Craig Edward Roche
Redwood City
Summary
Experienced in technical, security, and leadership roles with a proven track record of identifying and mitigating cybersecurity risks. Implemented innovative technologies to develop measurable strategies for reducing risk and enhancing security on a global scale. Expertise in integrating risk and control disciplines within regulated enterprises to achieve strategic alignment and organizational goals. Built cohesive and high-performance teams through collaborative technology leadership, fostering relationships across departments and partners. Utilized data-driven research methodologies and analytical thinking to identify and mitigate risks, measure control effectiveness, and drive positive change for enhanced safety. Capable of defining and developing people, processes, and technologies that address risks, manage costs, and support critical business needs by leveraging emerging technologies.
Overview
19
19
years of professional experience
1
1
Certification
Work History
Senior Technical Program Manager – Security
Google LLC
04.2022 - Current
- Greenfield reboot of global technical insider risk program previously staffed with 50+ engineers focusing on preventing existential risks to entirety of Google’s infrastructure, products and services
- Documented, defined and implemented control measurement for work previously performed
- Created, approved and implemented new program strategy based on evolving cybersecurity risks
- With senior engineering leadership drove updated scope management and control design for both probability and impact reducing controls
Technical Program Manager - Security
Verily Life Sciences LLC
03.2021 - 04.2022
- First leader hired supporting CISO to create and drive transformational programs supporting objective of building capabilities independent of those supported by Google
- Defined, developed and implemented complex Vendor Security Assessment tailored to Life Sciences portfolio
- Worked with Google Compliance Engineering to map common controls to bespoke Security Policies & Standards
- Led effort to re-design Incident Management and Secure Software Development Standards across portfolio
Director, Information Security Governance
Heartflow Inc
09.2019 - 11.2019
- Led newly created team of security and compliance professionals reporting to CISO
- Structured and drove SOC-1, SOC-2 and HiTrust certification program
- Owned policies, controls, security awareness, engagement, communication, risk and security portfolio
- Led internal resources responsible for control design, policy development and third-party trust
- Engaged executive stakeholders on GRC posture and regulatory readiness
- Defined standards and processes for security awareness, communication and engagement
- Position Eliminated as part of downsizing
Senior Director, Information Security Governance
LendingClub Corporation
06.2013 - 06.2019
- Built & led teams of managers and individual contributors establishing and maturing foundational technology capabilities
- Defined technology governance practice, drove control creation, third party trust, and maintained relationships with key partners, key investors and regulators
- Created and evolved audit-level technology change management, incident and asset management capabilities aligned to internal, external, regulatory and control obligations in areas of cybersecurity, risk and compliance
- Owned Technology Policies and Standards, delivered and implemented Unified Control Framework and in conjunction with redesigned taxonomy of policies and standards
- Executed strategic planning and forecasting for data centers and service migration to AWS including security, service availability, capacity modeling and vendor management
Service Solutions Director
GoodData Corporation
01.2012 - 01.2013
Senior Program Manager, Business Intelligence and Data
McAfee, An Intel Company
01.2011 - 01.2012
Manager Business Intelligence Program (BI) (Consultant)
Pacific Gas & Electric Company
01.2010 - 01.2011
Director Business Intelligence & Data Warehousing
Blue Shield of California
01.2008 - 01.2009
Director Integrated Planning
Blue Shield of California
01.2006 - 01.2007
Education
B.A. - Business Economics
University of California, Santa Barbara
Santa Barbara, CASkills
- Full strategic re-baselining and implementation of global technical insider risk program driving security posture improvements for $13T global technology company
- Designed, developed and deployed Third Party Security Risk program for leading health technology company
- Co-authored cryptocurrency AML position paper with AnChainAI which was accepted by the United States Office of the Comptroller of the Currency
- Defined and deployed comprehensive, integrated bank-ready cybersecurity and technology control program supporting largest consumer lender in the United States
- Founded and developed Business Intelligence Program for one of the largest utilities in the US requiring regular executive presentations on program milestones and effectiveness
- Defined and implemented strategic roadmap to re-structure data management capabilities and program of the largest health insurance payer organization in California
Phonenumbers
(650) 204-9820, (415) 215-5397
Professionalassociations
Advisory Board Member – Anchain.ai, 01/01/20, 12/31/21
Certification
- Project Management Professional (PMP) - Project Management Institute.
- ISACA Certified Governance Enterprise Information Technology (CGEIT)- ISACA.
Languages
French
Limited Working
Spanish
Limited Working
Timeline
Senior Technical Program Manager – Security
Google LLC
04.2022 - Current
Technical Program Manager - Security
Verily Life Sciences LLC
03.2021 - 04.2022
Director, Information Security Governance
Heartflow Inc
09.2019 - 11.2019
Senior Director, Information Security Governance
LendingClub Corporation
06.2013 - 06.2019
Service Solutions Director
GoodData Corporation
01.2012 - 01.2013
Senior Program Manager, Business Intelligence and Data
McAfee, An Intel Company
01.2011 - 01.2012
Manager Business Intelligence Program (BI) (Consultant)
Pacific Gas & Electric Company
01.2010 - 01.2011
Director Business Intelligence & Data Warehousing
Blue Shield of California
01.2008 - 01.2009
Director Integrated Planning
Blue Shield of California
01.2006 - 01.2007
B.A. - Business Economics
University of California, Santa Barbara
Similar Profiles
Peter MorrisonPeter Morrison
Technical Program Manager at Google LLCTechnical Program Manager at Google LLC
Derek OliverDerek Oliver
Practice Lead, Infra / Application Modernization at Google LLCPractice Lead, Infra / Application Modernization at Google LLC
Tyago DunhamTyago Dunham
Trust and Safety Policy Specialist at Google LLCTrust and Safety Policy Specialist at Google LLC