The Challenge

GE operated across dozens of countries and business units — each with varying levels of maturity in IT risk and product security. From medical devices to jet engines, digital transformation introduced serious risk exposure. Leadership needed auditors with both technical depth and business fluency to evaluate risk controls across high-stakes environments and guide remediation at speed.

My Role

• Lead Auditor on High-Priority Programs
  Ran global IT audits covering secure SDLC practices, network segmentation, cloud readiness, and third-party risk. Delivered findings and recommendations directly to CIOs and BU leadership, often influencing near-term investment and remediation decisions.

• Product Security Oversight
  Designed and piloted a Product Security Maturity Model that evaluated controls across software lifecycle stages. The model was later adopted as an internal standard and mapped to emerging NIST cybersecurity frameworks — becoming a reference point for secure digital product development across GE.

• Risk Framework Implementation
  Evaluated and enhanced GE’s IT Risk Control Matrix, leading tests of controls (TOC), tests of effectiveness (TOE), and remediation audits. This supported SOX compliance and broader enterprise risk management programs.

• Training & Knowledge Transfer
  Led internal workshops to upskill global audit teams on secure development practices and cybersecurity. Helped build foundational understanding of risk-based software delivery and operational IT resilience.

Outcome

The work ensured that GE’s IT controls were not just audit-ready — they were transformation-ready. The frameworks and maturity models I helped define are still used in various forms today and were instrumental in preparing GE’s global teams for cloud migration, digital product rollouts, and post-M&A integration challenges.