New York, New York, United States
I began my professional career at a Big 4 firm before pivoting to SaaS startups, reigniting my passion for technology. This transition allowed me to apply security controls and processes from large public companies to agile, cloud-first environments. Today, I specialize in building scalable security and compliance teams that enable businesses to operate at optimal levels of acceptable risk. As a dedicated student of cybersecurity, leadership, and organizational culture, I lead with empathy and a proactive approach to solving complex problems to drive business outcomes. Key Philosophies: ■ Focus on Security Basics: Prioritize foundational security measures that reduce risk at scale before addressing more specific threats and risks. ■ High-Impact Prioritization: Focus on activities that deliver the highest impact with the least effort. ■ Thoughtful Control Design: Implement controls that not only reduce risk but also enhance operational and business value. ■ Transparent Leadership: Lead with transparency to build trusted relationships. ■ Passionate Communication: Operate with passion and ensure clear, effective communication.
As Head of Information Security at WeWork, I’m leading the evolution of our security program to meet the company’s current scale, complexity, and strategic direction. My mandate is to build a leaner, more agile security function aligned with business priorities, enabling smarter resource allocation and high-impact risk reduction. Key areas of focus: • Designing and implementing a right-sized security program that balances risk and operational efficiency • Driving resource-effective initiatives to accomplish security objectives with measurable impact • Leading risk-based projects that align with business priorities and deliver meaningful security outcomes • Ensuring readiness for and ongoing compliance with SOC 2 and ISO 27001 standards • Optimizing our Detection and Response capabilities to strengthen security operations • Modernizing our Incident Response planning, processes, and team readiness • Rebuilding Vulnerability Management from the ground up to drive proactive remediation • Rationalizing our security tools and controls in line with WeWork’s risk appetite My goal is to deliver a pragmatic, high-performing security program that supports the business while protecting what matters most.
As a member of the Information Security leadership team at WeWork, I lead the alignment of the Governance, Risk, and Compliance (GRC) program with broader business objectives. My focus is on leveraging compliance to drive strategic security investments, implementing pragmatic and risk-aligned controls in collaboration with cross-functional teams, and redesigning compliance processes to maximize efficiency and reduce costs—ensuring they remain both practical and effective. This approach enables the GRC function to deliver measurable value, support informed decision-making, and strengthen the organization’s overall security posture.
Primary is New York City’s premier early-stage venture firm working alongside founders to build unicorns like Alloy, Alma, Chief, Dandy Electric, Latch, K Health, Stellar Health, Slice, and many more. As an Expert, I provide strategic advice and guidance to the investment team and founders within the Primary portfolio and broader network.
Leadership role scaling and maturing our security program to support the growth of the company to over 400 headcount and Series B funding. Hired and developed high performing teams, established strong foundations and strategy, and delivered consistently on annual department objectives to continuously scale at the speed of the business.
Joined SevenRooms with 130+ employees, and Series A funding, as their Head of Security, Compliance and Risk responsible for building out security, compliance and IT from the ground up to support the company's growth. Responsibilities include: - Developed the department's strategy and long-term vision, setting core values and competencies for success - Created annual roadmaps, budgets, and headcount plans, and defined key metrics and KPIs to align with company priorities and focused resources on the most critical risks - Developed the organization's Information Security program including policies, procedures, security awareness training, cloud security controls, SLDC controls, corporate security controls, etc... - Led the company to achieve their first SOC 2 compliance report and completed annual PCI certifications - Provided strategic security and compliance guidance to leadership and the board on appropriate investment and maturity of program - Established a robust third party risk management program that incorporated legal, finance, security and IT requirements in one seamless workflow, effectively managing third/fourth party risks - Developed our data privacy framework to engage with EU/UK prospects and clients - Reviewed enterprise agreements to ensure security and operational commitments were captured and operating effectively
Joined Yext (pre-IPO) to build and lead their Governance Risk and Compliance (GRC) department with a primary focus on SOX, SOC2, PCI and HIPAA compliance and remediating issues in the filed S1. Reporting to the CIO in the Engineering organization, I joined when the company was 600+ people and built the team to support compliance activities as the company doubled to 1000+. Expanded responsibilities included; - Prepared and delivered updates to executive leadership and board members, advising them on SOX related decisions and providing concise updates on our compliance maturity - Developed an embedded GRC operating model to identify to changes within our platform, infrastructure and product that would impact our compliance responsibilities and provided real-time feedback - Led a special project to remediate potential errors in our public disclosures for key financial health metrics attributed to our business intelligence reporting - Collaborated with Internal Audit to provide IT audit capabilities and execute on specific IA plans
Responsibilities included; - Built GRC audit frameworks, templates, systems and processes to introduce and manage risk at Yext from leadership down to individual contributors - Established and enforced accountability over risk management and introducing 3 Lines of Defense model to leadership and board - Developed department's charter, budget, headcount planning, hiring, goal setting and annual roadmaps to build the team to five direct reports - Built a trusted brand for the GRC team as a partner and trusted advisor to the organization at all levels - Implemented and managed our GRC program into our SOX tool AuditBoard enabling control and risk owners to manage their responsibilities centrally - Promoted a transparent and positive team culture that focused on doing great work, having impact, celebrating wins, and real-time honest feedback
Responsible for leading multiple engagement teams to plan, execute and manage the delivery of PCAOB and AICPA audit engagements. Consulted for global financial institutions including insurance and banking clients, providing risk management and controls expertise over technology and business processes. - Developed accurate budget and planning templates for engagement economics - Directed teams in executing audit plans, ensuring timely delivery of high-quality results within budget constraints - Collaborated with international teams across various functions to minimize audit strain and boost project efficiency - Guided and developed the skills of team members, fostering their professional growth and advancement within the firm - Delivered presentations to executives and board members, offering insights and updates on audit findings and recommendations