15+
Years Experience
10+
Regulatory Frameworks
100%
Audit Closure Rate
$10M+
Annual Portfolio
Executive Profile
Strategic security leadership
at the intersection of governance,
risk & emerging technology.
Twenty years of federal OT, Cybersecurity and Risk leadership. Delivered inside the most complex, high-stakes environments in U.S. government — and built the frameworks others rely on to govern them.
A management consultant and GRC architect with a Big 4 background, I have spent two decades embedded in federal civilian agencies — designing and leading programmes across cyber risk, integrated risk management, AI governance, business continuity, IT governance, and post-quantum cryptography. My work spans policy authorship and board-level reporting to hands-on platform implementation and proposal architecture for contested federal procurements.
I lead teams, advise CISOs, and translate the gap between regulatory obligation and operational reality into governance programmes that actually work. Currently in independent practice in Washington, D.C. — and developing a patent-pending Autonomous GRC product designed to move enterprise security governance from periodic to continuous.
My career has been built inside U.S. federal civilian agencies, working at the intersection of policy, technology, and organisational change. I have designed Integrated Risk Management frameworks from the ground up, stood up Cyber Risk Committees with formal charters and governance protocols, rebuilt IT governance programmes that had stopped functioning, elevated FISMA Contingency Planning maturity from Level 2 to Level 5, and advised agency CISOs on quantum readiness before most organisations had put it on a roadmap.
I work with organisations that are serious about governance — not just compliant on paper, but genuinely managed. If that is the standard you hold yourself to, this is where the work begins.
Engagements at a Glance
Cyber Risk & IRM
Cyber Risk Management Program · Integrated Risk Management · AI Governance
Resilience & Continuity
BC/DR Contingency Planning · FISMA Level 2 → 5 · ServiceNow BCM
Governance & Compliance
IT Governance · ITAM · Policy Lifecycle · ServiceNow IRM
Emerging Risk
Quantum Readiness · PQC Migration · CISO Advisory
Innovation
Autonomous GRC · Patent Pending · GRC-as-Code · AI Governance Architecture
Core Competencies
Governance & Risk
AI & Emerging Technology
Advisory & Delivery
Add Portfolio Entry
Drop file here or click to browse
PDF · DOCX · Max 20MB
Portfolio
Cyber Risk
Integrated Risk Management Program Implementation
U.S. Federal Civilian Agency │ Big 4 Advisory · Multi-Year Engagement
As IRM Program Lead and Team Lead, directed the full lifecycle design and implementation of an Integrated Risk Management program — unifying cyber risk, operational risk, technology risk, and compliance risk under a single governance architecture embedded within Enterprise Risk Management. Structured across three workstreams: current-state risk scoping; facilitated stakeholder alignment workshops; and integrated policy, standards, and technology architecture — including GRC platform recommendations for ServiceNow GRC and Archer.
IRM framework adopted as enterprise governance standard — cyber and technology risk formally integrated into ERM
Full policy suite authored: IRM Policy, Risk Management Standard, and domain-specific procedures
Stakeholder alignment workshops delivered with CISOs, CROs, and executive sponsors — unified risk taxonomy and ERM integration model agreed
Cyber Risk
Cyber Risk Management Program
U.S. Federal Civilian Agency │ Big 4 Advisory · Multi-Year Engagement
As Cyber Risk Expert and Program Lead, designed and stood up a net-new Cyber Risk Management Program — building the program from the ground up with no existing cyber risk function in place. Delivered a fully operational program across three phases: program scoping and assessment; governance design and Cyber Risk Committee stand-up; and guidance, procedures, and operating rhythm — including a weekly Cyber Risk Review process embedded at the operational level.
Cyber Risk Management Program Charter and Cyber Risk Committee Charter authored and formally adopted
Cyber Risk Committee stood up — formally appointed members, defined decision rights, and live escalation pathways into ERM
Weekly Cyber Risk Review process designed and embedded — agenda structure, KRIs, and executive reporting operational
BC/DR
IT Business Continuity & Disaster Recovery — FISMA Level 5
U.S. Federal Civilian Agency │ Big 4 Advisory · Multi-Year Engagement
As BC/DR Program Lead, directed the comprehensive overhaul of the agency's IT Business Continuity and Disaster Recovery program — elevating FISMA Contingency Planning maturity from Level 2 to Level 5, the highest achievable score. Led a team through three phases: environment assessment and coverage mapping across CSPs, MSSPs, and inter-agency service agreements; BIA, ISCP, and policy redesign; and a structured tabletop exercise programme with automated planning and risk scoring facilitated with SES agency leaders.
FISMA Contingency Planning maturity elevated: Level 2 → Level 5 — highest achievable score
BIAs, ISCPs, and Contingency Planning Policy fully redesigned per NIST SP 800-34 Rev 1 — coverage extended across CSPs, MSSPs, and inter-agency partners
Automated TTX programme with risk scoring delivered — SES leaders and inter-agency stakeholders exercised against integrated failure scenarios
AI Governance
AI Strategy, Governance & Compliance Framework
U.S. Federal Civilian Agency │ Big 4 Advisory · December 2024
As Engagement Lead, directed the design and delivery of the agency's AI Strategy, Governance, and Compliance Framework — establishing responsible AI governance from the ground up. Delivered across three phases: AI strategy workshop series with senior executive leadership; AI Policy development through Legal, HR, and executive review; and technical integration of NIST AI RMF 1.0 into the agency's existing FISMA and NIST RMF authorization architecture. OMB M-24-10 requirements translated into actionable programme initiatives.
AI Policy authored and formally adopted through Legal, HR, and executive review — agency's first enforceable AI governance standard
AI strategy consensus achieved across senior executive leadership through directed workshop series
NIST AI RMF 1.0 compliance framework integrated into existing FISMA and NIST RMF authorization architecture
Quantum Readiness
Quantum Readiness & Post-Quantum Cryptography
U.S. Federal Civilian Agency │ Big 4 Advisory
Provided strategic quantum readiness advisory support to a U.S. federal civilian agency — leveraging the firm's proprietary quantum readiness asset to assess cryptographic risk, inform agency preparedness posture, and guide post-quantum cryptography migration planning. Engagement spanned readiness research, cryptographic inventory, and PQC migration roadmap development aligned to NIST and NSA transition mandates.
Quantum readiness preparedness framework developed — cryptographic risk assessment methodology aligned to NIST FIPS 203/204/205 and NSA CNSA 2.0 transition mandates
Strategic PQC migration roadmap guidance produced — supporting agency planning ahead of federal mandate timelines
Crypto-agility architecture principles developed — enabling organisations to plan algorithm transitions without full system re-engineering
IT Governance
IT Governance, Asset Management & Programme Transformation
U.S. Federal Agency │ Independent Advisory Engagement · Jun 2020 – Nov 2021
As Governance Lead, rebuilt a federal IT governance programme from the ground up across five workstreams: governance assessment and charter redesign; intake, demand management, and service operations; full policy and procedure programme lifecycle management; IT Asset Management programme delivery aligned to NIST SP 800-128; and ITIL service management framework alignment covering incident, problem, and change management. Programme performance improved by 250% in under 12 months.
IT Governance Charter redesigned and Steering Committee formally established with voting protocols, record-keeping, and escalation pathways
250% Policy & Procedure programme improvement delivered in under 12 months — policy lifecycle model with ownership, review cadence, and version control implemented
IT Asset Management programme delivered — hardware, software, and licence management aligned to NIST SP 800-128
ServiceNow IRM
ServiceNow IRM — Integrated Risk Management Implementation
U.S. Federal Civilian Agency │ Big 4 Advisory · Multi-Year Engagement
As IRM Platform Lead, directed the implementation of ServiceNow Integrated Risk Management across five modules — delivering a unified, platform-native risk governance capability. Modules implemented sequentially: IRM Foundation and Risk Data Model; Policy and Compliance Management; Risk Management; Audit Management; and Third-Party Risk Management with Continuous Monitoring. The engagement translated the agency's IRM framework, policy suite, and ERM integration requirements into a fully configured, FedRAMP-authorised GRC platform environment.
Five-module ServiceNow IRM implementation delivered — unified risk data model, FedRAMP-authorised, CMDB-integrated
Full agency policy suite migrated into Policy & Compliance Management — automated attestation, cross-framework control mapping, and compliance dashboards configured
Risk Management module operational — risk identification, treatment workflows, POA&M linkage, and board-level risk aggregation live
ServiceNow IRM
ServiceNow BCM — Business Continuity Management Implementation
U.S. Federal Civilian Agency │ Big 4 Advisory · Multi-Year Engagement
As BCM Platform Lead, directed the implementation of ServiceNow Business Continuity Management as a net-new capability across four phases: current-state assessment and platform architecture; continuity plan migration and BIA configuration; automated workflows, escalation trees, and plan activation; and after-action reporting, TTX management, and operational handover. Extended plan coverage to CSPs, MSSPs, and inter-agency partners as managed platform relationships.
ServiceNow BCM deployed end-to-end — FedRAMP-authorised, CMDB-integrated, with full BIA and plan migration across CSPs, MSSPs, and inter-agency partners
Automated plan activation, escalation trees, and third-party notification workflows configured — single-trigger continuity response operational
After-action reporting, TTX management, and POA&M integration configured — exercise findings driving continuous plan improvement within platform
Practice Contributions
Cyber Transformation Proposal Architecture & Win Strategy
Big 4 Advisory — GPS Cyber & Strategic Risk Practice
As Proposal Architect and Win Strategist, authored and reviewed technical narratives for competitive federal cybersecurity RFP responses across seven capability areas — directly contributing to GPS Cyber practice revenue growth. Win strategies were developed grounded in competitive intelligence analysis, solution differentiator mapping, and technical volume architecture. Capabilities positioned: Security RMF, ServiceNow BCM Integration, ServiceNow IRM Integration, Digital Transformation, Integrated Risk Management, Cyber Operations/RMF Assessments, and Attack Surface Management.
Multiple federal cybersecurity RFP wins contributed through technical authorship and win strategy development
Seven capability areas positioned across GPS Cyber pursuit portfolio — each with tailored technical narrative and ghost criteria
Win strategy frameworks developed for contested federal cyber procurements — competitive intelligence, differentiator mapping, technical volume architecture
Practice Contributions
CDO Practice — Conference Strategy & Thought Leadership Lead
Big 4 Advisory — Government & Public Services CDO Practice
Hand-selected to serve as the GPS CDO Practice's conference strategy lead — directing end-to-end panel architecture, speaker alignment, and thought leadership positioning to place the firm at the forefront of federal data leadership discourse. Direct advisory support provided to the Practice Leader on data strategy and practice development across simultaneous workstreams.
End-to-end ownership of GPS data-focused conference strategy across all events
Panel frameworks and discussion guides adopted as firm assets for ongoing practice use
Data governance conference playbook produced — adopted as an institutional asset
Practice Contributions
Small Business Transformation & Technology Advisory
Big 4 Advisory — Small Business Transformation Initiative
Hand-selected from across the GPS practice to provide strategic technology guidance to emerging small businesses — delivering digital maturity coaching and technology scoping that accelerated transformation for organisations with community and economic impact mandates.
Selected from GPS practice as Nominated Technology Coach — competitive selection
Digital maturity roadmaps delivered to emerging small businesses
Technology scoping methodology applied to community-impact organisations
Practice Contributions
Big 4 University Facilitator & Professional Development Lead
Big 4 Advisory — GPS Cyber & Strategic Risk Practice
Selected and certified through the firm's competitive University Facilitator programme — one of the firm's most distinctive internal leadership designations. Professional development sessions led for GPS practitioners at Manager, Senior Consultant, and Analyst levels, focused on GRC advisory skills, federal client engagement, risk communication, and career navigation.
University Facilitator certification achieved — competitive internal selection
Professional development sessions delivered across GPS Manager and Analyst cohorts
Next-generation GRC and cyber talent pipeline developed within the GPS practice
Agentic AI GRC
Autonomous GRC & AI Governance Architecture — Patent Pending
Independent Practice · Washington, D.C. · 2025 – Present
As GRC Architect Lead, designed and engineered a patent-pending Autonomous GRC product and framework — The architecture transitions enterprise security governance from manual, periodic assessment cycles to continuously operating, intelligent oversight. Three architectural principles operationalised: Governance-as-Code, Risk-as-Code, and Compliance-as-Code — enabling a single evidence source to satisfy control requirements across 12+ regulatory frameworks simultaneously.
Patent-pending Autonomous GRC product architecture engineered — framework design complete, core innovations protected
Cross-framework compliance matrices developed across 12+ standards — ISO 27001, NIST CSF, NIST SP 800-53, CMMC, GDPR, EU AI Act, SOC 2, FedRAMP from a single evidence source
AI governance layer designed — NIST AI RMF 1.0, ISO 42001, and EU AI Act integrated as native capabilities within the Autonomous GRC framework
Regulatory & Framework Expertise
Security Frameworks
AI Governance
Quantum & Post-Quantum Cryptography
Regulatory
GRC Platforms
Professional Memberships
Contact
Get in touch
Whether you're looking to discuss an engagement, explore advisory services, or connect professionally — I'd love to hear from you. Reach out directly via LinkedIn.
Connect on LinkedIn* OMB M-24-10 has been superseded by OMB M-25-21 (April 2025), which governs current federal AI governance requirements. Prior engagements referencing M-24-10 reflect work conducted under the Biden Administration framework.