- Lead the global ISO 27001 program as Program Manager and core ISMS team member, steering strategic roadmap and cross-functional governance to elevate organizational security posture by 30%.
- Drive end-to-end risk lifecycle management — identification, assessment, mitigation, and continuous monitoring — enhancing risk visibility across the org.
- Oversee governance of policy and security exception requests, ensuring compliance with corporate mandates and regulatory requirements.
- Manage internal and third-party audit programs end to end, reducing audit findings year-over-year.
- Build and maintain Power BI dashboards giving senior leadership real-time visibility into third-party risk, internal assessments, and exception backlogs.
- Respond to customer inquiries on the organization's security posture, sustaining a 95% customer satisfaction rate.
- Author and maintain SOPs standardizing risk management processes enterprise-wide.
module // 01
Summary
Information security professional with 5+ years of experience and a certified ISO/IEC 27001:2022 ISMS Lead Auditor credential. Expertise in assessing internal controls, identifying risks, and reporting to stakeholders to drive corrective actions. Skilled in evaluating security policies and exception requests, with hands-on experience developing Power BI dashboards for Key Risk Indicators and Key Performance Indicators. Proficient in supplier risk management, customer RFQs, and compliance program management across ISO 27001, TISAX audits, NIST CSF assessments, and internal control automation.
Quick to pick up and apply new tools and technologies — from GRC platforms to self-hosted infrastructure — to optimize processes and cut manual effort. Regularly plans and builds automation using AI agents and tools like Claude and Microsoft Copilot to accelerate day-to-day work, and runs Ollama and local LLMs for personal AI-based project development.
module // 02
Core Competencies
governance & risk
security & strategy
automation & ai
infrastructure & systems
module // 03
Certifications
module // 04
Work Experience
- Developed and monitored ServiceNow dashboards and KRIs for accurate risk tracking and reporting.
- Collected, analyzed, and updated KRI-specific data to maintain real-time risk visibility.
- Analyzed policy exceptions weekly, mapping them to control objectives and associated risks.
- Delivered KRI activity reports to leadership to support informed decision-making.
- Automated the KRI data collection process, cutting manual effort by ~30% and improving accuracy.
- Developed IoT-based automation solutions integrating with existing manual processes.
- Programmed microcontrollers and worked with microprocessors to interface sensors and actuators for embedded IoT devices.
- Built backend server code in Python with MongoDB and SQL as non-server data storage.
module // 05
Projects
grc
Audit Support
Coordinated internal readiness for ISO 27001 and NIST CSF frameworks, defined controls, and educated control owners through the audit lifecycle — evidence deadlines, interviews, and documentation.
grc
Risk Management: Centre of Excellence
Analyzed risk forecasting frameworks and built KRIs and dashboards using ServiceNow Performance Analytics, plus automation for firm-wide KRI data collection.
grc
ISO 27001 Compliance Program
Ran day-to-day global ISO 27001 readiness as a core ISMS team member — reviewing Annex A controls with engineering, IT, and legal, and closing gaps before formal audits.
grc
Disaster Recovery Management
Assumed temporary leadership of the DR function, managing recovery simulations and business continuity exercises while expanding program scope.
grc
Customer Trust Program
Managed customer inquiries on the org's security posture, coordinating with technical teams for accurate, legally-approved responses — sustaining 95% satisfaction.
module // 06
Personal Projects & Technical Interests
Outside of GRC work, I build and self-host infrastructure end to end — from server setup to application code — largely in support of a personal gaming and content-creation operation.
deployed
Home Media Server & Homelab
Self-hosted a suite of media and photo management services via Docker on a Windows PC, with GPU-accelerated transcoding, a reverse proxy for secure access, and OAuth-based authentication.
deployed
Automated Streaming & Clip Pipeline
A five-scene OBS setup with NVENC encoding, paired with Python scripts for audio-peak-based clip detection, faster-whisper transcription, and automated folder watching across a two-machine workflow.
ongoing
Gaming & Content Creation
Stream and create gaming content across PC, PS5, and Xbox Series X, publishing clips and highlights weekly on YouTube and Instagram.
module // 07
Education
module // 08