Profile
Accomplished leader with a diverse background encompassing Security Product Management and Security Operations, including governance, risk and compliance, audits, assurance, detection and response, vulnerability management, and customer success.
Over Eighteen years of experience in building and leading high-performing global security organizations for top enterprise application providers, Fin-Tech, financial, healthcare, gaming, casino, online wagering, and insurance institutions.
Proven track record of engaging and collaborating with senior executives, including Chief Information Security Officers (CISOs) and Chief Technology Officers (CTOs), to deliver thought leadership and strategic guidance on security and compliance matters to uphold customer trust.
Extensive expertise in compliance frameworks and standards such as Cloud Security Matrix (CSA), NIST, COBIT, ITIL, SOX, SSAE 16, ISO 27001, ISO 27017, PCI, SOC, HIPAA, FedRAMP, and GDPR.
Experienced in implementing third-party compliance programs and leveraging GRC tools to drive efficiency thru automation.
Established industry-leading payments compliance standards, including PSD2, Open Banking, and PCI, while providing guidance to technical teams in conducting gap analysis and remediation efforts.
Strong background in networking, secure software development life cycle, data centers and information security.
Work Experience
Senior Director, Information Security
- Directed Salesforce's global customer security incident response, orchestrating end-to-end handling of complex breaches by advanced threat actors impacting customer environments.
- Spearheaded an executive outreach program, proactively engaging customer CISOs during critical incidents through personalized briefings and vulnerability notifications to strengthen relationships and enhance incident response effectiveness.
- Developed and operationalized a comprehensive customer-focused vulnerability reporting process, enhancing visibility and trust by streamlining procedures for receiving and resolving customer vulnerability reports, ensuring timely resolution and effective communication.
- Led and managed a global team to support multi-cloud customer security audits and security questionnaires, directly contributing to $1B+ in annual new sales and renewals.
- Functioned as a Field CISO, acting as a trusted advisor and strategic partner to senior customer executives, proactively aligning security strategies—including approaches for Trusted AI (e.g., data masking, prompt injection detection, toxicity and bias mitigation)—with evolving threat landscapes and industry best practices to preserve and enhance customer trust.
- Responsible for driving SOC2, PCI, TISAX, HITRUST, IRAP, and NIST compliance programs Salesforce's Cloud solutions globally.
- Partnered with product teams to advocate for customer-centric security and compliance priorities, influencing product roadmap decisions to effectively address trust gaps and meet customer requirements.
- Collaborated with commercial, privacy, and infrastructure legal teams to draft and approve robust security language for highly negotiated enterprise agreements, securing contracts exceeding $400M in total value while ensuring alignment with organizational security standards.
- Implemented internal and external tools to significantly scale customer security assurance programs, streamlining artifact distribution and audit enablement through automation.
- Ideated and oversaw the implementation of internal and external tools to scale customer security assurance programs, leveraging automation and Generative AI to streamline artifact distribution, audit enablement, and customer questionnaire responses.
Senior Manager – Product: Trust and Security
- Orchestrated cross-functional teams in mitigating sophisticated account takeover and credential validation attacks, fortifying Intuit's platform and safeguarding financial partners.
- Engineered and deployed comprehensive security compliance frameworks (SOX, SOC2, PCI, GDPR, PSD2, AU-CDR, NIST), ensuring robust adherence to global regulations.
- Designed and launched a comprehensive partner risk management program specifically for financial data exchange with Financial Institutions, ensuring secure and compliant data flows.
- Established and cultivated a high-performing cross-functional team (Security, Fraud, Risk, Compliance) responsible for daily investigations, incident management, and deploying preventive/detective controls to secure customer accounts and build trust.
- Collaborated with cloud operations teams to achieve continuous compliance for AWS environments, optimizing audit evidence collection processes.
- Conceptualized, built, and operationalized a cross-Intuit fraud platform across multiple business units, leveraging compromised credentials and acquired threat actor TTPs to counter financial fraud.
- Served as Co-Chair of the security working group at Financial Data Exchange (FDX) and a leading member of the credential validation task force for financial institutions at FS-ISAC, driving industry-wide security standards.
Technology Auditor Manager
- Directed enterprise-wide risk identification and remediation initiatives, significantly reducing corporate risk and potential fraud while ensuring strict compliance with regulatory requirements (Sarbanes-Oxley 302/404, Gaming Control Board, External Auditors).
- Architected and deployed a robust control framework for IGT's social media gaming subsidiary (DoubleDown Interactive), elevating the operational control environment and securing full SOX Compliance.
- Devised and executed a comprehensive analytical framework for evaluating the information security and compliance posture of all IGT acquisitions, skillfully integrating and managing their security compliance programs.
- Pioneered and established a continuous compliance program by developing automated solutions for evidence collection and control testing, markedly enhancing audit efficiency and ongoing regulatory alignment.
IT Auditor
- Performed detailed Risk Assessments for the Auditee to determine the quantitative and qualitative value of the identified risks.
- Conducted Network security reviews assessing the security configurations, host-based security configurations, IDS rules, Change Logs, and Network vulnerabilities.
- Completed IS and Integrated Audits with a prime focus on Vendor governance, information security, data management, disaster recovery, application controls & systems development initiatives.
IT Risk and Assurance Services
- Executed technical audit and security assessments (e.g., SAS 70, ISO 27001) for diverse clients, including financial institutions, evaluating critical controls for data integrity and regulatory adherence.
- Performed comprehensive IT General Controls (ITGC) and IT Application Controls (ITAC) testing across key domains, identifying deficiencies and supporting robust audit findings.
- Streamlined client and external auditor communications, facilitating requests, testing procedures, and deficiency resolution for various engagements.
Education
MS Information Management
B.E. Computer Science and Engineering
Recent Insights & Thought Leadership
Connect with The Cipher Guardian on LinkedIn for real-time cybersecurity insights
Loading latest insights...
Featured Blog Posts
Part 1: Discover the five foundational attributes for securely deploying AI agents with confidence and control.
Comprehensive guide for administrators on implementing secure AI agents with proper governance and controls.
Podcast Appearances
Deep dive into AI security fundamentals and the crucial role administrators play in building secure Agentforce experiences. Learn about the five essential questions for secure AI deployment.
Speaking Engagements & Presentations
Speaking Engagements - Visual Timeline
Dreamforce 2024
Securing AI at Enterprise Scale
Dreamforce 2023
Trust and Security Foundations
TDX 2024
AI Security Architecture
Tableau Conference 2024
Data Security & Analytics
Tableau Conference 2024
Advanced Security Practices
Tableau Conference 2025
Future of Secure Analytics
World Tour DC 2024
Regional Security Implementation
TDX Built
Platform Security Engineering
MVP All Stars
Community Leadership
DataFam Europe
European Data Security Standards
Comprehensive session on building enterprise-grade AI security frameworks and implementing governance controls at organizational scale.
Technical deep-dive into Agentforce security architecture, covering testing methodologies, guardrails, and real-world implementation strategies.
Regional presentation focusing on practical security implementation for Agentforce deployments, with emphasis on local compliance requirements.