Tustin, California, United States
I've built enterprise security programs that didn't exist — and turned them into competitive advantages for the business. With over 25 years of experience in Security, I've served as the Global Head of Information Security for organizations ranging from $900M mortgage lenders to $5B global semiconductor manufacturers. I specialize in standing up first-of-their-kind programs — ISO 27001, TISAX, CMMC, GDPR, SOX — and translating complex cyber risk into clear board-level decisions that protect the business while enabling growth. At Skyworks Solutions, I led the company's first-ever TISAX and ISO 27001 certifications in its 25-year history, built a 5-year security transformation roadmap that eliminated $1.5M in external consulting spend, and launched an AI Governance program ahead of regulatory mandates. Core areas: Enterprise Security Strategy · GRC · AI & Data Governance · ISO 27001 / NIST / CMMC · Third-Party Risk · Cyber Resilience · Board Reporting/Metrics · GDPR / CCPA / SOX
- Achieved Skyworks' first-ever TISAX and ISO 27001 certifications in the company's 25-year history by building a full compliance program and 5-year security transformation roadmap, resulting in satisfied enterprise customer contract requirements and $1.5M in eliminated external consulting spend. - Launched Skyworks' AI Governance program ahead of regulatory mandates, with tracked ROI and adoption metrics — allowing the business to adopt AI quickly while avoiding unmanaged legal, security, and reputational exposure. - Designed Skyworks' enterprise Cyber Resiliency program (business continuity, disaster recovery, ransomware response, incident response playbooks), reducing the potential downtime and financial impact of a major cyber event and giving the company a tested path back to operations.
- Cut company-wide phishing click-through rates by 75% by launching a security awareness program including simulated phishing campaigns and gamification, resulting in a direct reduction in the organization's top ransomware and credential theft attack vector. - Built Skyworks' first third-party risk management program — vendor evaluations, contract security terms, and SLA monitoring — closing a significant supply-chain security gap that left the company exposed to vendor-introduced breaches. - Set enterprise security standards and hardening processes across network, cloud, database, and operating systems, giving Skyworks a consistent security baseline across a complex, heterogeneous global infrastructure and reducing the misconfigurations that lead to breaches and audit findings.
- Built the company's first information security and privacy program from zero by establishing policies, standards, and a unified controls framework spanning ISO 27001, NIST 800-53, CSA, and CIS Top 20, resulting in the governance maturity required to pass enterprise due diligence from Daimler and Volkswagen. - Passed all partner and investor security audits without findings by owning the full assessment lifecycle across internal teams, external auditors, and business partners, resulting in protected funding relationships with two global automakers. - Reduced breach and data-loss exposure during rapid growth by deploying defense-in-depth security controls across the environment, resulting in closed critical gaps identified during initial risk assessment.
- Built a unified security controls framework spanning ISO, NIST, FFIEC, NYDFS, and SANS by replacing fragmented compliance initiatives with a single auditable security posture, resulting in consistent regulatory standing across federal and state financial regulators. - Maintained continuous compliance across a complex financial services regulatory landscape by tracking evolving laws and leading enterprise-wide risk assessments, resulting in zero regulatory fines or lending restrictions during a period of rapid company growth. - Served as the company's primary regulatory liaison by managing all regulator, partner, vendor, and customer audit requests, resulting in preserved credibility and zero adverse findings during the company's highest-growth phase.