Hi! I'm André, a Director-level leader and enterprise cyber risk executive with 20+ years driving vulnerability remediation, regulatory readiness, and operational risk reduction across healthcare and financial services. I have a proven record coordinating zero-day response within 72 hours, closing high-severity events with zero missed deadlines, and translating technical risk into board-level action.
My work has centered on helping large, regulated organizations reduce cyber exposure, close audit findings, and drive real remediation — not just reporting risk, but driving it to resolution. This includes building enterprise vulnerability governance frameworks, leading executive risk reporting, and managing rapid response to critical and zero-day threats across NIST, HIPAA, SOX, and PCI-DSS control environments.
Want to connect..? Please send me an email, give me a call, grab a copy of my resume or connect via LinkedIn.
Core Capabilities
- Enterprise Vulnerability Management: Built governance frameworks covering 10,000+ assets; proven record reducing mean-time-to-remediate for critical findings and driving backlog closure across large, regulated environments.
- Zero-Day & Critical Vulnerability Response: Established and led emergency response functions handling high-severity events with 100% on-time remediation and zero regulatory escalations.
- Audit & Regulatory Control Response: Deep expertise across NIST CSF, HIPAA, SOX, and PCI-DSS — achieving zero control failures in annual audit cycles.
- Executive & Board-Level Communication: Translates technical risk into actionable governance reporting for senior leadership, board stakeholders, and audit teams.
- GRC Tooling & Program Execution: Hands-on experience with Qualys, ServiceNow (ITSM & GRC), Splunk (SIEM), Jira, and Archer across cross-enterprise programs.
Professional History
2023 – 2026 | Evernorth Health Services (Cigna)
- Principal – Technology Risk & Governance: Enterprise point of contact for Technology Risk across the Cigna Information Protection (CIP) organization, Global Infrastructure & Operations, and Audit, operating within HIPAA and SOX regulatory control environments.
- Built enterprise vulnerability governance framework covering 10,000+ assets; reduced mean-time-to-remediate (MTTR) for critical findings by 18% within first 12 months.
- Established centralized reporting and governance for vulnerabilities, audit issues, and technology debt — providing executive visibility into risk posture and remediation performance across 4 business units.
- Drove cross-organization accountability, accelerating closure of multiple audit findings and reducing open critical vulnerability backlog by >20%.
- Achieved zero control failures in annual audit cycles through close alignment with security, infrastructure, and audit teams on HIPAA and internal SOX controls.
2017 – 2023 | Wells Fargo
- SVP & Senior Manager – Technology Operations & Risk Programs: Led enterprise technology risk operations and built the firm's Emergency Vulnerability Response function in a heavily regulated financial services environment (SOX, PCI-DSS).
- Managed 17 high-severity zero-day events with 100% on-time remediation and zero regulatory escalations.
- Reduced reporting cycle time by 25% through automated dashboards for senior leadership.
- Oversaw Incident, Problem, Change, Release, and Knowledge Management governance for infrastructure supporting 2,000+ customers.
- Coordinated cross-functional teams of 50+ to achieve 15% year-over-year reduction in critical open vulnerabilities.
2015 – 2017 | GE Capital
- Operations Leader – Technology Infrastructure & Vulnerability Risk: Led 24-person operations team supporting 24/7 enterprise Wintel and Unix environments across 3 data centers.
- Reduced unpatched critical CVEs by 20% within 6 months through vulnerability monitoring and remediation oversight.
- Improved on-time SLA delivery from <20% to >65% across multi-client vendor environments.
2013 – 2015 | GE Capital
- Service Delivery Manager: Ensured performance and availability of critical banking applications supporting $6B in managed assets.
- Improved SLA performance by ~20% through incident recovery process redesign and governance improvements.
2007 – 2013 | GE Capital
- Senior Program Manager: Delivered enterprise risk-reduction and disaster recovery readiness initiatives for revenue-critical systems across 4+ business lines.
- Managed 10+ concurrent infrastructure and application releases; reduced release-related incidents by 50% through improved change governance.
2003 – 2007 | Altria Corporate Services
- Senior Program Manager / Solutions Architect: Delivered global network and data center initiatives supporting financial systems across 5 countries; completed flagship infrastructure program 3 months ahead of schedule.
- Implemented shared services infrastructure reducing operational overhead across global support operations.
Education
- MBA, Information Decision Technology Management — Iona College
- MS, Public Administration — Long Island University
- BS, Criminology — Long Island University
Certifications & Technical Proficiency
- Frameworks & Standards: NIST CSF, HIPAA, SOX, ITIL
- Tools & Platforms: Qualys, ServiceNow (ITSM & GRC), Splunk (SIEM), Jira, Archer
- Certifications: ITIL Service Manager