As a seasoned Senior Information Security and Compliance Professional with over 20 years of experience in information technology, information security testing, audit, and compliance, I am well-suited to assist companies with their GRC initiatives.


I have worked in various roles, including as an Independent GRC Consultant, Senior Security Assessor, Lead Practitioner, and Security and Audit Professional. In these roles, I have worked with many organizations to conduct information security audits and assessments using industry frameworks such as PCI, HIPAA, HITRUST, SOC, ISO 27002.


I understand that good Compliance leaders take ownership of the entire Compliance process and foster a sense of accountability, making sure that every member of the organization understands their part in keeping the business running securely. I also understand the importance of communicating to the organization about risks and the importance of compliance in a language that stakeholders understand.


In my current role as an Independent GRC Consultant, I work with clients in pre-assessment engagements to document policies and procedures that align with best practices and industry recognized frameworks, identify and provide guidance on closing gaps and help operationalize their Information Security Management Programs.


I am proficient at installing, configuring, and managing various operating systems, including Linux, MacOS, Windows, and ChromeOS. I possess a good general knowledge of modern cloud computing platforms like AWS, Azure, and GCP. Additionally, I have experience with various office tools, Linux command line, Python, and SQL.


Overall, I am well-equipped to assist organizations in their GRC initiatives by taking a proactive, strategic, and empathetic approach to compliance. I have the technical skills and experience to identify and close gaps in Information Security Management Programs while fostering accountability and understanding among stakeholders.