My Journey

The Foundation: Ernst & Young (2007-2014)

My career in technology risk began at Ernst & Young, where I spent seven formative years learning the fundamentals of IT audit and risk assurance. Starting as an entry-level auditor and advancing to Manager, I worked with FORTUNE 500 clients across financial services, helping them navigate SOX compliance, SOC/SSAE attestations, and technology risk assessments.

Those years at EY taught me something critical: audit doesn't have to be painful. The best auditors aren't just checkbox-checkers—they're trusted advisors who help organizations understand and manage risk while building sustainable compliance programs. I carried this philosophy forward into every role that followed.

By 2014, I had led dozens of engagements and developed deep expertise in infrastructure, application controls, and IT governance frameworks. But I also recognized that consulting had its limits. I wanted to see the other side—to be the one building programs, not just evaluating them.

Building from the Ground Up: MarketAxess (2016-2018)

After a brief transition period, I joined MarketAxess, an electronic trading platform for fixed income securities, as their Global IT Risk and Audit Manager. This was my first opportunity to build a risk function from the ground up, and it was exhilarating.

At a fintech company, you don't have the luxury of massive teams or unlimited budgets. You have to be scrappy, strategic, and pragmatic. I established the IT risk and compliance function, designed control frameworks that balanced regulatory requirements with business agility, and led the company's ISO 27001 certification readiness.

This experience fundamentally shaped my approach to risk management. Compliance doesn't have to slow down innovation—when done right, it creates the foundation for sustainable growth. It's about building guardrails that enable teams to move fast with confidence, not barriers that stop them from moving at all.

Scale and Complexity: JPMorgan Chase (2018-2019)

From fintech, I returned to Wall Street, joining JPMorgan Chase as a VP in Global Technology Audit. Here, I experienced risk management at unprecedented scale—global infrastructure platforms supporting trillions of dollars in transactions, hundreds of interconnected systems, and regulatory oversight from multiple agencies across continents.

The complexity was staggering, but it reinforced an important lesson: good frameworks scale. The same risk principles that worked at a mid-sized fintech applied at the world's largest bank—they just needed to be implemented with more rigor, automation, and cross-functional collaboration.

Front-Line Defense: Wells Fargo (2019-2022)

My next move took me to Wells Fargo as Lead Technology Control Officer, where I shifted from audit (third line of defense) to front-line controls. This was a completely different perspective on risk management.

Instead of evaluating controls after the fact, I was responsible for spearheading Front-Line Issue Validation across Technology Infrastructure, Cybersecurity, Cloud Governance, and Business Continuity. This role taught me to think proactively about control design, not just retrospectively about control effectiveness.

During this period, I became deeply involved in cloud governance and cybersecurity—two areas that would define the next phase of my career. The cloud was no longer a nice-to-have; it was mission-critical infrastructure requiring sophisticated risk management.

Global Leadership: Citi (2024-Present)

Today, as SVP and Technology Risk and Control Group Manager at Citi, I lead a global team of risk and control SMEs supporting over 100 internal audits annually across Services, Markets, Banking, and Client Tech organizations.

At this scale, the challenge isn't just managing risk—it's scaling expertise and creating leverage. I've designed and implemented standardized audit engagement frameworks with process automation and dashboard reporting, enabling consistent, high-quality audits across diverse technology domains.

But what excites me most is the opportunity to shape the future of technology risk management. As AI becomes embedded in financial services, as cloud adoption accelerates, and as regulatory expectations evolve, we need risk frameworks that are flexible, automated, and forward-looking.

Looking Forward

Fifteen years into this journey, I'm more energized about technology risk than ever. The challenges are bigger, the technology more complex, the stakes higher—but the opportunity to make an impact is unprecedented.

Whether it's building AI governance frameworks, scaling audit programs through automation, or helping organizations navigate cloud security, the core mission remains the same: enabling innovation through intelligent risk management.

That's the story so far. The next chapter is still being written.