Denver Metropolitan Area
Proven Chief Information Security Officer with 15+ years leading enterprise security, risk, and compliance programs for global SaaS organizations. I build security programs that enable business innovation while protecting what matters most - customer trust, regulatory compliance, and organizational resilience. My approach positions security as a competitive advantage, not a cost center. I've led organizations through rapid compliance maturity (achieving five certifications in 18 months), PE-backed growth and exit preparation, and digital transformation - partnering with boards, executives, and cross-functional teams to translate cyber risk into business decisions. Core expertise spans ISO 27001, SOC 2, GDPR, CCPA, HIPAA, and cloud-native security architectures. I'm equally comfortable building security operations centers, advising boards on risk posture, or working alongside engineering teams to embed security into product development.
· Lead security architecture and risk review for enterprise AI tooling adoption, with focus on AI/ML security with secure SDLC, LLM application security, and practical AI governance. Built custom agents for InfoSec triage and risk analysis. · Rationalized more than $480K in security spend within the first year through vendor consolidation and program modernization, reinvesting savings into SIEM, SOAR, 24/7 MDR/XDR, threat hunting, and unlimited incident response capability. · Identified and remediated nine critical security gaps in the first 10 months, strengthening source code recovery controls, access governance, endpoint management, and enterprise-wide threat detection across XDR, SSO, VPN, M365, and AWS. · Develop and maintain the company-wide global ISMS and enterprise risk program aligned to SOC 2, ISO 27001, and NIST CSF; report security, resiliency, compliance, and remediation posture to executive leadership. · Lead enterprise incident response across multiple security events, directing cross-functional containment, investigation, executive communications, and remediation efforts to reduce business risk and strengthen organizational resilience. · Support customer and partner security due diligence by translating technical controls, AI governance practices, and operational safeguards into clear trust narratives for enterprise stakeholders.
· Built the security program from the ground up for a $35M AWS cloud-native global SaaS platform, achieving five accreditations (ISO 27001, SOC 2, HIPAA, PCI-DSS, Tx-RAMP) within 18 months while maintaining operational continuity and establishing customer trust. · Served as the external face of security with prospects, customers, and investors, positioning security as a competitive differentiator and business enabler in enterprise sales, diligence, and audit cycles. · Partnered with Engineering, IT, and Legal to implement identity and access management, threat detection, incident response, third-party risk management, privacy-aligned controls, and secure coding practices across the organization. · Established and managed an ongoing penetration testing program for a cloud-native SaaS environment, improving testing methodology, vendor selection, and cost efficiency while strengthening AppSec and vulnerability management.
· Led enterprise cybersecurity strategy across a portfolio of acquired global SaaS businesses, executing integration risk assessments and rapid certification programs (SOC 2, ISO 27001, ISO 27701, HIPAA, GDPR) within eight months of acquisition. · Partnered with Agile engineering and DevOps teams to embed security into SDLC processes, strengthen product security, and mature a shift-left DevSecOps model across the portfolio. Led Security Operations Center oversight to support continuous monitoring and incident response readiness. · Advised C-suite executives and private equity stakeholders on cyber risk, integration roadmaps, and security investment priorities; performed M&A security due diligence, gap analysis, and post-acquisition program integration.
· Served as executive advisor to C-suite and Board on cyber risk, regulatory exposure, and compliance strategy; developed risk registers, conducted global enterprise-wide gap analyses, and guided policy decisions across a globally distributed business operations and workforce. · Developed and managed a global compliance program, ensuring adherence to industry standards and international regulations for a $875M public company with operations in 120 countries. · Advised and trained on global anti-corruption, security, privacy, and compliance (GDPR, CCPA, PCI, SOX, TCPA, FCPA, OFAC, CAN-SPAM, Cookie Law) regulations. Conducted gap analyses, developed risk registers, and assessed regulatory impacts to guide executive policies and business operations across parent and subsidiary companies. · Modernized compliance programs, including Code of Conduct, whistleblower hotlines, and employee training. Enhanced third-party due diligence, strengthened risk management reporting, ensured contract compliance, and played a key role in security incident response, root cause analysis, and data breach remediation.
· Directed the information security compliance and assurance program for one of North America's largest privately held colocation, managed services, and cloud providers with 24 data centers in five states. · Contracted and managed third-party audit engagements, including SSAE 16/SOC 1, HIPAA, PCI DSS, AICPA Trust Principles (SOC 2/3), and NIST 800-53, expanding the accreditation program from one to five over six years. · Led incident response coordination and issue remediation, supported acquisition due diligence and gap analysis, and managed customer security questionnaires and sales enablement for regulated infrastructure environments.