Recent Client Projects

Senior Program Manager (Consultant)

Conducted a company-wide data protection assessment addressing people, process and technology. Used the NIST Cybersecurity Framework to identify gaps, evaluate risks, recommend initiatives and remediation roadmap.
Developed a data loss protection (DLP) program and operating model to provide a cross-company approach to identify and evaluate risks, determine actions and implement solutions. Provided ongoing program facilitation, education and awareness to program sponsor, executive committee and working groups.
Authored information security and data privacy policies, contract security schedules, IT business continuity/disaster recovery plan, 30+ IT standard operating and security procedures (including ransomware recovery) with supporting work instructions.
For IT Operations and Security ran a project management office, managed a Network Access Control solution selection/implementation, and a conversion from passwords to passphrases.

Reporting to the Chief Information Security Officer, led a project management office and hands-on managed 24 projects. Led highly matrixed teams to successfully implement cyber security solutions, effectively dealing with infrastructure variability, competing priorities, third parties and product nuances.
Managed complete project lifecycle including business case, financials, solution selection and design, procurement, development, quality assurance and implementation. Authored status reports for teams, sponsors, stakeholders, senior management, board of directors and regulators.
Projects included assessments, strategies, proofs of concept and implementations. Areas addressed were malware detection, incident response, cloud monitoring, information classification, data loss protection, user entity behavioral analytics, threat & vulnerability management, digital rights management, identity access management and security center operations.
Successfully implementations included several that were global, large scale targeting 100,000+ endpoints, 20,000+ servers, while dealing with local regulations, subsidiaries and disparate infrastructures.

Private Equity Firm (UK): Assessed compliance with the EU’s General Data Protection Regulation (GDPR) for operations in 10 countries. Performed analysis and project managed the remediation of 122 partner agreements.
Healthcare Technology Company: Assessed security requirements in contracts with 10 Fortune 100 customers with findings from a HIGHTRUST assurance audit to identify compliance gaps with the contracts.
Equity Derivatives Clearing House: Managed the transition of security monitoring from one Managed Security Services Provider to another as well as adding device management as a service.
Food & Beverage Wholesaler/Retailer: Assessed the security posture in use for the Google Cloud Platform (GCP). Developed an evaluation framework using Homeland Security Cloud Guidance, Center for Information Security’s GCP Foundation Benchmark, and the GCP Customer Responsibility Matrix. Identified gaps, evaluated risks, and recommended tactical and strategic initiatives for remediation.
Luxury Apparel Retailer: Constructed an Incident Management Plan for addressing business disruptions attributable to natural disasters, infrastructure outages, cyber-attacks and damaging internal acts whether deliberate or unintentional.
Financial Institution: Conducted a company-wide data protection assessment using the NIST Cybersecurity Framework. Identified gaps with the New York regulation, 23 NYCRR Part 500 Cybersecurity Law, to determine compliance gaps and recommended initiatives to remediate.