Summary
Overview
Work History
Skills
Accomplishments
Timeline
Generic

S K

Summary

Accomplished Cybersecurity Governance, Risk & Compliance (GRC) leader with over 20 years of experience in enterprise security governance and PCI DSS compliance. Expertise includes aligning compliance initiatives with business strategy, enhancing security controls, and automating audit processes to improve reporting and readiness. Proven ability to deliver scalable GRC frameworks and advise senior leadership on security risk posture and regulatory compliance.

Overview

11
11
years of professional experience

Work History

Senior GRC & PCI DSS Compliance SME

MiGSO-PCUBED (MP)
Pennsylvania
06.2024 - Current
  • Lead enterprise PCI DSS and GRC initiatives supporting SAP environments, strengthening governance, audit readiness, and enterprise risk visibility.
  • Transformed SAP PCI DSS compliance program, improving governance, control monitoring, and remediation management across enterprise systems.
  • Directed quarterly PCI DSS control validation across Cardholder Data Environment (CDE), ensuring sustained audit readiness and compliance integrity.
  • Coordinated external PCI DSS audits and internal security assessments with external auditors and compliance teams, streamlining audit processes and communication.
  • Conducted enterprise PCI DSS gap assessments and implemented remediation strategies across multiple business units.
  • Implemented automation of cyber audit evidence collection, significantly reducing manual effort and improving compliance efficiency.
  • Facilitated SOC1 audit evidence collection through creation of structured documentation repositories, enhancing evidence retrieval processes.
  • Designed enterprise GRC reporting dashboards providing executive-level insights into risk posture and compliance trends.
  • Conducted annual enterprise risk assessments aligning remediation strategies with executive risk appetite.
  • Led migration of LogicGate CAPA processes into SecJira GPSGRC improving workflow automation and remediation tracking.
  • Coordinated global security audits including walkthrough sessions, evidence collection, and remediation closure.

Cybersecurity & PCI DSS Compliance Lead

Voice System Engineering Inc
Pennsylvania
04.2019 - 05.2024
  • Reduced PCI DSS scope through tokenization, network segmentation, and architecture improvements.
  • Conducted internal PCI DSS assessments to evaluate and strengthen policies, controls, and procedures for protecting cardholder data.
  • Designed and implemented incident response frameworks, key management, MFA controls, and secure password policies.
  • Implemented SIEM monitoring and XDR tools enhancing threat detection and response capabilities.
  • Led migration from Kaspersky to Microsoft Defender for Endpoint, enhancing enterprise threat detection capabilities.
  • Established enterprise vulnerability management and patch management programs across cloud and on‑prem environments.
  • Led security awareness and phishing simulation programs improving employee security posture.
  • Investigated and remediated Microsoft 365 security incidents, ensuring effective use of Defender tools to restore security posture.

Cybersecurity & PCI DSS Compliance Engineer

ChargeAnywhere – Payment Gateway
New Jersey
10.2014 - 03.2019
  • Coordinated PCI DSS v3.2 compliance efforts with external QSAs and internal teams to ensure adherence to regulatory standards.
  • Implemented enterprise SIEM monitoring with SolarWinds Log & Event Manager to enhance threat detection and response capabilities.
  • Implemented Web Application Firewall (Trustwave), IPS (HP Tipping Point), and Cisco firewall security controls.
  • Designed and implemented hybrid cloud cybersecurity architecture with Rackspace HA/DR data centers.
  • Conducted network vulnerability assessments and penetration testing remediation.
  • Facilitated payment processor integrations with JPMorgan Chase, Global Payments, TSYS, and Evertec to streamline transaction processing.

Skills

  • Risk & Compliance (GRC)
  • PCI DSS Program Management
  • Security governance strategy
  • Governance
  • Enterprise Risk Management
  • Security Control Frameworks
  • Security Audit Leadership
  • Risk Assessments
  • Compliance Improvement Strategies
  • Security Compliance Monitoring
  • Regulatory Compliance
  • Global compliance management
  • Compliance Documentation Oversight
  • Control Validation
  • Audit Process Improvement
  • Compliance Performance Metrics
  • Risk Management Analytics
  • Security Policy Development
  • Security governance reporting
  • Reporting
  • Cross-Functional Stakeholder Engagement
  • Leadership
  • Cross-Functional Stakeholder Engagement

Accomplishments

  • PCI DSS Program Transformation – SAP Environment, Led the transformation of the enterprise PCI DSS compliance program supporting SAP systems, strengthening security governance, improving control monitoring, and increasing audit readiness across the Cardholder Data Environment (CDE).
  • Enterprise PCI DSS Compliance Leadership, Directed PCI DSS gap assessments and remediation initiatives across multiple business units, enabling successful external audits and strengthening enterprise security controls.
  • Global Audit & Compliance Management, Coordinated global security audits including PCI DSS and SOC1 assessments, managing audit walkthroughs, evidence collection, and remediation activities across cross-regional teams.
  • Audit Evidence Automation Initiative, Implemented automation of cyber audit evidence collection and documentation repositories, significantly improving audit efficiency and reducing manual effort during compliance audits.
  • Enterprise GRC Modernization, Led migration of CAPA workflows from LogicGate into SecJira GPSGRC, improving remediation tracking, compliance reporting, and operational transparency.
  • Enterprise Risk Governance & Reporting, Developed executive-level risk dashboards and reporting frameworks providing leadership with actionable insights into enterprise risk posture, compliance status, and remediation progress.

Timeline

Senior GRC & PCI DSS Compliance SME

MiGSO-PCUBED (MP)
06.2024 - Current

Cybersecurity & PCI DSS Compliance Lead

Voice System Engineering Inc
04.2019 - 05.2024

Cybersecurity & PCI DSS Compliance Engineer

ChargeAnywhere – Payment Gateway
10.2014 - 03.2019
S K