Leadership & Experience
Highly motivated, dynamic, enthusiastic, and authentic leader with a proven 25+ year track record implementing and optimizing business aligned, accessible, consumable, and actionable global, national, and enterprise-wide programs including operational risk, cyber security, governance, physical security, investigations, performance optimization, privacy, policies/standards, regulatory compliance, resiliency, incident response, fraud prevention, third party risk for Fortune 500 companies including banking, financial services, insurance, healthcare, medical, retail and manufacturing
Teamwork and Cultural Adoption
Ability to mobilize, motivate, and mentor resources, lead high-performing teams, influence, builds productive relationships, remain centered during crisis or overcoming obstacles and challenges. Uses a "team of teams" approach that breaks down silos across the enterprise, encourages information sharing and cooperation, maximizes effective use of existing resources, and engages team members, peers, stakeholders, executives, Board Directors, and regulatory agencies that builds confidence and trust.
Regulatory and Industry Standards Expertise
Expertise in enabling companies to adapt and comply with wide variety of regulations and industry standards including NIST, ISO, OWASP, NERC-CIP, ISF, SOC2, ASIS, OCC, FFIEC, FRB, CFPB, GLBA, HIPAA, FTC, GDPR, SOX, AML/KYC, State Confidentiality and Breach Notification Laws, Workplace Violence Prevention (OSHA/DHS/USSS), and more
Facilitates effective governance and transparency to eliminate surprises and ensure continuous lifecycle of operational effectiveness and improvement (KRIs, KPIs, & KVIs) including measuring team/skill set, program alignment with core product/services, customers (e.g., type, industry focus, size, churn, concentration and tenure), technology (maximizing operational efficiency), data risk management (cyber/information risk and privacy), compliance, third party (vendor) performance and risk management, fiscal responsibility, and external business activities (strategic, emerging, industry, systemic/unique risk, etc.).
Ability to unwind complex business, cyber-risk, information security, compliance, technology, and risk management issues to deliver the "whole" message in a concise and succinct manner for a variety of audiences (from staff to Board level reporting)