Craig Frazier
London,ON
Summary
Information security leader with 15+ years across governance, risk, and supplier assurance, including 6 years as Cybersecurity Manager in a regulated utility. Builds and matures third-party cybersecurity governance & oversight; designs/validates controls across IAM, Network Security, Application Security, and Data Protection; and drives risk reduction with executive-ready KRIs/KPIs and reporting. Trusted escalation point for complex vendor engagements; experienced with NIST CSF/800-53, ISO 27001/2, PCI DSS and cloud security (AWS/GCP).
Overview
14
14
years of professional experience
Work History
Cybersecurity Manager
London Hydro
01.2020 - Current
- Developed comprehensive risk assessment methodologies for identifying potential threats and vulnerabilities.
- Implemented data loss prevention strategies, safeguarding valuable company information from unauthorized access.
- Lead third-party cybersecurity governance and oversight, establishing risk tiering, standardized control baselines (NIST/ISO/PCI-aligned), and an issue-to-closure workflow with Legal/Procurement (security clauses, right-to-audit, breach SLAs).
- Collaborated with cross-functional teams to develop robust business continuity plans in the event of a cyber attack.
- Conducted thorough forensic investigations to identify root causes of cyber incidents and implement corrective actions promptly.
- Streamlined patch management processes, ensuring timely deployment of critical security updates.
- Serve as escalation point for high-risk/complex vendors; negotiate remediation plans and track deliverables to quality and timelines.
- Built a target operating model for third-party reviews (roles/RACI, intake, continuous monitoring) achieving 90% on-time completion and 85% reduction in time-to-decision.
- Drive risk reduction across IAM/Network/AppSec/Data: enforce MFA & federation for third-party admins (80% coverage), implement segmentation/private connectivity, set secure-by-design expectations for vendor-built integrations, and ensure encryption in transit/at rest.
- Stood up executive dashboards and KRIs (residual risk, concentration risk, issues aging, SLA adherence) and briefed senior stakeholders for risk-based prioritization.
- Govern cloud security for SAP S/4HANA on AWS (KMS, IAM least-privilege, logging/monitoring, GuardDuty/Macie findings triage).
- Consolidate SOC tooling toward Palo Alto Cortex XDR/XSIAM to replace legacy SIEM use cases, lowering operational overhead and improving detection fidelity.
- Coordinate incident response with IT/Legal/Risk; close visibility gaps (egress control, audit rules) and reduce false positives via tuned detections.
- Risk closure: Closed 50 issues, with 85% of critical issues resolved within SLA targets (≤30/60/90 days).
- Risk reduction: Drove 85% reduction in critical third-party risks via standardized baselines and executive-tracked remediation.
Senior Consultant, IT Risk Advisory Services
Deloitte
01.2019 - 12.2020
- Mentored junior consultants, helping them enhance their skills and contribute more effectively to projects.
- Delivered high-quality solutions for clients through comprehensive research and analysis of industry trends.
- Developed innovative strategies to address complex business challenges, resulting in increased profitability for clients.
- Presented findings and recommendations to executive-level stakeholders, effectively communicating key insights and action plans.
- Advised clients in tech/education/auto/telecom sectors on GRC and security compliance (NIST 800-53, SOC 2, COSO); mapped controls to risks and produced audit-ready evidence and remediation roadmaps.
- Performed cloud/application security reviews (AWS/GCP), recommending operating-model and control uplifts to improve throughput and reduce recurring findings.
Information Security Lead
Algonquin College
05.2018 - 01.2019
- Built an enterprise incident response plan covering 106K+ students/alumni and launched security awareness for 900+ staff; led PCI DSS governance and continuity planning.
- Contributed to significant improvements in network performance by optimizing firewall configurations and network infrastructure design.
- Played a key role in the development of information security policies and procedures, aligning them with industry standards and regulations for robust data protection.
- Assisted executive leadership in understanding risks associated with technology decisions, enabling well-informed decision-making around IT investments.
- Enhanced information security by implementing comprehensive threat management and risk assessment strategies.
- Collaborated with external partners to share insights on emerging threats, enhancing collective defense strategies against cyberattacks.
- Streamlined cybersecurity operations by optimizing processes and automating routine tasks.
- Performed risk analyses to identify appropriate security countermeasures.
- Mentored junior staff members on best practices in cybersecurity, contributing to their professional development and growth within the company.
- Managed vendor relationships for outsourced services related to information security, ensuring alignment with organizational goals and priorities.
IT Security Administrator
Atlantis Resorts
05.2015 - 05.2018
- Managed risk assessments to evaluate the organization's exposure to information security threats.
- Managed a Data Loss Prevention program mitigating up to $500K in annual exposure; analyzed trends and closed process gaps.
- Actively participated in cross-functional meetings to provide expert guidance on information security matters during project development phases.
- Collaborated with IT teams to ensure timely application of security patches and updates for all systems.
Network Security Administrator
KPMG Professional Services
08.2011 - 05.2015
- Delivered annual security awareness training for 250+ staff; updated materials to reflect regulations and best practices; supported top audit outcomes.
- Developed and maintained company-wide endpoint security solutions.
- Offered preventive training to harden personnel against intrusion vectors such as phishing, ransomware and more.
- Authored security and vulnerability reports, detailing logged incursions and suggesting remediation efforts.
Education
Master of Science - MSc - Cybersecurity Management
University of Illinois (Online)
01-2026
Bachelor of Business Administration - BBA - Computer Information Systems
University of The Bahamas
Certifications
Professional Development Studies
Skills
- Information security governance
- Information security strategic planning
- Third party risk management (TPRM)
- Identity and Access Management (IAM)
- Endpoint security
- Privileged access management
- Security risk assessment
- Security operations
- Penetration testing
- Data Protection
- Identity management
- Security awareness training
Timeline
Cybersecurity Manager
London Hydro
01.2020 - Current
Senior Consultant, IT Risk Advisory Services
Deloitte
01.2019 - 12.2020
Information Security Lead
Algonquin College
05.2018 - 01.2019
IT Security Administrator
Atlantis Resorts
05.2015 - 05.2018
Network Security Administrator
KPMG Professional Services
08.2011 - 05.2015
Master of Science - MSc - Cybersecurity Management
University of Illinois (Online)
Bachelor of Business Administration - BBA - Computer Information Systems
University of The Bahamas
Certifications
Professional Development Studies
Similar Profiles
Michael CornishMichael Cornish
Underground Power Cable Technician at London HydroUnderground Power Cable Technician at London Hydro
Vishakha AroraVishakha Arora
Senior Analyst, GL at Norsk Hydro Group (Hydro GBS Global Hub)Senior Analyst, GL at Norsk Hydro Group (Hydro GBS Global Hub)
Deepak VijayDeepak Vijay
Team Lead (Manager) at Hydro BS India Pvt. Ltd.(Part of Norsk Hydro)Team Lead (Manager) at Hydro BS India Pvt. Ltd.(Part of Norsk Hydro)
Richelle MitchellRichelle Mitchell
Personal Support Worker at City of London- Dearness Home LTCPersonal Support Worker at City of London- Dearness Home LTC
Ayor ZalAyor Zal
Administrative Assistant at King University CollegeAdministrative Assistant at King University College