David W. Watson
Risk Management/Cyber Security Professional
Toronto,ON
Summary
Decisive Senior Security Professional offering over 30+ years of experience managing, architecting, developing, delivering, assessing, and auditing technology systems, processes, and controls.
Experienced with strategic planning and project management. Utilizes leadership skills to drive team performance and operational excellence. Track record of delivering high-impact results through innovative problem-solving and effective communication.
Knowledgeable [Desired Position] with proven history of leading high-performing teams and executing strategic initiatives that drive organizational growth. Successfully directed cross-functional projects that resulted in significant process improvements and operational efficiencies. Demonstrated leadership and communication skills in fostering collaborative environments and delivering impactful results.
Professional with robust background in directing and managing large-scale operations, consistently driving success through strategic planning and execution. Adept at implementing innovative solutions that enhance productivity and operational effectiveness. Known for fostering teamwork and adapting to evolving business needs, ensuring alignment with organizational goals.
Strategic-thinking individual experienced in turning low-performing organizations into top revenue producers. Offering engaging and pleasant personality with expertise improving customer relationships.
Tech-savvy innovator with hands-on experience in emerging technologies and passion for continuous improvement. Skilled in identifying opportunities for technological enhancements and implementing effective solutions. Adept at leveraging new tools and methods to solve problems and enhance productivity. Excels in adapting to fast-paced environments and driving technological advancements.
Overview
35
35
years of professional experience
Work History
Director of Cyber Security – Principal Consultant GITR
Royal Bank of Canada
08.2020 - 05.2025
- Provided governance, policy, and standards oversight for new and existing technology solutions.
- Created, Developed and Executed Generative AI threat risk process used throughout the organization including assessment techniques, CISO directives, 3rd part evaluation and integrated application services models.
- Developed and optimized a new “Threat Modelling Methodology & Framework Analytics” program for the Global Cyber Security Consulting group using customized aspects of STRIDE, DREAD, MITRE, PASTA and FAIR techniques to address the threat risk quantifiers related to Corporate, Business and Technology to assist in enabling a more comprehensive understanding of the risk landscape.
- Consulted and Provided review and oversight of the development of the CNB Self-Driven Threat Modelling Process and Methodology.
- Developed, implemented and operationalized a GenAi Threat Modelling Risk Triage and Production assessment process.
- Providing support for compliance assessments with external Auditors (includes but not limited to CSAE 3416 SOC 1 and SOC 2, OFSI, SOX, HIPPA, PII, PCI-DSS, CCPA, GDPR, FedRamp, ITIL, NIST 800-XX, ISO 27001/2 controls which includes process and documentation compliance requirements.)
- Provided Solution Architecture and Security consulting services to project/programs during the System Development Life Cycle (SDLC) to ensure adequate controls are in place, while identifying security gaps and providing solution recommendations to mitigate risk.
- Cyber Security Focus on assessing and defining Solution Architecture related to specific cloud technologies: AWS, Azure and GCP platforms across primary business lines related to Security framework, cloud application delivery and controls.
- Communicating as the Security SME with Solution Architects & Application Development teams
- Communicate, collaborate, engage, and build rapport with team members, the broader Global Cyber Security teams, stakeholders and business partners using a variety of techniques from initiation to close.
Senior IT Risk Advisor 3-PARTY Security
Bank of Montreal
04.2018 - 08.2020
- This role acted independently as a cyber security assessor with duties ranging from compliance to threat assessment, as part of the role as a complete understanding of the infrastructure, application, and security architecture to assess risk related to third party vendors and products.
- Conducted business process reviews to understand current state business processes and how underlying applications support and enable these processes while maintaining security posture and oversight.
- Collaborated with business partners and stakeholders to identify and define elevated level and detailed security requirements.
- Reviewed and provided security oversight of technical designs and solution proposals to propose or help identify viable, practical, and cost-effective solutions to security problems.
- Prepared gaps, threat, and impact analysis process, procedures and documentation.
- Proactively identified opportunities to utilize current or innovative technical solutions to improve business processes and/or products that provide additional revenue, cost savings or efficiency gains.
- Cloud Technical Advisor/Oversight for AWS, Azure and Google related to design, architecture, and configuration management.
- Cloud Security Advisor/Oversight – SaaS, PaaS, and IaaS, with compliance oversight (includes but not limited to CSAE 3416 SOC 1 and SOC 2, OFSI, SOX, HIPPA, PII, PCI-DSS, CCPA, GDPR, FedRamp, ITIL, NIST 800-XX, ISO 27001/2 controls which includes process and documentation compliance requirements)
Senior IT/Cloud Security Solution Architect
JM Family Enterprises, INC.
04.2017 - 03.2018
- Security Solution Architect at JM Family; responsible for working with enterprise architecture, PMO and executives to determine the best security architecture and designs that would enable JM Family to move to a Zero Trust Framework.
- Enhancements to the security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions; teaching improved processes; mentoring team members.
- Determining security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
- Planning security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.
- Implementing security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; creating, transmitting, and maintaining keys; providing technical support; completing documentation.
- Developed Infrastructure security threat modelling techniques and services for cloud platform and migration services.
Chief Information Officer/Chief Technology Officer (Cloud)
Quatra Incorporation
06.2013 - 04.2017
- Chief Information Officer while employed at Quatra Inc., a Richmond, Virginia based advanced Cloud/Security Consulting Solutions & Integration services specializing in AWS, Azure and Google Cloud products.
- Collaborated with clients assessing their current architecture and aligning their strategic roadmap to provide guidance and gap analysis by defining process roadmaps and strategic migration plans for Quatra and its clients related to Cloud IaaS, PaaS, and SaaS. Security, Infrastructure which included multi-platform build efforts for leading edge technologies solutions, including Amazon Web Services, Microsoft Azure, Google Cloud Platform, Oracle Cloud, MSSQL, MySQL, Liferay Portals, VMware, Contact Center Solutions.
- Analyzed business requirements, designed, and delivered secure cloud solutions for major clients, while complying to PCI- DSS, FedRamp and associated NIST (8xx) guidelines.
- Delivered all process and governance documentation to complete the compliance lifecycle. Primary focus on enterprise environments, carrier infrastructure and application services in the building blocks of visualized environments and delivery models.
- Advanced experience in Cloud & SaaS Platforms: Amazon Web Services, Microsoft Azure, Google Cloud and ServiceNow; continuous work with JBoss, Tomcat, WebLogic, and WebSphere along with experience in ASP.Net, C++ and Java (Web Calls, Python and JavaScript Object Notation (JSON) integration), Azure and primarily MySQL & SQL database frameworks.
- MAJOR INITIATIVES:
- Chief Information Officer – Quatra, Richmond Virginia (July 2015 to April 2017)
- Chief Information Officer (CIO), primarily supporting the emerging cloud security, cloud risk and governance operations, creating cloud strategies, marketing controls and vendor relationships.
- Cloud CTO/Senior Cloud Security Solution Architect - NYS Education Department (June 2013-July 2017)
- Provided New York State Education with Security and Infrastructure Services to evolve the educational cloud platform into a hybrid with AWS and the Private State Data Centers.
- Responsible for the complete security requirements and aligned risk assessments to follow Foresters Zero Trust Methodology and comply to FedRamp Moderate Plus controls.
- Designed, configured, and delivered an AWS Public Infrastructure (IaaS & PaaS); This included Network Security, DNS, ELB, VPN; all Middleware Servers (Windows/Linux), Single Sign-On Integration (Active Directory, ADFS, SAML 2.0 and IAM Services).
Senior Security Solution Architect
Rogers Communications Inc.
10.2011 - 06.2013
- Responsible for analyzing, reviewing and redesigning security architecture to enable PCI-DSS compliance in Contact Centre, Corporate, Mobile, and Retail environments (ISO 8583) at Rogers Communications. This includes all aspects of enterprise architecture to mask or remove credit card data from a Tier 1 environment.
- Security Assessments and re-design
- Firewalls, Access Control, Network Segmentation re-design
- Application integration related to CHD removal.
- Contact Centre re-design related to CHD removal of all additional design requirements to ensure compliance to PCI- DSS.
- Voice services re-design and migration to SIP technologies across the enterprise
Education
Electrical Electronics Engineering Technology
Fanshawe Community College
London, Ontario01.1991
Skills
- Extensive knowledge of advanced concepts in NIST Cybersecurity Framework and Zero Trust Methodology
- Extensive knowledge in advanced Security Compliance related to CSAE 3416 SOC 1 and SOC 2, OFSI, SOX, HIPPA, PII, PCI-DSS, CCPA, GDPR, FedRamp, ITIL, NIST 800-XX, ISO 27001/2 controls which includes process and documentation compliance requirements
- Extensive practical and functional knowledge of Threat Modelling methodologies and frameworks
- Extensive knowledge with Program Building and Optimization, Metrics, Negotiation, IT Governance, Cloud Security, Risk Management, Threat and Risk Analysis, Information Security, Incident Response, Vendor Relations, Change Management, Strategic Planning, Information Security Strategy, Conflict Resolution, Security Solution Architecture and Development
- Enterprise Security Architect role for over 15 years involving Cloud Security, Cloud Access, AWS Cloud, MS AZURE and Google Cloud Platform related to Public, Private and Hybrid Security and Application Delivery
- Extensive knowledge in North American, UK, European and Southeast Asian Compliance and Regulations
- Leading edge experience and understanding in GenAI governance, risk triage and models, process and application technologies
- CISSP & CISM Certifications in progress
Appendix 1: Management & Cloud Skills Matrix
- Advanced Experience with Risk Management and Threat Risk Methodologies/Frameworks - 15+ years
- People Manager Experience - 25 Years +
- Secure SaaS, PaaS, and/or IaaS - 20 years +
- Advanced Security Experience with Amazon Web Services and Azure Secure architecture and Compliance - 15 Years +
- Advanced Experience with Office365 Secure architecture and Compliance- 10+ years
- Advanced Experience with Exchanges and OWA Secure Architecture - 15+ Years
- Leveraged and configured the security features of Google - 5 Years +
- At least 30+ years of professional experience working in sole contributor security roles - 30 Years +
- Advanced Expertise in deploying, designing, or assessing solutions in AWS or Azure - 15 years + AWS 10 years + Azure
Languages
English
Advanced (C1)
Interests
- Exploring famous landmarks, historical sites, and cultural attractions in a new destination
- Youth mentor, providing guidance and support to empower the next generation of leaders
- Outdoor Recreation
- Volunteering
- Backpacking and Hiking
Timeline
Director of Cyber Security – Principal Consultant GITR
Royal Bank of Canada
08.2020 - 05.2025
Senior IT Risk Advisor 3-PARTY Security
Bank of Montreal
04.2018 - 08.2020
Senior IT/Cloud Security Solution Architect
JM Family Enterprises, INC.
04.2017 - 03.2018
Chief Information Officer/Chief Technology Officer (Cloud)
Quatra Incorporation
06.2013 - 04.2017
Senior Security Solution Architect
Rogers Communications Inc.
10.2011 - 06.2013
Electrical Electronics Engineering Technology
Fanshawe Community College
Similar Profiles
ANIRBAN BASUANIRBAN BASU
QA Manager at TCS CANADA (Client - Royal Bank Of Canada)QA Manager at TCS CANADA (Client - Royal Bank Of Canada)
Ashok Kumar PeddinaAshok Kumar Peddina
Senior Consultant at Capgemini, Canada, Royal Bank of CanadaSenior Consultant at Capgemini, Canada, Royal Bank of Canada
Pierre ChristianPierre Christian
Customer Service Representative/Courier and Archiving at (RBC)Royal Bank Of Canada/Antigua Commercial BankCustomer Service Representative/Courier and Archiving at (RBC)Royal Bank Of Canada/Antigua Commercial Bank
BLOOMY DHAMECHABLOOMY DHAMECHA
Banking Advisor at Royal Bank of CanadaBanking Advisor at Royal Bank of Canada
LEAH KINUTHIALEAH KINUTHIA
Personal Support Worker at Live Life Well Care ServicesPersonal Support Worker at Live Life Well Care Services