Experience - recent (major projects)
Jan, 2019 - current Technical Project Leader / Information Security 
Auto Club Enterprises (AAA) Southern, CA  | 
automotive pmo security systems
  Technical lead of Information Security projects, for Information Systems department and business units. Enforced security compliance of Cloud Security policies within the Systems and Security organizations.
Cloud Security (InfoSec) draft and acceptance of system policies, procedures, and remediation.
Deployed cyber security (CyberArk) on Microsoft (ADFS/MFA), coordinated systems and third party install.
Information Security Agile/Scrum (Clarizen) SecOp (GRC) Microsoft (ADFS/MFA) CyberArk

Jan, 2018 - Nov. 2018

Project Manager / Security Analyst 
Thoma Bravo (Lexmark-Kofax)
Irvine, CA  |  compliance grc gdpr security analysis


Project managed and IS security analyzed for IT-Compliance, liaison to Legal and Sales Support departments. Governance Risk Compliance of General Data Protection Reg. (GDPR) and CA Consumer Privacy (CCPA).
Data Processing Agreement change requests for GDPR/CCPA customer/vendor license agreements. 
Established collaborative environment for IT-Compliance, Legal, and Sales Support teams. 
Microsoft practice (SSDL, Azure), data privacy (OneTouch, AWS), MS-CRM and Salesforce management.
GRC Analysis Waterfall (SSDL, Smartsheet) Salesforce (CRM) Azure/AWS OneTrust (GDPR/CCPA)

Apr. 2016 - Nov, 2017 Program Manager / Systems Analyst 
California Resources Corp. (CRC-Oxy)
Long Beach, CA  |  energy pmo erp strategic planning
  Program managed End User Services infrastructure. Developed departmental dashboard and service portal. Authored strategic executive status-metric reports (ESR). Improved PMO standards and CMMI.
Reduced infrastructure costs and re-engineering build out (ROI), after Occidental/Oxy corporation spin-off.
Scaled enterprise services, modernization, and strategic planning for new CRC corporation.
Led phone (VOIP), and network management/monitoring (SolarWinds), implementations and upgrades.
Facilitated vendor consolidation, negotiation/re-contracting, of new corporate services contracts (Telecom).
Mentored and trained project coordinators in remote locations, requisite for executive status reports (ESR).
Strategic Plans Waterfall (Smartsheet) Hybrid (Trello) Agile (Scrum) SecOp (GRC)
Jan. 2014 - Oct. 2015 Program Manager / Business Analyst 
Hyundai (HAEA/HISNA)
Fountain Valley, CA  |  automotive pmo grc infrastructure
  Program managed Kia infrastructure system (KMA), Hyundai web (HMA), and Car loan security (HCA). Authored executive status-metric reports (ESR). Audited business units, and SecOps. Improved PMO-CMMI.
Scaled data warehousing infrastructure, for regional automotive support centers (Hyundai-North America).
Led electric-car dashboard/portal (KIA-Telematics), charging stations (SiriusXM), and car services (Yelp).
Led web advertising (HyundaiUSA.com), sports campaigns and customer support, with on/offshore teams.
Led auto-loan (Hyundai Capital America) process, tracking, and management system governance (GRC).
Deployed cyber security (SecOps) project with third party (Imprivata), previously uncompleted (RSA, SSO).
Business Analysis Waterfall (Stagegate) Hybrid (Kanban) Agile (Scrum) SecOp (AppScan/Pen-Test) 
May. 2013 - Sep. 2013 Project Manager / Systems Analyst 
First American Title Santa Ana, CA  |  financial software release management grc mortgage/title
Managed release software development and deployments. Reviewed and authorized major/minor, and weekly software, from development (AppDev-Ops), through production (SCM), including change approvals (CAB).
Managed mortgage transaction system (EDI), and coordination of remote/offshore software teams (DevOps).
Assured quality (QA) of remote software testing (GRC), and local rollouts with rollback contingencies.
System Analysis Waterfall (PMBOK) Agile (Scrum) Software Change (SCM/CAB) Compliance (GRC)
Jun. 2011 - Apr. 2013 Program Manager 
Inspection Connection (ASI 09-10) Newport Beach, CA  |  ebusiness web portal-2 Nish Consulting
  Updated business/marketing plan from 09-10, longer term strategic plans, and enterprise technical designs.
Increased revenue by reengineering and data mining of second generation web/portal
 Feb. 2009 - Aug. 2010 Project Manager 
Automotive Solution Inc (IC 11-13)
Newport Beach, CA  |  ebusiness web portal-1 Nish Consulting
  Authored business/marketing plan, long term strategic plans, and enterprise technical documentation.
Architected enterprise, strategic plan and design of first generation web/portal application
Nov. 2010 - Apr. 2011 Project Manager / Systems Analyst 
Boeing (Defense) Seal Beach, CA  |  aerospace pmo data-center consolidation infrastructure
  Cost reductions by re-scoping application migration, remote server virtualization, relicensing, and central IT for Application Consolidation Modernization org. Authored plans, burn downs, and schedules with BASP/Lean.
Reduced cost by vendor contract renegotiation (hardware), and license consolidations (software).
Increased data reliability and efficiency, through centralization of remote IT centers.
Systems Analysis Boeing Agile Software Process/Lean (BASP) Business Metrics of Interest (BMI)
May. 2008 - Sep. 2008 Project Manager / Data Analyst 
Boeing (Commercial) Long Beach, CA  |  aircraft pmo edms data-management infrastructure
Authored SDLC procedures and management reports. Audited project controls of task management process. Developed project tasks using Fujitsu (Macroscope) methodology, and reports for eMOD organization. 
Reduced cost plan for regional eMOD data servers' migration to corporate facility and services.
Reduced disaster recovery and data error risks for electronic maintenance EDMS and operations data system.
Data Analysis Fujitsu (Macroscope) Customer Quality Support SDLC/CM/EDMS standards
Jan. 2007 - Aug. 2007 Project Lead / Business-GRC Analyst 
Capital Group Brea, CA  |  financial grc/sas70 compliance
Reduction maintenance costs and compliance gaps with standardization of software development procedures. Authored Statement on Auditing Standards-No. 70 reports and IT SAS-70 compliance documentation.
Audited Standards (SAS) No. 70 for general computer controls of PMO and business units.
Developed Waterfall (phased) and Agile (iterative) methodology plan and standards for ongoing governance.
Business Analysis Waterfall (phased) Agile (iterative) SDLC/CM standards
Nov. 2005 - Jan. 2006 Project Manager / Business Analyst 
PacifiCare (UnitedHealth) Cypress, CA  |  healthcare grc/hipaa email/data-warehouse infrastructure
Authored project plan and vendor specifications. Managed IS compliance with legal requirements of email support for court litigation, and SOX/HIPAA compliance. Coordinated-liaison email archive project vendor.
Reduced search/retrieval and litigation costs, through archival and indexing of corporate emails.
Led vendor selection through RFI release, RFP reviews, and vendor RFQ selection/award process.
Business Analysis Waterfall (PMBOK) RFI-RFP-RFQ VAR selection Project Plan
Apr. 2004 ~ Nov. 2006 Project Lead / Governance Risk Compliance 
(audits) Southern, CA  |  financial grc/sox/sas compliance
  Reported Sarbanes-Oxley (SOX-404) and Statement Auditing Standards (SAS-70); audit, test, and procedures; including Narratives, Risk Control Matrices (RCM), gap remediation (COBIT/COSO), and governance (GRC).
Clientele: Ameriquest (mortgage), Ducommun Inc. (DTI, DAS) (aero), First Consulting Group (health), -
- Boeing (aero), Smart&Final (retail), 99cent (retail), Sparta (aero), Impac (mortgage), Mazda (auto).
Rational (RUP) Niku-Clarity PVCS-Tracker PeopleSoft Lotus Word (Narrative) Excel (RCM/Test)