.jpeg)
Results-oriented professional offering extensive experience in implementing strategic risk management initiatives to safeguard organizational assets and optimize performance. Proven track record of assessing and mitigating cybersecurity, operational, and regulatory risks across diverse industries. Adept at developing comprehensive risk frameworks, fostering a risk-aware culture, and collaborating with cross-functional teams to drive continuous improvement. Well-versed in leading various projects from inception to successful completion within set deadlines and budgetary constraints. Skilled in leveraging advanced knowledge of multiple compliance standards, including NIST, HIPAA, NYDFS, SOX, COPPA, PCAOB, FedRAMP, FISMA, PCI, ISO, SOC2, GDPR, FINRA, SEC, CCPA, and NY Shield Act, Investment Advisors Act of 1940. Refined communicator with the ability to articulate complex risk concepts to diverse stakeholders and influence decision-making at the executive level. Instrumental in driving sustainable growth and enhancing shareholder value through effective program management practices. Extensive experience leading internal and external audits.
Experience: 11 years
Yearly salary: $200,000
Hourly rate: $0
Nationality: 🇺🇸 United States
Residency: 🇺🇸 United States
Experience
risk management
chainlink labs 2022 - 2024
i joined chainlink labs to have the opportunity to build a security risk management program from the ground up in web3. they had no risk management program in place. i nurtured it to be rolled out across all of product and engineering. significant risk reduction in the first year across the product and engineering organizations. integrated risk management strategies into engineering and product development processes for a thriving web3 startup. developed and established a comprehensive risk management program for the company. conducted rcsas and positioned chainlink labs for an soc 2 audit. maintained isms to ensure compliance and to ensure risk responses were up to date and comprehensive. ensured the timely remediation of ineffective controls and that remediation plans addressed outstanding risks and were appropriate, detailed, and current.
ass. director - global compliance manager & customer engagement
gemini trust company 2021 - 2022
my initial role at gemini was as an individual contributor on the security grc team. i was quickly promoted to associate director of global compliance and customer engagement, interfacing with institutional clients on their regulatory needs and maintaining our global compliance in the uk, ireland and singapore. managed and executed soc 2 type 2, iso 27001, pci, nydfs, and sec audits. performed third party risk assessments overseeing vendor management in onetrust. oversaw global data privacy initiatives, performing privacy impact assessments. as a core member of the security grc team, assisted in incident response and helped craft incident response plans to cybersecurity threats to mitigate risk and contain security events. played integral role in customer calls, responded to rfps, and addressed regulatory inquiries. supervised a team of three to maintain global compliance for gemini. automated audit evidence collection with the rollout of grc tooling. implemented routine cybersecurity training to promote a culture of risk awareness and remain compliant.
compliance manager
capsule8 2018 - 2021
i joined capsule8 initially as a technical program manager but because of my background in compliance and my work with our customers and helping them map their compliance controls to our use cases with the software we were building i was quickly promoted to compliance manager. capsule8 was bought by sophos. designed and implemented a streamlined compliance program with effective measures. oversaw the preparation, review, and submission of regulatory documents, including but not limited to, applications, notifications, and reports required for saas product approval and maintenance. oversaw and executed an iso 27001 audit. conducted rcsas. monitored regulatory changes and update compliance policies and procedures accordingly. liaised with customers helping them map their compliance controls to our software’s cybersecurity features for them to pass soc 2, iso and fedramp audits. wrote multiple thought leadership pieces and gave talks on data privacy, compliance in cloud native environments, and fedramp audits.
technical program manager
kpmg international audit 2014 - 2018
after working freelance for several years, i joined kpmg first as a consultant and then was hired on full time as an employee to build software for kpmg global audit workforce. i became deeply familiar with global regulatory frameworks as i built these tools and working directly with kpmg auditors. i was the program lead for kpmg’s audit collaboration tools, leading teams up to 30 engineers, globally. i was the scrum master for all globally distributed engineer team which built the audit software. oversaw a 10mm budget. oversaw a portfolio of 6+ concurrent large-scale development projects; delivered progress reports to c-suite executives. provided technical leadership during global software deployments, coordinating deployment engineers, developers, and business testers across 3 global data centers. assisted with the pcaob audit.
technical program manager
self-employed 2013 - 2014
i ventured out on my own after our startup, victor technologies lost its funding, although i went back to contract for our parent company gargoyle ib holdings to migrate their front, middle and back-office operations to the cloud, among other projects. conducted thorough analysis of requirements to align it initiatives with business objectives to establish strategy to achieve full ffiec compliance with a 30mm budget. implemented strategy within the cobit/itil frameworks, ensuring compliance with all fdic/ffiec regulations. spearheaded initiatives for a thriving hedge fund to modernize their infrastructure and transfer in-house front, middle, and back-office systems to azure. managed the migration of services and servers to the azure platform while sourcing cloud-based products to replace proprietary software. selected vendors and conducted contract negotiations, devised project plans, and documented all broker relationships across gargoyle entities. lead finra and sec audits. led end-to-end facets of implementing servicenow and jira to enhance operational workflows.
Skills
compliance
project-manager