CISSP · CCSP · IAPP AIGP (in progress) AI Governance & Risk | NIST AI RMF · ISO 42001 · EU AI Act | 20 years regulated-industry GRC Livingston, NJ | Open to NJ/NYC roles

GRC and information security leader applying 20 years of regulated-industry experience to AI governance. Most AI governance content is written for AI engineers or compliance theorists. The tools in this portfolio are built for practitioners who have to operationalize AI governance inside real organizations, with real regulatory exposure, real vendor contracts, and real audit timelines.

• 11 years managing GRC programs across financial services, healthcare, and real estate
• Business Information Security Officer at Anywhere Real Estate (Fortune 500): 100% pen test and audit finding closure rate across 30 months; cut time-to-market on new product launches ~30% as security/business liaison
• Vendor Risk Manager: built enterprise-wide TPRM program; 70% reduction in assessment time, 40% throughput increase without additional headcount
• CISSP + CCSP: IAPP AIGP exam scheduled Q3 2026
• Currently studying: NIST AI RMF 1.0 + Generative AI Profile (600-1), ISO/IEC 42001, EU AI Act (full enforcement August 2026)

The background that makes these tools useful: I've been in the room when a security finding became a board-level risk decision, when an audit finding needed to be translated into a business case, and when a vendor contract created regulatory exposure no one anticipated. These tools reflect those situations.

Published on LinkedIn about the gap between AI governance frameworks and operational GRC practice:

• You Have a Policy. You Don't Have Governance. - published May 2026
• The AI You Built (Part 1 of 4) - published May 2026
• Translating NIST AI RMF into GRC Language Auditors Already Use - in progress
• What 11 Years of Vendor Risk Management Taught Me About AI Vendor Risk - in progress

LinkedIn · [email protected] · (973) 943-9917