Phoenix, Arizona, United States
As an Information Security and Risk Management Director with 15+ years in the field, I thrive on building, maturing, and transforming security, privacy, and compliance programs for large-scale organizations, particularly within the financial services sector (Charles Schwab, Wells Fargo). My career has been dedicated to navigating complex regulatory landscapes (FFIEC, GLBA, NIST) and embedding risk-aware decision-making into the fabric of enterprise operations. From establishing ISRM regulatory and audit management programs at Charles Schwab to leading cybersecurity control management and policy adherence initiatives at Wells Fargo, my focus has consistently been on creating pragmatic, effective, and sustainable solutions. I bring a blend of strategic vision and hands-on experience in IT audit, third-party risk, PCI DSS, and security engineering, underpinned by CISM, CISA, and CDPSE credentials and an MBA. My background, which includes foundational experiences at Arthur Andersen (PeopleSoft consulting and security) and GE NBC, has equipped me with a deep understanding of both business processes and the technologies that support them. I am driven to help organizations proactively manage risk, achieve compliance excellence, and build resilient security postures. I'm looking to connect with forward-thinking companies seeking a leader to champion their security and risk management vision.
During this period, I prioritized significant family responsibilities, including managing my late father's estate and providing dedicated care for my mother during a serious illness. This time also allowed for personal reflection, professional development in cybersecurity trends, and strategic planning for my next career chapter. I engaged in select freelance cybersecurity consulting, offering advisory services to contacts.
Technology Control - Cybersecurity Business Control Management Policy Adherence Controls, Issues, Corrective Actions Archer, ServiceNow, SharePoint
Information Security Risk Management (ISRM)’s point of contact for regulatory (FRB, OCC, SEC, FFIEC, FINRA, FDIC), audit, and incoming client due diligence activities for the firm, including Brokerage and Banking units. • Develop an ISRM Regulatory and Audit Management Program. • Lead multiple concurrent regulatory, audit, and/or incoming client due diligence activities through coordination with stakeholders. • Ensure that all ISRM owned regulatory, audit, and incoming client due diligence deliverables are met with high quality and consistency. • Drive accountability and ensure that ISRM owned issues are remediated on time. • Develop value added metrics, communications, and executive dashboard to measure program performance. • Research and analyze regulatory and industry trends and evaluate applicability or risk exposure.
• Work with IT and business organizations to shape organizational control policy & standards and manage compliance with regulations related to information security. • Manage large scale risk/security assessments and projects to validate compliance and lead remediation efforts for identified risks and compliance gaps. • Plan and coordinate risk assessments and audits, perform interviews, document design assessments, design and measure effectiveness of key controls, lead cross-functional remediation teams in developing processes using requirements gathered from clients and engineering, and develop sustainable strategies and measurement systems to ensure that risk management techniques and strategies can continue to be maintained over time. • Foster and nurture trusted relationships with Business Partners, Company IT Executives, CISO and other Risk & Compliance Team Members to gain consensus approvals on strategies, recommendations, findings, project plans, etc.
• Employ structured methodologies and analysis to properly assess the possible impacts and propose rational mitigation strategies that maintain a balance of security with business functionality and member service. • Support the research and evaluation of security-focused technologies and processes, based on business needs and industry trends. • Compile data analysis and regulator information to present formalized and detailed findings to IT Management in support of the Information Security Program. • Conduct regular risk assessments of applications, systems and data in accordance with the Information Security Program including the examination of mitigating internal controls. • Complete tactical audit functions within IT such as auditing of various logs, compliance to checklists and procedures, code and application integrity and resource permissions. • Monitor current security threats and trends and evaluate the possible impact to environment. • Administer existing and future security, event and availability tool sets including Log Management, Event Collation and Availability Management. • Develop and produce regular and ad hoc reports describing the security environment including infrastructure, internal controls, processes and procedures.