Professional Summary

Experienced security and risk executive with over 15 years in information security management, professional services, project management, and operations. Currently leading security governance, risk, and compliance for a top cloud security provider in healthcare, ensuring regulatory compliance (HIPAA, GDPR, SOC 2, HITRUST) and securing public cloud environments. 

Proven history of building and scaling GRC programs that align with business objectives, reduce organizational risk, and drive audit readiness. Adept at leading cross-functional teams, managing complex compliance initiatives, and translating technical risk into actionable business strategy. 

Well-versed in servant leadership, building strong, cohesive, and self-sustaining teams. Recognized for strategic vision, operational rigor, and the ability to foster a culture of security and compliance in fast-paced, regulated environments.

Core Competencies

• Information Security & GRC Strategy: Architecting security roadmaps and GRC programs aligned with organizational goals.

• Risk Assessment & Continuous Compliance: Leading risk assessments and audits in line with regulatory frameworks.

• Cloud Security Architecture: Implementing security controls for public cloud platforms and managing cloud risk.

• Technology Integration & Automation: Leveraging AI/ML for security threat management and remediation.

• Healthcare Information Assurance: Designing data lifecycle processes to protect sensitive information.

• Policy Development & Implementation: Crafting and enhancing security policies to meet industry standards.

• Cross-Functional Leadership & Stakeholder Engagement: Leading teams and advising executive leadership on security investments.

Projects & Achievements

• Information Security Management Program Revamp: Revamped Information Security Management Program, achieving HITRUST r2 recertification and leading the transition from CSF v9.5 to v11.3. Administered the Shared Responsibility and Inheritance Program, ensuring compliance with 545 control requirements.

• Compliance Reference Architecture Program Redesign: Reconstructed CRA deployment and management lifecycle supporting internal and customer-managed cloud workloads in a secure and compliant manner for HIPAA Eligible cloud services and compliance offerings.

Professional Experience

Director, Governance, Risk, and Compliance: Lead enterprise-wide GRC strategy, implementation, and oversight, aligning security investments for internal operations and MSSP delivery standards to regulatory requirements and business needs. Reduced risk lifecycle efficiency by 40% by streamlining manual workflows and eliminating redundant processes. Increased CRA output by 70%, reducing cloud system deployment lifecycle, resulting in 30% increase in secure system development lifecycles. Improved audit performance by 35%, while improving residual risk impact by 55% by integrating continuous compliance workflows.

Practice Lead, Professional Services – Security Risk Analysis: Directed the delivery of security, risk, and compliance services to healthcare clients navigating HIPAA and GDPR requirements during cloud transformation and migration initiatives. Designed and implemented scalable GRC frameworks aligned commensurate frameworks and best practices, and guided clients through risk prioritization, control selection, and compliance roadmap execution. Translated complex regulatory and technical requirements into actionable security strategies for both business and operational stakeholders. Built trusted advisory relationships that led to long-term engagements, repeat business, and install-base growth. Partnered with sales and marketing teams to define service offerings, develop go-to-market strategies, and support business development.

Corporate Project Manager / Store Operations Manager: Seasoned project and operations leader with a history of delivering complex, high‑visibility initiatives on time, within budget, and to exacting quality standards. Skilled in managing multi‑million‑dollar budgets, leading cross‑functional teams, and driving large‑scale infrastructure, logistics, and customer experience enhancements. Adept at optimizing workflows, reducing costs, and achieving top‑tier performance metrics while fostering engaged, high‑performing teams in fast‑paced, high‑pressure environments.

Education

• Bachelor of Science in Cybersecurity, Information Assurance | Colorado Technical University | 2016

• Master of Business Administration | University of Phoenix | 2011

• Bachelor of Science in Business Management | University of Phoenix | 2009

Certifications

• Certified in Risk and Information Systems Control (CRISC) – ID: 2131493 | 2021

• Certified Data Privacy Solutions Engineer (CDPSE) – ID: 2119005 | 2021

• Certified Information Systems Security Professional (CISSP) – ID: 629890 | 2018

Technical Skills

• GRC Platforms: Thoropass, OneTrust

• Cloud Platforms: AWS, Azure, GCP

• Security Platforms: Rapid7 Insight IDR/IVM, SentinelOne Singularity, Automox, MS EntraID/Intune

• Tools: Jira, Confluence, Lucidchart

• Frameworks: HITRUST CSF, NIST 800-53, ISO 27001, TSC (2017) for Security, Confidentiality, and Processing Integrity, CSA CCM, OWASP, CIS CSC, and healthcare-specific standards (e.g., CMS, MARS-E).

• Best Practices: OWASP GenAI Security, Top 10 for LLM Applications, ML Security Top 10, osquery for Cybersecurity

• Project Management: Agile, DevOps/DevSecOps, ITIL