vCISO | Cyber, GRC & Audit Expert
Request a quote with no obligation
I provide cybersecurity, technology-risk, and compliance leadership for organizations that need experienced support without hiring full-time staff. My work focuses on strengthening governance, maturing controls, improving audit readiness, and keeping security aligned with the way the business actually operates.
Run governance meetings (Steering Committees, Risk Councils, IR governance)
Develop and track security KPIs/KRIs (MTTD/MTTR, critical vulnerabilities, patch cadence, phishing trends, vendor risks)
Oversee risk reduction initiatives and guide remediation efforts
Partner with technology, privacy, compliance, and executives to embed security into operations
Update policies, standards, procedures, and control documentation
Perform ongoing risk assessments for systems, vendors, and projects
Conduct Business Impact Analyses (BIAs) and support BCP/DR program updates
Manage exceptions, waivers, and risk acceptance workflows
Coordinate evidence collection and documentation for audits
Ensure ongoing alignment with regulatory expectations
Conduct internal compliance reviews and gap analyses
Build compliance dashboards and executive reporting
Evaluate SOC 1/SOC 2 reports for gaps and red flags
Validate vendor security controls and high-risk service arrangements
Develop corrective action plans with business owners and vendors
Validate onboarding/offboarding processes
Support IAM governance reviews and access recertification campaigns
Validate critical and high-risk vulnerabilities are remediated timely
Assess cloud configurations (AWS/Azure) for misconfigurations and policy gaps
Provide real-time guidance during incidents (triage, containment, eradication steps)
Facilitate and document tabletop exercises
Deliver post-incident reports and lessons learned
Perform control testing (design and operating effectiveness)
Validate evidence, walkthrough processes, and document test results
Evaluate processes against NIST, ISO, HIPAA, SOC 2, FFIEC, SOX, and other frameworks
Identify control gaps, root causes, and practical remediation steps
Prepare management action plans and follow-up testing
Conduct pre-audit readiness assessments and mock audits
Build audit trackers, remediation dashboards, and leadership reporting
Coach process owners on control requirements and evidence expectations
Executive cyber briefings, board materials, and risk summaries
Policy and documentation development (SecOps, DR/BCP, access, data protection, IR, privacy)
I’m a cybersecurity and technology-risk leader with 20+ years of experience strengthening security programs, maturing GRC capabilities, and delivering audit-ready compliance across financial services, healthcare, SaaS, and other regulated industries. I’ve served as a fractional vCISO, IT auditor, and compliance consultant supporting HIPAA, SOC 2, ISO 27001, NIST, and GLBA/FFIEC requirements. My work spans governance, risk assessments, policy development, incident response, third-party risk, cloud security oversight, and full lifecycle IT/cyber audits.
I help organizations reduce risk, meet regulatory expectations, and build security programs that operate the way the business runs.
I hold a Bachelor’s degree in Information Science and Systems and a Master’s Certification in Information Assurance, providing a strong academic foundation in secure system design, risk management, and information governance. This education is reinforced by advanced professional training across cybersecurity, IT audit, compliance, and data protection frameworks such as NIST, ISO 27001, SOC 2, HIPAA, and emerging AI governance standards. Together, these studies enable me to deliver mature, audit-ready security and compliance programs for organizations in regulated environments.
