CISO/Chief Privacy Officer/Data Protection Officer
Send a job offer directly to this candidate
For the past 5 years, I have served as the Bluescape CISO, where I have built out our Enterprise Security Program from the ground up to include Product Security on our AWS Platform, Security Awareness Training, Email Security, 24/7 Security Operations Center, Identity and Access Management, Key Performance Indicators (KPIs), and a Security Scorecard score of 100 since 2021.
As our Chief Privacy Officer (CPO), I also spend part of my day putting my law degree to work by assisting our legal team and human resources with contract reviews to ensure compliance and ensuring we remain CCPA and GDPR compliant. To enhance this effort, in 2022, I created our Privacy Bill of Materials (PrivBOM) that identified all of our systems that processed and stored PII in the event we needed to respond to a GDPR request.
In addition to the above accomplishments, under my watch as CISO of Bluescape since July 2019, we have suffered zero data breaches nor ransomware attacks, achieved ISO 27001 and SOC 2 Type II compliance with zero findings of any type, and built out a world class Software Security Program (Secure SDLC) maintaining a cadence of zero open critical or high level findings.
Lastly, for over the past 3 years, I have led the Bluescape FedRamp Moderate +IL4 program as the Bluescape FedRamp Project Manager where we achieved our DISA Provisional Authority in July 2022 and our FedRamp PMO Authorization at the end.
Zero data or privacy breaches of customer and employee data (2019-2024)
Designed and implemented Enterprise AI Governance and Awareness Program
Delivered FedRamp Moderate Authorization and DoD IL4 Provisional Authority in 2022 as Project Manager
Managed all ISO 27001, SOC 2 Type II, and FedRamp audits
Achieved Security Scorecard score of 100
Built Enterprise Security Program from the ground up (Email, Incident Response, IAM, KPIs, SOC, Training)
Developed software security program (Secure SDLC) with a maturity level of a Fortune 50 company
Chief Privacy Officer (Developed Privacy Bill of Materials (PrivBOM), CCPA, GDPR, Contract Legal Review)
Achieved 100% Multi-factor Authentication across the enterprise within 3 months of hiring
Designated as Interim/Backup CTO under Business Continuity and Disaster Recovery Plan
Led the 3 year CVS/Aetna integration plan of over 3000 applications, developers, and systems
Managed 14 FTE and 16 contingent workers with an 80% diversity rate and a $5M annual budget
Led one of most mature software security programs in the world based on 2018 BSIMM results
Each FTE followed professional development plans, cross-training, and 10% of time on new initiatives
Prevented $400M in fines and penalties as manager of the 2019 CVS PCI Application & Network Security Audit
37% Increased developer productivity by implementing an enterprise wide DevSecOps Program
Designed and Implemented Integrated Cloud Security Program to include Policies and Standards
Developed and presented GDPR/UK DPA/CCPA briefing to H-ISAC Global Privacy Working Group and CVS
Retooled enterprise wide security education/training program including managers, developers, and architects
Creator and Host of 2 Worldwide Cyber Security Radio Shows (CVS and H-ISAC)
Led Aetna International to adopt the enterprise application security program (India, Thailand, UK)
Envisioned and implemented Amazon Alexa Skill Penetration Testing Program
