Key Results

Cyber Risk Management

  • Responsible for the development, management and institutionalization of CVS Health's Information Security Risk Management program based on NIST 800-37.
  • Established Governance for Cyber Risk by creating an oversight model, steering committee, governance council, and program charter to define clear roles within the cyber risk management program and to provide an anticipatory response process to minimize security risks.
  • Designed and implemented a risk-based approach utilizing streamlined Key Risk Indicator (KRI) Metrics and management lifecycle process with guidelines for data collection, defined risk thresholds and continuous cyber risk monitoring.
  • Designed and implemented robust cyber risk architecture leveraging a a data model, automation and real time data ingestion to create real time dynamic risk dashboards based on asset criticality.
  • Reduced cyber risks across the enterprise by creating a proactive, business contextual process to effectively drive key strategic decisions. 

Cloud Security

  • Created the Cloud Security Governance team to provide a road map for a secure, multi-cloud environment by facilitating a risk-based approach to security control and policy development. 
  • Developed Cloud foundation controls to drive secure cloud adoption. 
  • Developed automated solutions to build, deploy and enforce controls at scale resulting in a secure cloud footprint with a reduced risk profile.
  • Enabled control native application protection platform (CNAPP) to ensure security and compliance coverage for cloud infrastructure, workloads, and applications across all cloud native technology stacks.  

Project Security

Created the Security Risk Advisory team program to provide a systematic approach to project security, starting at the point of proposal, continuing to estimation, and throughout the project lifecycle.

Key Outcomes:

  • All applicable laws and regulations addressed. 
  • Client contractual obligations addressed.
  • Incorporated security checks into each phase of the security development lifecycle.
  • Implemented a "Shift-Left" strategy for XP, Agile and Scrum efforts. 
  • Achieved a .008 defect density per 10K LOC.

PCI Pin Pad Compliance

Security officer and Program manager for PCI Pin Pad compliance.

  • Created a program processes and procedures that ensured CVS Caremark PIN Debit processing is governed and operated in a sustainable and protected in a manner compliant with the Payment Card Industry PIN security requirements.


>