Secure Tier Payments Program (MFT Org)

• Owned quarterly planning process for TPA (Third Party Assessment) for CWs and LBRs: including intake request form, required fields (scope, risk tier, due dates, dependencies), and clear SLAs for submission/review, prioritization, capacity alignment, tradeoff facilitation.

• Managed OKR tracking & weekly reporting, building a single source-of-truth dashboard and running weekly OKR reviews (progress, risks, dependencies), delivering concise exec updates to keep priorities on track.

• Security program ownership (Identify / Prevent / Detect / Respond | Third‑party risk): Owned the end-to-end security program strategy and operating cadence Third‑party/vendor risk - establishing intake and governance to identify vendor security risks early (due diligence questionnaires, architecture/data-flow reviews, access and data handling assessments, and tiering decisions), aligning Security, Privacy, Legal, Eng, and Ops on risk acceptance criteria and remediation gates and driving preventative controls (least-privilege access, scoped integrations, logging/monitoring reqs, contractual security/privacy clauses, and go-live block criteria) to reduce vendor-driven exposure before launch.

• Drove AI-enabled workflow transformation at Meta by using agentic reporting system that automatically summarizes weekly progress across Privacy & Security tickets (status, risks, blockers, and next steps), improving stakeholder visibility and accelerating team adoption, reducing manual reporting effort by ~20 hrs per week for each team (4 teams in total)

• Implemented Cloud based key management cryptographic operations for PCI data, reducing audit scope and complexity, enabling successful PCI DSS 4.2 cert

• Implementation of security and privacy controls aligned with NIST CSF, GDPR, and PCI-DSS to support legal and regulatory compliance across Meta’s Paysec5 payment infra, resulting 30% improvement in risk visibility, faster mitigation of security findings

1 Successfully drove Game Growth programs for 3P integration with Amazon Games, collaborating with diversified providers like Riot, Bungie, and Blizzard

2 Developed a detailed migration document outlining the API linkage process to the new services, generating TT tickets for each service owner, migration plans encompassing migration strategy, services impacted, step-by-step migration procedures, migration campaign tracker, and migration tech guide.

3 Orchestrated implementation of Account Linking, establishing connections between third-party and Amazon accounts by generating unique ECIDs (Amazon Unique IDs) and securely storing them in DynamoDB.

Implemented user-friendly authentication processes, enabling seamless account linking through OAuth or 4 Login with Amazon (LWA) based on user preferences.

Implemented a formal Request for Change (RFC) process for all proposed modifications to the AWS cloud environment (e.g., adding new services, adjusting security groups, deploying new applications).

5 Conducted thorough impact assessments for each proposed AWS cloud change, specifically identifying potential security vulnerabilities and risks prior to implementation.

6 Developed and implemented tailored change management strategies utilizing Amazon's rigorous methodologies, resulting in increased adoption rates and minimized disruption during periods of significant organizational transformation.

1 Handled privacy and legal requirements from a business and security perspective to ensure that PayPal’s payment program is aligned with global data privacy regulations, like GDPR and CCPA.

2 Led the implementation of First Line of Defense (1LOD) within PayPal’s product and engineering teams, strengthening governance, risk, and compliance (GRC) frameworks.

3 Collaborated with IT Global Business Management Services (GBMS) and cross-functional PMOs to develop a practical approach for tracking costs and reducing the overall expenses of audits by 20%.

4 Conducted a comprehensive security risk assessment, identifying and prioritizing critical risks and recommending security enhancements that resulted in 40% reduction in overall risk.

5 Implemented IT SOX controls, including payment, change management, and access controls for internal and external SOX audits, and created a SOC2 Type II report to meet PCI industry standards.

1 Led cloud security adoption initiatives across Google’s enterprise teams, integrating GCP security frameworks (IAM, VPC configurations, encryption) into business operations, resulting in a 30% increase in secure cloud workload deployments

2 Collaborated with cross-functional teams to implement governance frameworks that streamlined compliance with PCI-DSS and ISO 27001, accelerating enterprise cloud adoption and reducing security review timelines by 40%.

3 Acted as a liaison between attorneys, business units, and compliance teams, developing and maintaining information systems to track legal commitments, monitor status, and streamline compliance workflows.

4 Led compliance efforts for emerging laws by conducting risk assessments, managing regulatory questionnaires, and ensuring alignment with evolving legal and industry standards.