About Me

20 years of professional experience

Experience in Privacy, Risk & Compliance, and Audit

Certified Internal Auditor (CIA) & Security+ Certified

Master of Business Administration &

B.S. in Management Science and Information Technology

Professional Summary

Agile risk and compliance expert with proven ability to effectively identify and communicate emerging risks and issues, develop policies and procedures to mitigate risks, and assess processes and controls for effectiveness and areas of improvement.

Multi-certified and dedicated senior cybersecurity expert offering consistent levels of success in executing cybersecurity management programs and delivering increased security capabilities through transformative initiatives and information security compliance programs.

Expert auditor with proven ability in executing audit and assessment processes to uncover technology and business risks, communicating findings and recommendations in a clear and accessible manner, and performing continuous monitoring and follow up to ensure that risks and issues have been addressed effectively.

Outstanding communicator with an excellent record of influence and establishing trusted advisor relationships with C-level business and IT executives.

Experience

Torc Robotics

Data Compliance Specialist

October 2021 - Present

Solicited by management to develop and maintain a cybersecurity and data compliance program, including the creation and maintenance of policies, procedures, and standards that comply with industry frameworks such as ISO 27001/27002, and relevant privacy regulations including the California Privacy Rights Act (CPRA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and Europe’s General Data Protection Regulation (GDPR). Double as the Local Compliance Representative for Privacy, ensuring Torc remains aligned with business objectives and meets regulatory requirements. Carry out in-depth assessments of third-party vendor contracts, legal agreements, technical controls, and documentation such as SOC-2 reports, ensuring data privacy and IT security risks are addressed during the procurement process.

- Play a key role as part of the Security and GRC team, providing guidance and expertise on security, risk, and compliance during the implementation and maintenance of information systems hosted locally and in the cloud.

- Introduced an information security management program based on the ISO 27001/27002 standards to address organizational risks and vulnerabilities, drastically reducing operational and technical risks within the organization.

- Perform enterprise-level IT risk assessments to identify security, privacy, and compliance risks to monitor and report risks to executive management.

- In collaboration with Legal Counsel, propelled advances in Torc’s third-party vendor review capabilities to efficiently capture all procurement requests and ensure that the necessary technical and compliance assessments are completed effectively.

- Enhance security and reduce organizational risk by conducting impactful training sessions and awareness initiatives on security and data protection concepts for employees and partners.

__________________________________________________________________________

Granicus

Information Security Analyst

December 2020 - October 2021

Hired to conduct control assessments based on FedRAMP requirements, NIST 800-53, NIST 800-171, ISO 27001/27002, and the UK Cyber Essentials standard by performing interviews, reviewing documentation, testing operational and technical controls, collecting evidence, and reporting on findings and risks. Ensured the company’s information security, privacy, and risk programs remain in compliance with evolving data privacy regulations including GDPR and CCPA. Completed data protection impact assessments, preserved data inventories of sensitive data elements, and processed data subject requests as required.

- Driving force behind the recertification of both the ISO 27001 and Cyber Essentials certifications for cloud-hosted systems, likewise as a key team member that supported the recertification for FedRAMP.

- Led activities to assess remediation plans of control weaknesses and IT risks, ensuring the root cause was addressed and fully mitigated.

__________________________________________________________________________

Virginia Tech

Director of Information Technology

May 2018 - December 2020

Took over budgeting and planning responsibility and provided strategic leadership on the delivery of services including end-user support, cybersecurity, server infrastructure for more than 50 systems, project management, and enterprise application development/support. Worked with third-party vendors and internal stakeholders to ensure projects were completed within budget and on time with the proper resources allocated. Governed datasets containing personally identifiable information (PII), employee health information, student data, and credit card transactions.

- Integrated four teams consisting of 32 employees to become one cohesive organization, creating a synergistic plan that improved efficiency, reduced overall costs, and provided improved customer service to over 900 employees within the division.

- Enabled the security of the division’s information systems using the CIS Critical Security Controls as a framework and ensured compliance with university security standards.

- Propelled data protection initiatives to formalize procedures and division policy that made the process to share the division’s data more efficient and secure.

__________________________________________________________________________

Virginia Tech

Internal Audit Manager

October 2014 - May 2018

Oversaw the daily functions of the university audit team to accomplish all stages of the annual audit plan, including the planning, fieldwork, reporting, and follow-up of each audit. Acted as an advisor, providing guidance and recommendations to university management on continuous improvement practices, control design, risk assessments, risk mitigation, and compliance with regulations and university policies. Trained audit staff on methods for performing risk assessments and audit reviews based on various frameworks, standards, and regulations, such as ISO 27001/27002, Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and Federal export control laws.

- Delivered an average of 25 audit and special projects annually, meeting the objectives that were agreed upon by executive management and the Virginia Tech Board of Visitors.

- Led the audit follow-up process by overseeing the development of audit remediation plans that addressed the root cause and timely completion of corrective actions, resulting in a significant reduction of audit and compliance risks at the university.

- Valued as a key contributor, provided guidance and information during the preparation and presentation of materials for the quarterly meetings of the Compliance, Audit, and Risk Committee of the Virginia Tech Board of Visitors.

__________________________________________________________________________

Radford University

Information Security Officer

August 2011 - October 2014

Oversaw the day-to-day operations of the IT Security Office, including strategic planning and project management. Maintained the security policies, Business Impact Analysis, Information Security Plans, Risk Assessments, and Disaster Recovery Plans for the university's critical IT systems.

- Performed control reviews and vulnerability assessments to evaluate the university's security and data protection programs and implemented remediation plans to ensure information systems and applications were protected and in compliance with policies and regulations.

- Enhanced security by performing training sessions and security awareness campaigns for key stakeholders and the university community at large.

__________________________________________________________________________

Deloitte

Senior Consultant

April 2010 - August 2011

Led the certification and accreditation process for fifteen Army and Department of Defense (DOD) customers during the development and sustainment of their hosted systems. This process included the assessment and monitoring of technical controls to validate compliance with DOD and security standards such as NIST 800-53.

__________________________________________________________________________

Radford University

Information Technology Auditor

April 2007 - April 2010

- Led multiple audits of the university's sensitive systems and critical IT Infrastructure.

- Completed special projects to investigate university compliance with laws such as PCI-DSS, Red Flag Rules, HIPAA, I-9 compliance, inventory controls, and the Gramm-Leach-Bliley Act.

- Advised senior leaders on cybersecurity and compliance issues facing the university such as regulatory compliance, data security, disaster recovery planning, and incident response.

__________________________________________________________________________

BearingPoint

Senior Consultant

July 2005 - April 2007

- Led the Department of Justice (DOJ) IT Audit Oversight Program that led to a significantly reduced number of material weakness findings reported during the IT portion of the Department’s annual financial statement audit.

- Conducted assessments and follow up of audit findings, utilizing analytical and problem-solving skills to identify underlying issues, recommended solutions, and implement process improvements.

- Provided guidance to executive leaders on maintaining compliance with regulations and standards such as FISMA and NIST 800-53.

__________________________________________________________________________

KPMG, LLP

Associate

July 2001 - July 2003

Evaluated and tested general and application security controls in various IT environments throughout several departments within the Federal Government using the Federal Information Systems Control Audit Manual (FISCAM).

↑Back to Top