Summary
Overview
Work History
Skills
References
Timeline
Generic

Deborah Wiebe

Ridgeway,ON

Summary

A dynamic leader in IT security and risk management, I've excelled at Canadian Tire Corporation, leveraging skills in cybersecurity strategy development and team mentoring to enhance security postures significantly. My expertise in regulatory compliance and ability to drive enterprise-wide security initiatives have resulted in marked improvements in risk mitigation and operational efficiency.

Overview

33
33
years of professional experience

Work History

Sr IT Security & Risk Advisor/Analyst

ThreatIQ
09.2024 - Current

Information Security Advisor: I provided our clients with oversight and advisory related to risk assessments and remediation requirements. I also assessed the safeguards of business data by identifying potential threats, developing secure policies and procedures, and ensuring compliance with privacy laws. Key tasks include risk assessment, policy creation, and incident response planning.

  • Monitoring of computing platform compliance with security policies and directives.
  • Assisting stakeholders with recommendations to address key control deficiencies.
  • Frameworks assessed and implemented: NIST, PCI DSS, ISO 27K, SOC 1/SOC 2 type, SOC 1/SOC 2 type 2, OSFI, and maintaining familiarity with industry trends and security best practices.
  • Evaluating management responses to ensure remediation tasks adequately address identified gaps.
  • Conducting an information security assessment of information systems as per our methodology.
  • Information Security Policy Management – Supports the development and maintenance of corporate information security-related policies and procedures.
  • Network/Perimeter security.
  • Tracks, coordinates, and resolves issues identified in and related to control, compliance, or risk work.
  • Monitor IT Control Management activities to ensure segregation of duties and maturity.
  • Performs technical assessments of product and system releases to ensure a secure software baseline.
  • Documents risk analysis and controls, and evaluates control design and continuous control improvement.
  • IT control testing and development.
  • Security Awareness Training Development.
  • Drafted reports detailing findings from analyses of risk data and recommendations for reducing organizational exposure to risks.
  • Provided advice on how to reduce or eliminate risk exposures through changes in business practices or processes.
  • Identified and evaluated potential risks to the organization's operations, objectives, and initiatives.

Information Security Advisor

12.2023 - Current
  • I provided our clients with oversight and advisory related to risk assessments and remediation requirements
  • I also assessed the safeguards of business data by identifying potential threats, developed secure policies and procedures, and ensured compliance with privacy laws
  • Key tasks include risk assessment, policy creation, and incident response planning
  • Monitoring of computing platform compliance with security policies and directives
  • Assisting stakeholders with recommendations to address key control deficiencies
  • Frameworks assessed and implemented: NIST, PCI DSS, ISO27K, SOC1/SOC2 type, SOC1/SOC2 type2, OSFI and maintaining familiarity with industry trends and security best practices
  • Evaluating management responses to ensure remediation tasks adequately address identified gaps
  • Conducting information security assessment of information systems as per our methodology
  • Information Security Policy Management – Supports the development and maintenance of corporate Information Security related policies and procedures
  • Network/Perimeter security
  • Tracks, coordinates, and resolves issues identified in and related control, compliance, or risk work
  • Monitor IT Control Management activities to ensure segregation of duties and maturity
  • Performs technical assessments of product and system releases to ensure a secure software baseline
  • Documents risk analysis and controls and evaluates control design and continuous control improvement
  • IT Control testing/development
  • Security Awareness Training development vCISO / vCTO / Advisory VINCO, Bay Area San Fransisco /Remote

Virtual Chief Technology Officer

CrossCap
01.2024 - 08.2024
  • Directed the development and execution of technology roadmaps and innovation strategies for our clients
  • Controlled Goods Designate - Lead Security advisor - Canadian Space Agency, MDA Space – Canada Arm 3 and National Aeronautics and Space Administration - NASA
  • CSA N290.7-14, Cyber security controls assessed and implemented remediation reactor facilities
  • Managed cross-functional teams to deliver enterprise-grade IT solutions
  • Spearheaded digital transformation initiatives, enhancing operational efficiency and customer experience
  • Ensured compliance with regulatory requirements, industry standards, and best practices
  • Conducted risk assessments and implemented mitigation strategies to protect critical assets
  • Monitored system performance, optimizing resource utilization and producing dashboards, reports, and metrics for management and clients
  • Interacted with clients to discuss business continuity and security protocols
  • Worked with Sales on client IT questionnaires and RFPs related to data security, performance, and business continuity
  • Maintained policy documents and provided a standard policy toolkit for customers' IT departments
  • Responsibilities:
  • Security Compliance & Management: Oversee security compliance, including SOC 2 Type 1 and Type 2, ISO27k, PCI DSS and ensure best-in-class security practices
  • Infrastructure Management: Designing and deploying enterprise infrastructure, including data centers and cloud hosting
  • Risk Mitigation: Identifying security risks, developing and executing risk mitigation plans, and handling disaster recovery and business continuity processes
  • Vendor Management: Selecting vendors for third-party audits, security assessments, and certifications; managing vendor compliance with SLAs
  • Performance Optimization: Monitoring system performance and optimizing resource utilization with dashboards and reports
  • Client Interaction: Discussing business continuity and security protocols with clients and addressing client IT questionnaires or RFPs
  • Collaboration: Working closely with Product, Customer Success, Development, and Operations teams to implement innovative solutions and enhance the infrastructure roadmap
  • Policy Maintenance: Maintain policy documents and standard policy toolkits for IT departments and ensure alignment with parent company policies.

Director Security Practice

08.2021 - 01.2024
  • Provide leadership, guidance, documentation, and advice to staff on compliance and Cybersecurity requirements and assist the team in achieving compliance requirements through education, training and general business engagement
  • As a vCISO, I provide the expertise and strategic oversight to protect companies' digital assets
  • I have assisted businesses navigating rapidly growing, complex regulations or simply looking to bolster their cybersecurity posture, offering a flexible, scalable solution that aligns with the client's needs
  • Internal Security
  • Accountable for audit compliance (SOC 1 type 1 & type2, SOC 2 type 1& type 2, ISO27K, PCI DSS, Controlled Goods)
  • Controlled Goods certified designate – Government CSA, NASA, MDA – Canada Arm 3 Lead Security advisor
  • Accountable for the assessment and identification of internal security gaps while supporting operational teams and the remediation requirements
  • Accountable for the development and maintenance of the internal security risk management process
  • Accountable for Internal Security governance
  • Responsible for Internal security incident response and management
  • Develop and maintain an Internal security improvement plan
  • Security Operation Centre
  • Oversight on SOC delivery
  • Manage escalations, significant incidents, etc
  • Support SOC growth, including presales opportunities
  • Security Consulting
  • Oversight on all security consulting delivery - manage escalations, address gaps, etc
  • Support Security consulting growth, including working with the sales team on presales opportunities to security consulting engagements
  • Oversee and assist with Security advisory and consulting as required by clients.

Director IT Services

02.2019 - 08.2021
  • Initiation and Management, Initiate and manage projects or programs with product owners, focusing on business case development, risk assessments, budget management, resources, and timeframes
  • Project Control:
  • Oversee project execution, provide business guidance, and identify deviations from the work plan
  • Recommend corrective actions to address potential issues or constraints impacting project success
  • Executive Communication:
  • Prepared and delivered executive-level presentations to inform management of project status, major issues, scope changes, resource adjustments, and milestone achievements
  • Process Improvement
  • Develop training and coaching to support process improvement and other improvement methodologies for executives, associates, and others
  • Act as a proactive strategic resource to product owners by identifying, planning, and implementing process engineering and other improvement strategies and projects
  • Drive process engineering and process/product ownership efforts across the businesses to continually improve productivity targets while fostering a process engineering culture change
  • Quality Assurance
  • Develop, inspire, and grow a geographically distributed team responsible for all aspects of functional and non-functional testing, partnering with multiple engineering teams to develop and support features, platforms, and new technologies
  • Build innovative ways to automate and expand our software testing
  • Compile, analyze, and present test results—ultimately driving and constantly improving product quality
  • Work closely with product managers to understand requirements and oversee the writing and execution of test cases
  • Closely manage timelines and resources by understanding priorities and team members' strengths

IT Risk and Compliance Advisory Consultant UZADO

02.2018 - 02.2019
  • Responsible for assessing the enterprise-wide information security management program
  • Conducted IS Risk Assessment for general, system, process and application controls
  • Remediation recommendations and plans aligned with IT Strategy
  • Reviewed IT policies and procedures to ensure compliance with best practices
  • Accountability for the areas of compliance, security awareness, risk management and integration across the organizational
  • Developed the Third-Party Risk Assessment process
  • Execute and manage all assurance activities related to the availability, integrity and confidentiality of company systems and data and integrity
  • I established relationships with business leads and interpreted and applied standards, policies, and best practices
  • Analyzed threats and vulnerabilities and designed the remediation process and requirements
  • Promoted the use of security requirements for the System Development Life Cycle across multiple IT projects.

Director of Information Security Giant

Tiger
02.2017 - 01.2018
  • Responsible for maintaining and advancing the enterprise-wide information security management program
  • Conducted IS Risk Assessment for general, system, process, and application controls
  • Reviewed IT policies and procedures to ensure compliance with best practices
  • Accountability for the areas of compliance, security awareness, risk management and integration across the organizational
  • Developed the Third-Party Risk Assessment process
  • Process owner of all assurance activities related to the availability, integrity and confidentiality of company systems and data and integrity
  • Established working relationships with business leads and interpreted and applied standards, policies, and best practices
  • Analyzed threats and vulnerabilities and designed the remediation process and requirements
  • Responsible for company-wide adoption and use of security requirements for the System Development Life Cycle across multiple IT projects.

Sr. Manager Information

PWC Canada
02.2014 - 02.2017
  • Providing direction and technical guidance on matters involving IT Risk Management and Information
  • Security
  • Measuring and monitoring the effectiveness of security controls in support of Internal Security Policies, Client requirements, and Regulatory or Legal requirements
  • Accomplishments include:
  • Managing a team of Risk and Information Security Professionals
  • I provided IT Security and Risk Management guidance and support to cross-disciplinary teams, including Information Technology, Human Resources, Firm Security, General Counsel and other service lines
  • Maintained territory policies, standards & control processes in alignment with the Global Information Security Policy
  • Communicated risk management practices, risk assessment results, and remediation activity advisory to C-Level /Senior Executives
  • Responsible for ensuring successful compliance with PwC Information Security Policy
  • ISO27001:2013 certification, client-related and other regulatory or firm compliance requirements
  • Interprets information security policies, standards, and other conditions as they relate to a specific internal information system and assists with the implementation of these and other information security requirements
  • Coordinated and led the annual Information Security audits, Information Systems Quality Control, ISO27001:2013, Global ITS Compliance and client-related audits
  • Acted as lead security consultant on information technology risk, security, and IT incident investigations
  • Developed Information Security Statements and policies aligned to the Global Information Security Policy and mapping to the risk management
  • Lead projects and associated meetings to ensure that IT Security goals and tasks are achieved on schedule and within budget
  • Developed and managed annual IT Security Roadmap, tracking and operating IT Security Budget requirements
  • Information Security Project Management – West Cluster Shared Services - Information Security
  • Shared Services Consolidation and Integration
  • Multiple Countries - USA, Canada, Mexico, and Brazil across multiple territories ensure the successful implementation of global services
  • Accomplishments include:
  • Territory consolidation of systems and processes – web application security assessment, source code review, SEIM, IDS/IPS, vulnerability management and reporting, ePolicy Orchestrator, Security Operations Centre, Firewall Monitoring
  • Information Security Risk Assessments for multiple projects and vendor reviews
  • Project/Application/Infrastructure - Security Risk Assessments and process improvement
  • Policy, Standard and Process development
  • Coordinating the Global consolidation of local services
  • Assisted with the ISO21k/2013 Certification requirements and audit.

Director

F1rstOntario Credit Union
10.2011 - 02.2014
  • Executive leadership role within the Information Technology Division: Accountability for security
  • The development, management, mentoring and coaching of professional staff, budget management and security roadmap planning and strategy development, internal consulting, security incident team lead, high profile investigations and participation on various initiatives and committees
  • Developed, managed and implemented various security functions within the organization, taking the program from a limited organizational process to a mature security program, including vulnerability management, risk assessments, architecture, technology projects, penetration testing, incident management, investigations, Forensics and managing outsourced security services.

Director of Technology

CIBC
06.2010 - 10.2011
  • Responsible for overseeing the integrity of the technology control structure underlying technology processes throughout Technology and INTRIA
  • This role supports functional and executive management with proactive support through risk identification and mitigation strategies
  • Delivers awareness of key bank policies, monitors compliance and executes standardized compliance programs
  • Liaisons and coordinates with compliance partners, including internal and external auditors and self-regulating organizations, to facilitate compliance objectives and relationship management within the Technology Organizational Department
  • Technology Control testing team leader and mentor
  • Accomplishments include:
  • Developed, maintained and enforced all IT security policies and procedures
  • Manage client relationships and successful relationships with external auditors
  • Identified and articulated control weaknesses and promoted compliance with appropriate processes
  • Lead the development and maintenance of technology controls, ensuring critical general computing controls reflect the operating environment
  • I Managed the technology attestation processes for SOX, OSFI, GCC, Visa PIN, INTERAC, and PCI DSS
  • I also acted as the subject matter expert on technology controls when developing and updating the technology standards
  • Managed the technology control management team and internal control assessments and testing.

Information Security Sr. Manager

Canadian Tire Corporation Ltd
09.2008 - 01.2010
  • Accountable for developing and communicating information security policies, standards and operating procedures
  • Implemented processes and procedures within the information security sustaining organization, including day-to-day accountabilities, staffing and development plans
  • Developed the frameworks and maintained processes required to meet Legislation and regulatory requirements
  • Ex
  • IFRS, CSOX, PCI, PIPEDA, INTERAC
  • Research, assessment and consultation to ensure successful implementation and maintenance of security forensic and monitoring products and services
  • Responsible for the implementation of a comprehensive information and technology security program, including advisory and development of the Information security strategy and three-year roadmap
  • Accountable for developing Corporate Information Security Policies, Standards, Guidelines and Operating procedures that align with the Corporate Strategy and 5-year plan, including all necessary regulatory and legislative requirements
  • Ex
  • International Financial
  • Reporting Standards (IFRS - CSOX), Payment Card Industry (PCI), Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Capability Maturity Assessments to ensure the Policies and Standards align with the capabilities of the technology
  • Liaison and advisor with Corporate Security, Risk Governance and Compliance, Internal and
  • External Audit services, Senior Executives and Chief Information Officer
  • Educate employees and contractors about enterprise security issues, policies, awareness, compliance, and threats
  • Information Security is Everyone's Business
  • Contribute to the disaster recovery plans and business continuity plans.

Sr Information Security Control Consultant, SOX Project Manager

Canadian Tire Financial Services Ltd
10.1997 - 08.2008
  • Identified and designed IT critical general computing controls across the IT infrastructure and application environments, including the quarterly and annual testing requirements
  • Develops, maintains and enforces all IT security policies and procedures
  • Align the C-SOX (Bill 198
  • NI 52-109) Certification framework with the risk management methodology
  • A liaison for the legal department, ensuring legal requirements have been satisfied
  • Governance and Compliance Audit reviews of IT processes and general computing controls based on the regulatory legislation requirements of IFRS, C-SOX, PCI DSS (Payment Card Industry—Data Security Standards), OSFI Office of Superintendent of Financial Institutions Canada (PIPEDA) Personal Information Protection, Electronic Documents Act and INTERAC regulations, and ISO 17799/27001 standards
  • Credit Risk, Operational Risk, and Compliance management were maintained and evolved
  • Provided recommendations to management to correct control weaknesses identified by internal/external auditors and follow up on outstanding audit findings
  • Liaison with external auditors and coordination of the external audit plan - reducing the timelines external audit required to complete the audit
  • COBIT framework SME to IT managers and resources, ensuring appropriate controls satisfy the control objective and risk
  • Internal audit process improvements aligned with the business units Regulatory Compliance SME across multiple regulatory legislations
  • Senior IT Information Security IFRS/C, Managed a team of 20+ Managers and associated resources
  • Develops, maintains and enforces all IT security policies and procedures
  • Designed and implemented the IT Risk Governance and Security Department Competency on behalf of the ITP&S Vice President
  • Regulatory requirement Subject Matter Expert, Identification and design of IT critical general computing controls
  • Implemented the COBIT framework to facilitate the regulatory objectives and control design
  • Conducted IFRS, CSOX Control objective workshops
  • Credit Risk, Operational Risk, and Compliance management
  • Created awareness and support within the organization related to
  • IFRS, CSOX Key contributor to the development methodology and the SDLC process

Executive Account Manager and Corporate Solution Design

Internet Communications Niagara
01.1992 - 10.1997

Senior Consultant

VINCO
  • I deliver expert guidance as a virtual Chief Information Security Officer (vCISO) and virtual Chief Technology Officer (vCTO), focusing on optimizing technology strategies and fostering organizational innovation
  • I am adept at spearheading strategic initiatives that enhance competitiveness in a rapidly evolving landscape, collaborating closely with teams to implement adaptable solutions tailored to each organization's unique needs
  • Provided strategic direction and leadership in cybersecurity, IT governance, and risk management for multiple clients
  • Oversaw technology infrastructure to ensure optimal performance, security, and compliance
  • Data Centre and Cloud Migration planning and assessments
  • Led incident response and crisis management efforts, minimizing downtime and financial impact
  • Collaborated with executive leadership to align technology strategies with business objectives.

Sr. Information Security Program Manager

INTRIA, CIBC
  • Providing advisory and management-related activities where a focus is required to build in the sustainment process and ensure the success of multiple audit requirements or remediation efforts within the IT division
  • Accomplishments include:
  • Responsible for all planning, remediation, implementation, documentation requirements, sustainment and the presentation of the revised processes to the internal audit department
  • The remediation areas of focus were:
  • UNIX Patch Management, Security Configuration, INTEL and UNIX, Logical Access Control, INTEL and UNIX, Capacity
  • Accountable for the planning, monitoring, and remediation of vulnerability assessments, documentation standards, asset disposal and inventory, management attestation process, and logging and monitoring.

Senior IT Team Lead / IT Project Manager

  • Acted as an IT Representative and a Team Lead, managing, removing roadblocks and continuously motivating a group of IT Team members to ensure IT Integration across the various IT disciplines participating in the project and IT delivery
  • Provided effective project communication between multiple clients, functional business units and project teams by creating and issuing IT-related communications as needed to ensure consistency and clarity of information
  • Recommend and assist with implementing improvements to the IT Process Methodology by communicating and discussing the long-term viability of IT lessons learned to PLDE peers to ensure IT Process Methodology reflects CTFS best practices

Senior IT Systems Solution Designer

  • Responsible for the application design of solutions that integrate into an efficient and scalable system that meets the strategic objectives
  • Review upcoming initiatives to understand current and future requirements and to provide advice on technology capability and options
  • Guide the project team to make the early design decisions by identifying and prioritizing the architecturally significant requirements
  • On-going solution design for replacing legacy technology in multiple business units.

Senior Test Analyst/QA Specialist

  • Developed a quality testing methodology, including creating testing documentation, test strategies, high-level and detailed test plans, test cases, test scripts, post-testing documentation and defect tracking.

Test Coordinator/Lead

  • Responsible for the quality of all testing and deliverables involving various systems and integrated applications
  • Managed the quality assurance review of projects, testing deliverables and result verification
  • Tested mission-critical and important desktop products to determine the year 2000 compliance

Account Manager

  • For all corporate clients
  • Corporate Internet/telecommunication solution design
  • Assist in all marketing strategies and promotions
  • Corporate web/e-commerce design and implementation
  • Assist and suggest network strategies for clients to expand new and existing networks or workgroups and management of all Internet training.

Skills

  • Risk mitigation
  • Operational risk
  • Internal controls
  • Information security
  • Enterprise risk management
  • Vendor risk management
  • Operational risk management
  • Compliance monitoring
  • Audit coordination
  • Cybersecurity awareness
  • Business continuity planning
  • Incident response
  • Risk mitigation strategies
  • Security policy creation
  • Physical security integration
  • Threat intelligence analysis
  • Network security implementation
  • Data privacy compliance
  • Social engineering prevention
  • Secure software development
  • Disaster recovery strategies
  • Vulnerability assessment
  • Intrusion detection systems
  • Application security oversight
  • Identity and Access management
  • Cybersecurity strategy development
  • Mobile device security
  • Regulatory compliance
  • Artificial intelligence security
  • Security architecture design
  • Cloud security management

References

References available upon request.

Timeline

Sr IT Security & Risk Advisor/Analyst

ThreatIQ
09.2024 - Current

Virtual Chief Technology Officer

CrossCap
01.2024 - 08.2024

Information Security Advisor

12.2023 - Current

Director Security Practice

08.2021 - 01.2024

Director IT Services

02.2019 - 08.2021

IT Risk and Compliance Advisory Consultant UZADO

02.2018 - 02.2019

Director of Information Security Giant

Tiger
02.2017 - 01.2018

Sr. Manager Information

PWC Canada
02.2014 - 02.2017

Director

F1rstOntario Credit Union
10.2011 - 02.2014

Director of Technology

CIBC
06.2010 - 10.2011

Information Security Sr. Manager

Canadian Tire Corporation Ltd
09.2008 - 01.2010

Sr Information Security Control Consultant, SOX Project Manager

Canadian Tire Financial Services Ltd
10.1997 - 08.2008

Executive Account Manager and Corporate Solution Design

Internet Communications Niagara
01.1992 - 10.1997

Senior Consultant

VINCO

Sr. Information Security Program Manager

INTRIA, CIBC

Senior IT Team Lead / IT Project Manager

Senior IT Systems Solution Designer

Senior Test Analyst/QA Specialist

Test Coordinator/Lead

Account Manager

Deborah Wiebe