With over 10 years of experience in the information security field, I'm focused on strong strategic planning, risk management and compliance, driving process adoption company-wide, and prioritizing information security resources and strengthening internal controls to minimize risk and improve business performance.
Governance, risk management and regulatory compliance
Information security program management
Policy development and implementation
Assessment and evaluation of information security controls
Driving process improvement
Security awareness and education
Implementing governance frameworks and controls to industry standards (ISO 27001, COBIT, NIST, etc.)
Senior Information Security Program Manager08/2015 to CurrentGlassdoorMill Valley, CA
Partnered with stakeholders companywide to establish, implement, and maintain a Governance, Risk Management, and Compliance program- mitigating risk, and improving Glassdoor's security posture.
Developed and maintained security control frameworks and guidelines to ensure consistent application of security controls.
Performed risk assessments and control gap analysis, managing associated remediation plans to minimize risk.
Partnered with leaders across IT, Engineering, HR, and Legal to ensure information security efforts received appropriate prioritization and resources.
Developed and implemented information security policies and standards, mapped to industry standards (ISO & NIST).
Drove security roadmap and projects companywide, including working with teams across the organization to incorporate security initiatives into quarterly goals.
Led complex, cross-functional security and compliance initiatives, including: Designing and maintaining a vulnerability management program, bug bounty program, assessments and audits, information security training and awareness, PCC DSS compliance, SOX, user access controls, 3rd party and customer security assessments, incident response, and penetration tests.
Designed metrics to show continuous program improvement and regularly communicated program status to stakeholders and executives.
Information Security Program Manager07/2013 to 08/2015TwilioSan Francisco, CA
Partnered with stakeholders companywide to establish, implement, and maintain an information security program- improving control efficiency and reducing risk.
Improved sales initiatives and customer retention by developing, implementing, and maintaining an information security sales and customer requirements process- including responding to RFPs / questionnaires, customer calls, and contract reviews.
Developed a risk-based information security roadmap and managed associated projects.
Developed and implemented information security policies, standards, and guidelines based on key information security objectives and mapped to industry standards (ISO 27001).
Led complex, cross-functional security and compliance initiatives, including risk assessments and audits, information security training and awareness campaigns, quarterly user access audits, bug bounty, and vulnerability management initiatives.
Partnered with engineering and development teams to prioritize information security projects, backlog, and implementation within an Agile environment.
Assessed regulatory and compliance requirements (PCI, HIPAA, ISO)- successfully implemented PCI DSS and Safe Harbor compliance.
Manager, Information Security Center of Excellence09/2012 to 08/2013Ernst & YoungSan Francisco , CA
Supervised client engagement teams focusing on governance, risk management and compliance, the assessment and evaluation of information security controls, and the mitigation of information security related business risks to strengthen internal controls and improve business performance.
Served as a leader assisting clients in employing proper information security resources and controls to maximize efficiencies and minimize risk.
Managed staff performance and built security teams focused on addressing specific security risks- consistently delivering on time and on budget.
Supervised and participated in implementing governance frameworks to Industry standards (ISO 27001, COBIT, NIST, etc.) and participated in SSAE 16 (SAS 70), SOX, and client audits.
Supervised and assisted clients with policy development and implementation, information security awareness training development and implementation, and quarterly user access audits.
Senior, IT Risk and Assurance03/2011 to 09/2012Ernst & YoungSan Francisco, CA
Supervised and participated in multiple client engagement teams, focusing on governance, risk management and compliance, the assessment and evaluation of information security controls, and the mitigation of information security related business risks to strengthen internal controls and improve business performance.
Served as a fieldwork leader to assist clients in employing proper information security resources and controls to maximize efficiencies and minimize risk.
Developed work program timelines, and directed the daily progress of fieldwork, informing supervisors of engagement status, and managing staff performance.
Supervised and participated in implementing governance frameworks to Industry standards (ISO 27001, COBIT, NIST, etc.).
Information Security Manager05/2007 to 03/2011CoreLogicWestlake, TX
Managed cross-functional teams to implement information security initiatives companywide, continually enhancing the risk posture of the organization.
Assisted in policy development, implementation, gap analysis, and remediation planning.
Supervised and participated in user access audits and remediation plans, customer responses and audits, business continuity and disaster recovery plans, information security awareness, vendor risk management program, internal audits, incident response, and ensuring remediation of violations and potential breaches.
Assisted in establishing metrics and reporting, developing key performance indicators, and internal Capability Maturity Models.
Assisted in implementing compliance objectives companywide including policy compliance, record retention, Identity Theft Red Flag, and PCI DSS.
Created corporate information security quarterly reports using detailed security metrics for reporting companywide.
Bachelor of Science in Business / Administration 2008University of Phoenix
General Education San Francisco State University
Volunteer- Security Bsides, SF
Volunteer- Black Girls Code, SF
Certified Information Security Manager (CISM)
Member- Information Systems Audit and Control Association (ISACA), SF Chapter
Member- Open Web Application Security Project (OWASP)
Level Playing Field Institute (Smash volunteer)
Member- MBA's Mortgage Industry Standards Maintenance Organization (MISMO) Information Security Workgroup (ISWG)