Work Experience

CVS Health – 2011 to Present

Director Information Security Risk Management & Cloud Security

Leader of the Information Security Risk Management team, Cloud Security, and Security Risk Advisory (DevSecOps)

Ensured high performance and productivity while ensuring customer service and employee development.

Provided strategic direction, execution and assessment of information security strategies, policies, procedures, training and control testing.

Responsible for the development, management and institution of CVS Health’s Information Security Risk Management program based on NIST 800-37.

Established governance for Cyber Risk by creating an oversight model, steering committee and program charter to define clear roles and to provide an anticipatory process to minimize information security risk and breach events.

Created and implemented a risk-based approach to Information Security risk management by standardizing and streamlining Key Risk Indicators (KRI) metrics and monitoring lifecycle process with guidelines for data collection and defined risk thresholds.

Designed and implemented a robust automated cyber risk architecture (Data Model) to enable real time ingestion to create risk dashboards based on asset criticality.

Designed and implemented the Information Security Steering committee as a focal point to report information security risks and information security performance metrics to senior leadership.

Redudced cyber risks across the enterprise by creating a proactive process including business context to effectively drive key strategic decisions.

Created the Cloud Security governance team to provide a roadmap for a secure, multi-cloud environment by facilitating a risk-based approach to security control enforcement.

Developed cloud foundational controls to drive secure cloud adoption.

Developed automated solutions to build, deploy and enforce cloud controls at scale resulting in a secure cloud footprint with reduced risk profile.

Created the Security Risk Advisory team to provide a systematic approach to project security, starting at the point of proposal and throughout the project lifecycle.

Security officer and program manager for PCI Pin Pad Compliance ensuring CVS Health PIN data debit processing is protected in a manner compliant with the Payment Card Industry requirements.

Dell Services – BCSRI 2005-2011

Information Security Specialist

Managed a diverse team within Identity and Access Management.

Project owner and implementor for Role Based Access Control implementing Courion Identity Management.

Led and designed and developed overall security solutions for a major system replacement project. Implementing Sun Java Composite Application Platform Suite developing a service-oriented architecture to replace the mainframe system.

Championed the implementation of coding reviews that detected programing errors prior to deployment.

Developed a configuration management program creating minimum security baselines for laptops and servers.

Provided leadership, mentorship and coordination of the system integration efforts.

Developed and maintained a database that tracked vulnerabilities across multiple platforms by number, patch, assignee and remediation status.

Developed a secure disposal and media sanitation policy and procedure for the destruction of electronic and hardcopy media.

Perot Systems – Assigned to NSLIJHS – 2001 -2005

Site Manager – IT

Manager for the Manhasset campus for NSLIJHS, supporting over 5000 end users and 7,000 devices (Servers, workstations, printers, digital media devices.

Provided innovative solutions to improve the environment and reduce overall support costs through implementation of automated software installs and overall process improvements.

Implemented and maintained an automated asset management database to track hardware and software inventory.

Key contributor in Perot obtaining the Boas Marx research institute as a client through successful project management and client engagement.