André Sanz

About

André Sanz – Bio
André

Hi! I’m André, a Director-level leader and enterprise cyber risk executive with 20+ years driving vulnerability remediation, regulatory readiness, and operational risk reduction across healthcare and financial services. I have a proven record coordinating zero-day response within 72 hours, closing high-severity events with zero missed deadlines, and translating technical risk into board-level action.

My work has centered on helping large, regulated organizations reduce cyber exposure, close audit findings, and drive real remediation — not just reporting risk, but driving it to resolution. This includes building enterprise vulnerability governance frameworks, leading executive risk reporting, and managing rapid response to critical and zero-day threats across NIST, HIPAA, SOX, and PCI-DSS control environments.

Want to connect..? Please send me an email, give me a call, grab a copy of my resume or connect via Linkedin.

Core Capabilities

  • Enterprise Vulnerability Management: Built governance frameworks covering 10,000+ assets; proven record reducing mean-time-to-remediate for critical findings and driving backlog closure across large, regulated environments.
  • Zero-Day & Critical Vulnerability Response: Established and led emergency response functions handling high-severity events with 100% on-time remediation and zero regulatory escalations.
  • Audit & Regulatory Control Response: Deep expertise across NIST CSF, HIPAA, SOX, and PCI-DSS — achieving zero control failures in annual audit cycles.
  • Executive & Board-Level Communication: Translates technical risk into actionable governance reporting for senior leadership, board stakeholders, and audit teams.
  • GRC Tooling & Program Execution: Hands-on experience with Qualys, ServiceNow (ITSM & GRC), Splunk (SIEM), Jira, and Archer across cross-enterprise programs.

Professional History

2023 – 2026 | Evernorth Health Services (Cigna)

  • Principal – Technology Risk & Governance: Enterprise point of contact for Technology Risk across the Cigna Information Protection (CIP) organization, Global Infrastructure & Operations, and Audit, operating within HIPAA and SOX regulatory control environments.
  • Built enterprise vulnerability governance framework covering 10,000+ assets; reduced mean-time-to-remediate (MTTR) for critical findings by 18% within first 12 months.
  • Established centralized reporting and governance for vulnerabilities, audit issues, and technology debt — providing executive visibility into risk posture and remediation performance across 4 business units.
  • Drove cross-organization accountability, accelerating closure of multiple audit findings and reducing open critical vulnerability backlog by >20%.
  • Achieved zero control failures in annual audit cycles through close alignment with security, infrastructure, and audit teams on HIPAA and internal SOX controls.

2017 – 2023 | Wells Fargo

  • SVP & Senior Manager – Technology Operations & Risk Programs: Led enterprise technology risk operations and built the firm’s Emergency Vulnerability Response function in a heavily regulated financial services environment (SOX, PCI-DSS).
  • Managed 17 high-severity zero-day events with 100% on-time remediation and zero regulatory escalations.
  • Reduced reporting cycle time by 25% through automated dashboards for senior leadership.
  • Oversaw Incident, Problem, Change, Release, and Knowledge Management governance for infrastructure supporting 2,000+ customers.
  • Coordinated cross-functional teams of 50+ to achieve 15% year-over-year reduction in critical open vulnerabilities.

2015 – 2017 | GE Capital

  • Operations Leader – Technology Infrastructure & Vulnerability Risk: Led 24-person operations team supporting 24/7 enterprise Wintel and Unix environments across 3 data centers.
  • Reduced unpatched critical CVEs by 20% within 6 months through vulnerability monitoring and remediation oversight.
  • Improved on-time SLA delivery from <20% to >65% across multi-client vendor environments.

2013 – 2015 | GE Capital

  • Service Delivery Manager: Ensured performance and availability of critical banking applications supporting $6B in managed assets.
  • Improved SLA performance by ~20% through incident recovery process redesign and governance improvements.

2007 – 2013 | GE Capital

  • Senior Program Manager: Delivered enterprise risk-reduction and disaster recovery readiness initiatives for revenue-critical systems across 4+ business lines.
  • Managed 10+ concurrent infrastructure and application releases; reduced release-related incidents by 50% through improved change governance.

2003 – 2007 | Altria Corporate Services

  • Senior Program Manager / Solutions Architect: Delivered global network and data center initiatives supporting financial systems across 5 countries; completed flagship infrastructure program 3 months ahead of schedule.
  • Implemented shared services infrastructure reducing operational overhead across global support operations.

Education

  • MBA, Information Decision Technology Management — Iona College
  • MS, Public Administration — Long Island University
  • BS, Criminology — Long Island University

Certifications & Technical Proficiency

  • Frameworks & Standards: NIST CSF, HIPAA, SOX, ITIL
  • Tools & Platforms: Qualys, ServiceNow (ITSM & GRC), Splunk (SIEM), Jira, Archer
  • Certifications: ITIL Service Manager

© 2026 André Sanz