Responsible for establishing the HSBC North America enterprise-wide Information Security and Vendor Management governance framework and structure to align the company with industry best practices, to take a broader risk-based approach and to optimize risk management opportunities while effectively safeguarding company, employee and customer information across all HSBC North America products, channels and lines of business. Directly responsible for the oversight of information security and vendor management standards while effectively managing vendor and security strategies aligned to business objectives.
Jan 2002 - Present
SVP & Chief Information Security Officer
Provides executive management, leadership and strategic direction for Information Security Risk and Vendor Management within HSBC North America.Collaborates globally to take a broader, risk-based approach to effectively safeguard company, employee and customer information across all HSBC North America products, channels, vendors and lines of business. Directly responsible for the oversight of information security risk and vendor management policies and standards while promoting strategies aligned to business objectives and effective risk management.
2002 - Present
HSBC Technology and Services North America
- Overall ownership and management of the HSBC North America Information Security Risk Program, inclusive of setting Information Security (IS) strategies and owning IS standards and policies across HSBC North America.
- Responsible for ownership and management of the North America Vendor Management program including the vendor management policy, strategies and governance.
- Responsible for building and managing effective relationships to HSBC North American legal entity Boards of Directors, senior leadership, risk committees, auditors and regulators.
- Established the strategic direction and vision for Information Security Risk and Vendor Management in HSBC North America through research, evaluation, introduction and exploitation of global solutions, technical disciplines and risk practices.
- Oversees the design, implementation and maintenance of security architecture and best practices for all computing networks and platforms in accordance with global security architecture.
- Responsible for comprehensive risk assessments and control gap remediation for all HSBC lines of business and vendors.
·Effectively communicates information security risk and vendor management vision, strategy and overall program to a broad range of people across HSBC in North America and globally.
- Monitors significant changes in the exposure of information assets to threats and vulnerabilities and identifies solutions to mitigate them.
- Manages strong, effective relationships with the Heads of Internal Audit and SOX for the organization.
- Successfully developed strategy, solutions and organizational structures that have been used as the model for deployment globally across HSBC.
2002 - 2006
HSBC Card Services
FDR Operations and Incident Management, California (05/2006 – 12/2006)
Provide leadership to a team of professionals who directly support business critical initiatives on the FDR platform and add value through challenging established practices and delivering creative solutions to complex business problems. Managed the FDR relationship to ensure their structure and focus continues to meet the ever-changing needs of HSBC.
Provided management and leadership to a dedicated incident management team with responsibility for timely and effective resolution of over 4,600 incidents annually. Enhanced the role of the team from correction of incidents to preventative measures and upgraded the integrity of the incident data in order to provide effective and immediate awareness of incident analysis and trending.Director, HSBC Inc
Enterprise Risk Management, California (08/2004 – 05/2006)
Managed a team responsible for analyzing and mitigating organizational risk exposure for all operational and systemic processes through development of risk attributes and risk ranking that drive creation and deployment of required control modules. Created and managed a centralized vendor and service level management division including defining bank-wide standards for SLAs and vendor reviews. Primary contact with executive management in all lines of business for operational risk and proactive preventative controls.AVP, Household International
Technology & Services, California (01/2002 – 07/2004)
Managed a department of over 30 project managers and developers ensuring all projects are implemented on time or better with enhanced quality. Continuously executed to the core principle of process standardization, automation, elimination of non value-add activities, and introduction of new value-add processes that help improve profitability and grow the business. Executive sponsor and principle architect in the design, development and implementation of a robust, comprehensive rewards loyalty application.
1999 - 2001
Created a new department for over 8 million customers to effectively operate and manage the reward processes, systems and customer experience for all cardmember rewards. Directed an operating budget in excess of $150 million and within a constrained timeline, significantly improved the customer experience while reducing operating costs by over $750,000 and creating revenue opportunities in excess of $2 million.
·Developed new and enhanced reward processes that provided superior service both internally and externally to the organization at significantly reduced costs. Improved customer fulfillment from greater than 8 weeks to less than 24 hours.
·Reduced cardmember rewards complaints by 75% in less than 3 months.
·Consolidated fulfillment and redemption processes; retired existing systems, eliminated redundancy.
·Established organizational accountability and key performance metrics for rewards execution and day-to-day operations.
·Managed the contract negotiations for a redemption and fulfillment vendorFirst Vice President, Operations
Wingspanbank.com (A Division of Bank One), Wilmington, DE (08/1999 – 01/2001)
Recruited to define and implement the role and responsibilities of operations for a start-up Internet venture.This department significantly improved operational efficiencies and reduced costs for the organization. Audit and compliance champion acknowledged by the OCC for having best in class operational procedures, which were used as benchmarks against other institutions.
·Instrumental in developing risk mitigation strategies for acquisitions, deposit and check activities as well as ACH procedures that saved the bank in excess of $1 million in projected fraudulent activity.
·Managed over 15 external vendors and implemented operational efficiencies that saved the bank in excess of $2 million.
·Developed a concept prioritization model used by the President to determine which initiatives the company would focus on.
1980 - 1999
Responsibilities and accomplishments included:
· Implemented leading edge, on-line strategic retail initiatives to a sales force of over 5,000. These on-line tools were used to significantly drive revenue through product and service excellence.
·Managed the successful development and deployment of a complex reconciliation model used to ensure the implementation of a multi-million dollar financial systems project.
·Change advocate to senior executives from the personal and commercial and eCommerce lines of business to successfully manage the change in their divisions to the new financial reporting systems.
·Developed the strategic and execution plans for the implementation of a mainframe (Hogan) management reporting system. This system would replace a legacy system that provided management reporting to over 5,000 managers.
·Redefined how CIBC managed their sales and relationship efforts by developing profitability models at the customer level. These models used complex analytical algorithms and activity based costing to determine profitability by customer relationship.
·Led a team of senior consultants to reengineer financial management expense reporting from legacy systems to a Dun and Bradstreet Client/Server system (SmartStream). This included revolutionizing the way information was viewed by redefining the information code-block from two views (transit and product) to over eight different views (account, sub-account, organization unit, project, customer, customer access point, currency).
·Partnered with Andersen Consulting for over 5 years and developed shared expertise on best practices for project management lifecycle methodologies, change management practices and presentation delivery.
·Managed all aspects of branch banking including retail deposits, consumer lending, small business lending and management, mortgage lending and processing, mutual funds and investments sales as well as back office processing.
·As senior branch manager, developed an innovative VIP card that introduced the concept of high net worth relationship management.