Head of Information Security

A strategic and forward-thinking business-focused security compliance executive with over 18 years of leadership in cybersecurity, risk management, and compliance program leadership.

Email LinkedIn

Executive Profile

This section is a high-level summary of my professional background and strategic approach to information security. It highlights my experiences in key industries and my commitment to delivering business value through robust security programs.

Highly accomplished and strategic Information Security executive with over 18 years of leadership in cybersecurity risk management and compliance program leadership, with significant experience in global financial services and cloud environments. Proven ability to design and execute comprehensive security programs, including those aligned with ISO 27001 standards and critical infrastructure security (such as medical device manufacturing) regulations in Europe. Demonstrated track record of spearheading global strategic security initiatives with a strong emphasis on application security compliance and strategy, fostering executive-level communications within technical teams, and guiding cross-functional teams to achieve rigorous compliance and security standards. An active contributor to the cybersecurity community and a trusted advisor on emerging threat technologies.

Core Competencies

My capabilities are organized into two parts. The chart below offers a visual summary of my high-level strategic competencies, showing how they balance to form a comprehensive leadership profile. Below the chart, you'll find a collection of specific technical skills and areas of expertise that form the foundation of my work.

Technical Expertise

ISMS Program Management Security Risk and Controls Assessment Internal and External Audit Program Management Third Party Risk Management Programs Cross Team Risk Remediation Program Management Executive Risk Briefing Identity & Access Management Multi-Cloud Security Change Management Risk Management Threat Intelligence Vulnerability Program Management Penetration Testing Management Security Program Certification Preparation Security Policy and Document Management

Professional Experience

The following is an interactive timeline of my career. Each entry represents a significant role where I developed and applied my security and leadership skills. Click on any company name to expand the entry and view the key responsibilities and accomplishments from that position.

  • ISO 27001 global program remediation consultant for a major European medical device manufacturer.
  • Orchestrated a transformative security culture and compliance program rebuild, enhancing executive-led risk management capabilities (the ISMS).
  • Partnered with PWC to evaluate and enhance governance, driving strategic security initiatives towards successful ISO 27001:2022 certification preparedness/achievement; 30% completed
  • Managed and ensured compliance with global cybersecurity regulations, including relevant financial services standards, aligning with local and international requirements.
  • Spearheaded and revolutionized the security compliance effort, strategically realigning it with business objectives and regulatory requirements, resulting in successful PCI recertification.
  • Influenced organizational change in the perception and performance of security compliance as a continual improvement program.
  • Led the global certification compliance programs, contributing over $50M in annual revenue through meticulous security risk and compliance program leadership.
  • Developed, maintained and improved compliance with multiple information security standards, including ISO 27001, PCI DSS, and SOC2, enhancing the security posture across multiple regions.
  • Innovated a next-gen global C-IAM service for a financial services organization, enhancing consumer and partner access capabilities while improving stringent security controls.
  • Provided critical insights into observed risks and remediation options within legal, strategic, and security compliance forums, influencing decision-making.

Highlights & Achievements

This section presents a collection of key career achievements that demonstrate my impact across leadership, collaboration, and technical domains. These highlights represent my commitment to not only building robust security programs but also fostering a culture of security within organizations.

Leadership

Essential founding leader in building and operating ISMS programs for top-tier companies and a board member for key industry chapters.

Collaboration & Influence

Expert in fostering cross-functional team collaboration, steering organizations to embrace business risk management and security as core values.

Public Speaking & Advocacy

Regularly present on key security topics at industry conferences, championing zero-trust architectures, compliance program operations, risk management, intellectual property, privacy and security thought leadership.

Application Security

Implemented new secure coding practices that reduced critical application vulnerabilities by 45% within six months.

Certifications & Affiliations

My commitment to professional development is reflected in my certifications and active involvement in the cybersecurity community. These engagements ensure my skills remain current and that I contribute to the advancement of the profession.

Professional Development

  • CISSP: Certified Information Systems Security Professional
  • ISO 27001 Lead Auditor and Lead Implementor
  • Continuous Learning: MITRE ATT&CK, AWS Cloud Security, AI Security Management, Leadership Development

Community Affiliations

  • ISC2LA Chapter: Board Member, VP Finance
  • Cloud Security Alliance, LA: Alumni Board Member
  • Active Member: CSA-LA, ISC2LA, & ISSA-SOCAL