Skip to content
Open to board advisory and board seats — 2H 2026, then CY 2027–2028.
See details →
Fintech · Banking · FinServ

Finance & fintech expertise

Security, DevOps, and AI governance leadership for fintech platforms, banks, and regulated financial services.

1,500+
Financial institutions served at SavvyMoney
SOC 2 Type II
Independent attestation maintained
CSA STAR Level II
Continuous-audit assurance
NIST CSF
Program scored above industry average

Pillars

Fintech & banking platforms

Security and DevOps for platforms serving 1,500+ financial institutions — built for regulators, not just users.

Regulatory frameworks

PCI DSS, SOX, GLBA, NYDFS 500, FFIEC, CCPA, GDPR — and the operating cadence that keeps them current, not crammed.

Working with regulators

Hands-on experience walking examiners and auditors through controls, exceptions, and remediation plans.

Revenue-aligned security

Reframing security as a deal accelerator — faster questionnaires, cleaner attestations, shorter procurement cycles.

AI governance for financial services

Model risk, bias, explainability, and the audit artifacts your regulator actually asks for.

Third-party risk at scale

Vendor tiering, continuous monitoring, and the controls that survive a 500-vendor portfolio.

Frameworks & regulations

Frameworks
  • PCI DSS
  • SOX ITGC
  • SOC 2 Type II
  • HITRUST r2
  • NIST CSF
  • ISO 27001
Financial regs
  • GLBA
  • NYDFS Part 500
  • FFIEC CAT
  • CFPB guidance
  • Reg E / Reg Z context
Privacy
  • CCPA / CPRA
  • GDPR
  • GLBA Safeguards Rule
AI / model risk
  • NIST AI RMF
  • SR 11-7 patterns
  • EU AI Act readiness

Related writing

All fintech posts
Jun 9, 2026 · 4 min

Your Security Program Is a Sales Asset. Start Treating It Like One.

Why provable security closes deals in regulated industries — and why the next budget conversation should lead with revenue, not fear.

FintechGRC
Mar 29, 2026 · 3 min

The Audit Passed in March. Is It Still True?

Point-in-time certification is the floor, not the goal. The case for continuous assurance over annual audits.

ComplianceGRCFintech
Jun 24, 2026 · 7 min

The 2026 AI Regulatory Map That Fits on One Page

Everyone read 'EU AI Act deferred to 2027' and exhaled — but the part that fines you 3% of global revenue turns on in August. The four 2026 rules with teeth, on one page.

Compliance
May 3, 2026 · 6 min

The Eight-Domain Azure Security Review for Regulated Environments

An automated tool scores your Azure posture; an assessor walks your architecture. The eight domains I review, in the order an audit walks them, and the evidence each one has to produce.

Compliance

Building or scaling a fintech platform?

I advise fintechs, banks, and regulated SaaS on security programs, regulator readiness, and AI governance that ships.

Book a callSee case studies