United States
Governance Risk and Compliance leader with 10,000 hours of experience in AI Governance, Technology Risk, Internal Audit, External Audit, IT Audit, SOX, Enterprise Risk, Security Compliance, Vendor Risk, IPO Readiness and Data Analytics. Developed relationships with business leadership across functions, service lines, and regions to provide a solutions-driven audit/risk/compliance/SOX program and serve as a catalyst for change, and serve as an audit consultant to all levels of management. * 5+ years of people management experience * 8+ years of experience in technology risk and compliance management * Hands-on experience building risk and compliance programs for internal and external customers. * Expertise in major industry security and reliability frameworks such as ISO 27001, SOC 1, SOC 2, NIST 800-53, NIST Cybersecurity Framework (CSF), COSO, COBIT, ITIL, etc. * Managed customer due diligence requests including developing and maintaining security collateral for customers (e.g., SIG). * Conducted enterprise risk assessments * Experience collaborating with regulatory compliance partners globally. * Successfully recruited high performing team members * The ability to thrive on a high level of autonomy and responsibility * Clear and persuasive writing and in-person communication * Experience working with platform technology companies * Critical thinker able to develop strategy, execute, and deliver results in a fast-paced, dynamic environment * Positive, self-motivated, results-oriented leader with a strong work ethic and not afraid to roll up my sleeves * Collaborative and proactive partner with exceptional communication and interpersonal skills, and passion for learning
Review Ready is the culmination of extensive conversations with working photographers, curators, editors, gallerists, and festival directors. Muema believes that every photographer deserves clear tools and realistic expectations to present their work with confidence and purpose.
Bootstrapped Startup Funding Playbook is a practical, founder‑friendly guide to building and scaling a tech startup without relying on venture capital. Instead of theory, it gives you real methods, real examples, and a step‑by‑step roadmap drawn from how iconic companies actually did it.
Navigating the startup world can be like learning a new language. "The Ultimate Startup Dictionary" is your guide through the complex jargon of the startup ecosystem. Whether you're a budding entrepreneur, an angel investor, or a venture capitalist, this reference book is an indispensable resource for understanding the terms and concepts that drive today's innovative business ventures.
I am a governance, risk, and compliance leader with over four years of experience operating at the intersection of enterprise risk and emerging technology, including applied AI governance. In my recent role as a Senior Manager GRC, I led initiatives focused on establishing and evaluating AI lifecycle controls, including data quality, model transparency, and privacy safeguards, while assessing governance structures, roles, and policies supporting responsible AI adoption. I also played a key role in operationalizing generative AI within risk, compliance, and internal audit functions. By deploying GenAI solutions, I enabled rapid synthesis of internal policies, audit artifacts, and regulatory requirements to identify risks, surface control gaps, and inform a dynamic, continuously evolving risk universe. I further applied GenAI to streamline audit planning by drafting scopes, objectives, and audit programs aligned with professional standards, and developed standardized analytics frameworks to enhance clarity, consistency, and stakeholder alignment. This work significantly improved efficiency and scalability while embedding AI-driven insights into core assurance processes. My experience positions me to lead AI governance programs that balance innovation with robust oversight, ensuring responsible, compliant, and value-driven use of AI across the enterprise.
● Provide executive leadership to implement data analytics and systems monitoring for the Global Risk Team and foster a culture of innovation and continuous improvements. ● Provide leadership to the advanced data analytic program. ● Promote the use of advanced analytics and automation methods and techniques across the Global Risk department through delivery of proof-of-concept engagements. ● Lead the implementation of new data analytics to identify risk insights. ● Manage and oversee the advanced analytic work to ensure it is delivered accurately, timely and complete, adhering to Global Risk documentation standards. ● Provide oversight to the team responsible for analyzing complex data, identifying anomalies, and providing useable insight to cross functional stakeholders. ● Facilitate the communication of delivered data analytics results to broader audit department, individual teams, and audit stakeholders, as necessary.
● Set governance, strategy, and project management expectations across the Tech vertical project portfolio ● Built strong relationships with key IT, engineering, and business partners, including Infrastructure and Information Security, to thoroughly understand their business and identify appropriate risk mitigations and opportunities to add value ● Drove risk assessment and dynamic audit planning and participated in enterprise risk assessment and audit planning processes ● Managed and develop a team of audit professionals to execute audits and projects, providing direction and ongoing coaching and development ● Reported to the Head of Internal Audit, Executive Leadership, and the Audit Committee on risks, portfolio of audits, and outcomes ● Brought thought leadership, leading practice frameworks, audit process improvements, and contribute to the continuous improvement of the department ● Collaborated with other Internal Audit leaders to execute IA’s strategy and coordinate cross-vertical audit projects and initiatives ● Effectively managed relationship with the internal audit co-sourcing partner(s) to ensure that we execute as one team ● Coordinated with other risk management functions (e.g., Privacy, Compliance, Information Security) to minimize duplication of effort and maximize execution ● Viewed and respected as communication leader for Internal Audit and broader Finance organization
FinTech Partnered with the VP of Risk and CCO in the build out and expansion as the Risk department scaled from 3 to 100+ employees; as Robinhood scaled from 300 to 2,000 employees; as customers scaled from 5m to 18m; and revenue scaled from $200m to $1 billion. ● Developed, managed and led Risk and Compliance teams, programs, policies, procedures, and processes ● Provided day-to-day Compliance and Risk advice/best-practices to Business and Support Unit constituents relating to various activities, including high-risk activities, cryptocurrency risk, cybersecurity risk, third party risk management, etc. ● Developed and refined internal and external compliance and risk management tools to support expected growth. ● Collaborated with team members to evaluate and risk assess new and novel products and services. ● Developed and presented periodic risk and compliance reviews for senior leadership, noting key areas of focus and progress against established goals, emerging risks, and regulatory changes impacting Robinhood’s products, services, and markets. ● Ensured regulatory requirements were understood and complied with, within emerging growth initiatives and new products. ● Collaborated with cross-functional team professionals and strove to deliver exceptional and responsive service by providing risk and compliance management expertise in a clear, solution-oriented, and customer-focused manner. ● Identified, managed and monitored key risks, including risks associated with cryptocurrency, cybersecurity, regulatory compliance, etc. ● Cultivated relationships and maintained regular interactions with internal teams (Legal, Information Security, Physical Security, Engineering, HR, etc). ● Maintained current awareness of regulatory developments. ● Hired, managed, and trained compliance staff. ● Escalated timely and actionable information to key stakeholders.
● Assessed the current state of Robinhood IPO operational and technology readiness against policies, processes, people, reporting, methodologies, and systems and data benchmarks ● Identified the readiness of core public company requirements with respect to risk, compliance, internal controls, cybersecurity, and business continuity ● Assessed the urgency of solutions needed to close identified gaps based on an analysis of costs and benefits along with the required timeline ● Developed work plans, timeline and resource requirements to implement the appropriate solutions
Led cybersecurity evaluation vs FINRA requirements. Evaluated the following dimensions: ● Section 1 - Identify and Assess Risks: Inventory ● Section 2 - Identify and Assess Risks: Minimize Use ● Section 3 - Identify and Assess Risks: Third Party Access ● Section 4 - Protect: Information Assets ● Section 5 - Protect: Systems Assets ● Section 6 - Protect: Encryption ● Section 7 - Protect: Employee Devices ● Section 8 - Protect: Controls and Staff Training ● Section 9 - Detect: Penetration Testing ● Section 10 - Detect: Intrusion ● Section 11 - Response Plan ● Section 12 - Recovery Evaluated and made recommendations to enhance cybersecurity policies, standards and procedures. * FINRA evaluates firms’ approaches to cybersecurity risk management through reviews of their controls in areas including: technology governance, risk assessment, technical controls, access management, incident response, vendor management, data loss prevention, system change management, branch controls and staff training. Through these reviews, FINRA also assesses a firm’s ability to protect the confidentiality, integrity, and availability of sensitive customer information.
Silver Spring Networks, a subsidiary of Itron, is a provider of smart grid products, headquartered in San Jose, California, with offices in Australia, Singapore, Brazil, and the United Kingdom. Planned and led engagements with independent assessors to earn certifications and attestations important to SSN and Itron customers. Managed global team across multiple time zones: USA, Canada, India, Germany, France. ● Led the creation, implementation, monitoring, and maintenance of information security policies and standards. ● Oversaw and managed the tech risk assessment and security exception processes. ● Evaluated moderate to complex business and technical requirements, and communicated inherent security risks and provide recommendations for mitigating controls to technical and non-technical stakeholders. ● Delivered recommendations and risk interpretations in a clear, concise and audience-specific format. ● Coordinated and executed changes to existing procedures to enhance the risk management life cycle. ● Oversaw deep-dive assessments as assigned and deliver findings, recommendations and remediation steps for all activities. ● Generated awareness for security best practices for both internal stakeholders and external partners. ● Developed and maintained strong working relationships with technical and non-technical teams involved with information security and privacy (Legal, Internal Audit, IT, business teams etc.)
● Managed compliance programs, defined milestones and success criteria, resource allocation and successful on-time delivery. ● Identified, assessed, and advised on compliance risks and controls. ● Created and drove programs to tighten the data security and governance over our internal data. ● Coordinated, managed, and facilitated compliance processes to provide timely deliverables. ● Exercised technical judgment in working with large, cross-functional teams, and communicated schedules, priorities, and status to all levels in the company.
Management Risk Assessment ● Executed quarterly management assessment for all technology risks ● Completed quarterly assessment process for all technology risks ● Reviewed risk assessment outputs with the CISO on a quarterly basis Technology Policy Implementation ● Drove implementation of technology policies across the organization Technology Controls ● Developed a clear understanding of all technology controls and became an advisor to control owners on improvement opportunities ● Maintained central view of control owners and responsibility for updating them when attrition / role changes occur ● Educated of control owners as to their role, responsibility and the implications to the company of control failures ● Drove identification and action of management identified control weaknesses ● Reviewed control operation and evidence on a monthly / quarterly basis to ensure that all controls are operating as designed and that scope remains appropriate ● Engaged with Program Managers to advise on control considerations and changes that need to be assessed for all key projects Reporting and Dashboards ● Created a monthly dashboard showcasing the key metrics that allowed Technology Leadership to assess risks, policy compliance, control operations and issues on an ongoing basis. Relationship Management ● Internal: Served as primary relationship manager representing technology with internal stakeholders including Internal Audit, Info Sec, Operational Risk and Compliance teams. ● External: Served as primary relationship manager representing technology with external stakeholders including External Audit and Regulators ● Owned action plans to address open audit and regulatory issues and ensured timely resolution in line with committed remediation plans Coordination of all audits / regulatory reviews ● Created and managed calendar of audit reviews and items that must be completed to satisfy audit requirements ● Managed the collection of audit evidence
Startups, Mobile, E-commerce & Payments (Apple Pay, etc.) I was the first San Francisco Controls Officer reporting to the CIO and led post acquisition integration of startups (Bloomspot.com), and led technology reviews (ITIL, ITGC, etc.) of mobile, e-commerce and payment platforms (Apple Pay, Chase Pay, Chase Net). JPMorgan Chase & Co. is an American multinational banking and financial services holding company headquartered in New York City. It is the largest bank in the United States, and the world's fifth largest bank by total assets, with total assets of US$2.6 trillion. It is a major provider of financial services, and according to Forbes magazine is the world's third largest public company based on a composite ranking. The hedge fund unit of JPMorgan Chase is the second largest hedge fund in the United States.The company was formed in 2000, when Chase Manhattan Corporation merged with J.P. Morgan & Co. The J.P. Morgan brand, historically known as Morgan, is used by the investment banking, asset management, private banking, private wealth management, and treasury & securities services divisions. Fiduciary activity within private banking and private wealth management is done under the aegis of JPMorgan Chase Bank, N.A.—the actual trustee. The Chase brand is used for credit card services in the United States and Canada, the bank's retail banking activities in the United States, and commercial banking. The corporate headquarters is located at 270 Park Avenue in Midtown Manhattan, New York City. The retail and commercial bank is headquartered in Chase Tower, Chicago Loop, Chicago, Illinois, U.S. JPMorgan Chase & Co. is considered to be a universal bank. JPMorgan Chase is one of the Big Four banks of the United States, along with Bank of America, Citigroup, and Wells Fargo. According to Bloomberg, as of October 2011, JPMorgan Chase had surpassed Bank of America as the largest U.S. bank by assets.