can attract, maintain, and grow cross disciplined DevOps and DevSecOps talent. Trusted security advisor for Business Unit C-level executives on a wide variety of IT risks, issues, concerns, and problems, ensuring business processes incorporate adequate information security controls and processes that elevate our NIST CSF maturity. Program leader with a track record delivering high profile revenue generating and foundational infrastructure programs in Global Retail, E-Commerce, PaaS, and Security at Scale.
M&A Security Integration Oversees strategic programs and drives operational excellence by working closely with key stakeholders and executives on trade offs and prioritization of board level Trust commitments. These include programs such as: FedRamp, PCI, SOC2, and SOX audit and remediation, Customer MFA, Infrastructure MFA, IDM migration, SSDL adoption, Bug Bounty program, secrets management, and Sev0 remediation.
Led the cloud security architecture, engineering, and operations teams responsible for foundational security services in multi-substrate clouds on Azure and Oracle Cloud, providing a secured framework that enabled the digital transformation and migration from our first party data center into the cloud. Responsible for all 3rd party security SaaS solutions and integrations and security tooling that enabled discovery, identification, and protections capabilities such as TVM, container scanning, secrets management, IDM, and security admin.
SecOps leader responsible for end-to-end design, engineering, and operations of critical security functions, such as data protection, encryption, tokenization, vulnerability management, logging, and endpoint hardening. Promoted DevSecOps culture by hiring a team of security centric DevOps engineers with a desire to simplify and automate shift-left security controls into CI/CD and source pipelines. Recruited and hired a security operations center in Hyderabad, India to provide 24x7 global support and coverage for our critical encryption, PKI, tokenization, database monitoring and endpoint security agent services. Designed and led the GDPR data protection and data governance program providing general counsel the data mapping, flow, and classification of sensitive PII and PCI data across 700 applications and hundreds of structured and unstructured databases.
Technical program director leading cross-functional security initiatives, e-commerce integrations, along with store technology refreshes. Responsible for portfolio program management consists of dozens of Agile, Lean, and Waterfall initiatives in security, stores, and e-commerce enabling large scale application deployments running the next generation point of sales applications to revamping online and store networks enable segmentations and firewall policies in support of PCI DSS. Accountable for a multi-year, $30 million dollar project to modernize and overhaul the store network and wireless infrastructure across 2600 stores