A dynamic leader in IT security and risk management, I've excelled at Canadian Tire Corporation, leveraging skills in cybersecurity strategy development and team mentoring to enhance security postures significantly. My expertise in regulatory compliance and ability to drive enterprise-wide security initiatives have resulted in marked improvements in risk mitigation and operational efficiency.
Overview
33
33
years of professional experience
Work History
Sr IT Security & Risk Advisor/Analyst
ThreatIQ
09.2024 - Current
Information Security Advisor: I provided our clients with oversight and advisory related to risk assessments and remediation requirements. I also assessed the safeguards of business data by identifying potential threats, developing secure policies and procedures, and ensuring compliance with privacy laws. Key tasks include risk assessment, policy creation, and incident response planning.
Monitoring of computing platform compliance with security policies and directives.
Assisting stakeholders with recommendations to address key control deficiencies.
Frameworks assessed and implemented: NIST, PCI DSS, ISO 27K, SOC 1/SOC 2 type, SOC 1/SOC 2 type 2, OSFI, and maintaining familiarity with industry trends and security best practices.
Conducting an information security assessment of information systems as per our methodology.
Information Security Policy Management – Supports the development and maintenance of corporate information security-related policies and procedures.
Network/Perimeter security.
Tracks, coordinates, and resolves issues identified in and related to control, compliance, or risk work.
Monitor IT Control Management activities to ensure segregation of duties and maturity.
Performs technical assessments of product and system releases to ensure a secure software baseline.
Documents risk analysis and controls, and evaluates control design and continuous control improvement.
IT control testing and development.
Security Awareness Training Development.
Drafted reports detailing findings from analyses of risk data and recommendations for reducing organizational exposure to risks.
Provided advice on how to reduce or eliminate risk exposures through changes in business practices or processes.
Identified and evaluated potential risks to the organization's operations, objectives, and initiatives.
Information Security Advisor
12.2023 - Current
I provided our clients with oversight and advisory related to risk assessments and remediation requirements
I also assessed the safeguards of business data by identifying potential threats, developed secure policies and procedures, and ensured compliance with privacy laws
Key tasks include risk assessment, policy creation, and incident response planning
Monitoring of computing platform compliance with security policies and directives
Assisting stakeholders with recommendations to address key control deficiencies
Frameworks assessed and implemented: NIST, PCI DSS, ISO27K, SOC1/SOC2 type, SOC1/SOC2 type2, OSFI and maintaining familiarity with industry trends and security best practices
Conducting information security assessment of information systems as per our methodology
Information Security Policy Management – Supports the development and maintenance of corporate Information Security related policies and procedures
Network/Perimeter security
Tracks, coordinates, and resolves issues identified in and related control, compliance, or risk work
Monitor IT Control Management activities to ensure segregation of duties and maturity
Performs technical assessments of product and system releases to ensure a secure software baseline
Documents risk analysis and controls and evaluates control design and continuous control improvement
IT Control testing/development
Security Awareness Training development
vCISO / vCTO / Advisory VINCO, Bay Area San Fransisco /Remote
Virtual Chief Technology Officer
CrossCap
01.2024 - 08.2024
Directed the development and execution of technology roadmaps and innovation strategies for our clients
Controlled Goods Designate - Lead Security advisor - Canadian Space Agency, MDA Space – Canada Arm 3 and National Aeronautics and Space Administration - NASA
Managed cross-functional teams to deliver enterprise-grade IT solutions
Spearheaded digital transformation initiatives, enhancing operational efficiency and customer experience
Ensured compliance with regulatory requirements, industry standards, and best practices
Conducted risk assessments and implemented mitigation strategies to protect critical assets
Monitored system performance, optimizing resource utilization and producing dashboards, reports, and metrics for management and clients
Interacted with clients to discuss business continuity and security protocols
Worked with Sales on client IT questionnaires and RFPs related to data security, performance, and business continuity
Maintained policy documents and provided a standard policy toolkit for customers' IT departments
Responsibilities:
Security Compliance & Management: Oversee security compliance, including SOC 2 Type 1 and Type 2, ISO27k, PCI DSS and ensure best-in-class security practices
Infrastructure Management: Designing and deploying enterprise infrastructure, including data centers and cloud hosting
Risk Mitigation: Identifying security risks, developing and executing risk mitigation plans, and handling disaster recovery and business continuity processes
Vendor Management: Selecting vendors for third-party audits, security assessments, and certifications; managing vendor compliance with SLAs
Performance Optimization: Monitoring system performance and optimizing resource utilization with dashboards and reports
Client Interaction: Discussing business continuity and security protocols with clients and addressing client IT questionnaires or RFPs
Collaboration: Working closely with Product, Customer Success, Development, and Operations teams to implement innovative solutions and enhance the infrastructure roadmap
Policy Maintenance: Maintain policy documents and standard policy toolkits for IT departments and ensure alignment with parent company policies.
Director Security Practice
08.2021 - 01.2024
Provide leadership, guidance, documentation, and advice to staff on compliance and Cybersecurity requirements and assist the team in achieving compliance requirements through education, training and general business engagement
As a vCISO, I provide the expertise and strategic oversight to protect companies' digital assets
I have assisted businesses navigating rapidly growing, complex regulations or simply looking to bolster their cybersecurity posture, offering a flexible, scalable solution that aligns with the client's needs
Internal Security
Accountable for audit compliance (SOC 1 type 1 & type2, SOC 2 type 1& type 2, ISO27K, PCI DSS, Controlled Goods)
Controlled Goods certified designate – Government CSA, NASA, MDA – Canada Arm 3 Lead Security advisor
Accountable for the assessment and identification of internal security gaps while supporting operational teams and the remediation requirements
Accountable for the development and maintenance of the internal security risk management process
Accountable for Internal Security governance
Responsible for Internal security incident response and management
Develop and maintain an Internal security improvement plan
Security Operation Centre
Oversight on SOC delivery
Manage escalations, significant incidents, etc
Support SOC growth, including presales opportunities
Security Consulting
Oversight on all security consulting delivery - manage escalations, address gaps, etc
Support Security consulting growth, including working with the sales team on presales opportunities to security consulting engagements
Oversee and assist with Security advisory and consulting as required by clients.
Director IT Services
02.2019 - 08.2021
Initiation and Management, Initiate and manage projects or programs with product owners, focusing on business case development, risk assessments, budget management, resources, and timeframes
Project Control:
Oversee project execution, provide business guidance, and identify deviations from the work plan
Recommend corrective actions to address potential issues or constraints impacting project success
Executive Communication:
Prepared and delivered executive-level presentations to inform management of project status, major issues, scope changes, resource adjustments, and milestone achievements
Process Improvement
Develop training and coaching to support process improvement and other improvement methodologies for executives, associates, and others
Act as a proactive strategic resource to product owners by identifying, planning, and implementing process engineering and other improvement strategies and projects
Drive process engineering and process/product ownership efforts across the businesses to continually improve productivity targets while fostering a process engineering culture change
Quality Assurance
Develop, inspire, and grow a geographically distributed team responsible for all aspects of functional and non-functional testing, partnering with multiple engineering teams to develop and support features, platforms, and new technologies
Build innovative ways to automate and expand our software testing
Compile, analyze, and present test results—ultimately driving and constantly improving product quality
Work closely with product managers to understand requirements and oversee the writing and execution of test cases
Closely manage timelines and resources by understanding priorities and team members' strengths
IT Risk and Compliance Advisory Consultant UZADO
02.2018 - 02.2019
Responsible for assessing the enterprise-wide information security management program
Conducted IS Risk Assessment for general, system, process and application controls
Remediation recommendations and plans aligned with IT Strategy
Reviewed IT policies and procedures to ensure compliance with best practices
Accountability for the areas of compliance, security awareness, risk management and integration across the organizational
Developed the Third-Party Risk Assessment process
Execute and manage all assurance activities related to the availability, integrity and confidentiality of company systems and data and integrity
I established relationships with business leads and interpreted and applied standards, policies, and best practices
Analyzed threats and vulnerabilities and designed the remediation process and requirements
Promoted the use of security requirements for the System Development Life Cycle across multiple IT projects.
Director of Information Security Giant
Tiger
02.2017 - 01.2018
Responsible for maintaining and advancing the enterprise-wide information security management program
Conducted IS Risk Assessment for general, system, process, and application controls
Reviewed IT policies and procedures to ensure compliance with best practices
Accountability for the areas of compliance, security awareness, risk management and integration across the organizational
Developed the Third-Party Risk Assessment process
Process owner of all assurance activities related to the availability, integrity and confidentiality of company systems and data and integrity
Established working relationships with business leads and interpreted and applied standards, policies, and best practices
Analyzed threats and vulnerabilities and designed the remediation process and requirements
Responsible for company-wide adoption and use of security requirements for the System Development Life Cycle across multiple IT projects.
Sr. Manager Information
PWC Canada
02.2014 - 02.2017
Providing direction and technical guidance on matters involving IT Risk Management and Information
Security
Measuring and monitoring the effectiveness of security controls in support of Internal Security Policies, Client requirements, and Regulatory or Legal requirements
Accomplishments include:
Managing a team of Risk and Information Security Professionals
I provided IT Security and Risk Management guidance and support to cross-disciplinary teams, including Information Technology, Human Resources, Firm Security, General Counsel and other service lines
Maintained territory policies, standards & control processes in alignment with the Global Information Security Policy
Communicated risk management practices, risk assessment results, and remediation activity advisory to C-Level /Senior Executives
Responsible for ensuring successful compliance with PwC Information Security Policy
ISO27001:2013 certification, client-related and other regulatory or firm compliance requirements
Interprets information security policies, standards, and other conditions as they relate to a specific internal information system and assists with the implementation of these and other information security requirements
Coordinated and led the annual Information Security audits, Information Systems Quality Control, ISO27001:2013, Global ITS Compliance and client-related audits
Acted as lead security consultant on information technology risk, security, and IT incident investigations
Developed Information Security Statements and policies aligned to the Global Information Security Policy and mapping to the risk management
Lead projects and associated meetings to ensure that IT Security goals and tasks are achieved on schedule and within budget
Developed and managed annual IT Security Roadmap, tracking and operating IT Security Budget requirements
Information Security Project Management – West Cluster Shared Services - Information Security
Shared Services Consolidation and Integration
Multiple Countries - USA, Canada, Mexico, and Brazil across multiple territories ensure the successful implementation of global services
Accomplishments include:
Territory consolidation of systems and processes – web application security assessment, source code review, SEIM, IDS/IPS, vulnerability management and reporting, ePolicy Orchestrator, Security Operations Centre, Firewall Monitoring
Information Security Risk Assessments for multiple projects and vendor reviews
Project/Application/Infrastructure - Security Risk Assessments and process improvement
Policy, Standard and Process development
Coordinating the Global consolidation of local services
Assisted with the ISO21k/2013 Certification requirements and audit.
Director
F1rstOntario Credit Union
10.2011 - 02.2014
Executive leadership role within the Information Technology Division: Accountability for security
The development, management, mentoring and coaching of professional staff, budget management and security roadmap planning and strategy development, internal consulting, security incident team lead, high profile investigations and participation on various initiatives and committees
Developed, managed and implemented various security functions within the organization, taking the program from a limited organizational process to a mature security program, including vulnerability management, risk assessments, architecture, technology projects, penetration testing, incident management, investigations, Forensics and managing outsourced security services.
Director of Technology
CIBC
06.2010 - 10.2011
Responsible for overseeing the integrity of the technology control structure underlying technology processes throughout Technology and INTRIA
This role supports functional and executive management with proactive support through risk identification and mitigation strategies
Delivers awareness of key bank policies, monitors compliance and executes standardized compliance programs
Liaisons and coordinates with compliance partners, including internal and external auditors and self-regulating organizations, to facilitate compliance objectives and relationship management within the Technology Organizational Department
Technology Control testing team leader and mentor
Accomplishments include:
Developed, maintained and enforced all IT security policies and procedures
Manage client relationships and successful relationships with external auditors
Identified and articulated control weaknesses and promoted compliance with appropriate processes
Lead the development and maintenance of technology controls, ensuring critical general computing controls reflect the operating environment
I Managed the technology attestation processes for SOX, OSFI, GCC, Visa PIN, INTERAC, and PCI DSS
I also acted as the subject matter expert on technology controls when developing and updating the technology standards
Managed the technology control management team and internal control assessments and testing.
Information Security Sr. Manager
Canadian Tire Corporation Ltd
09.2008 - 01.2010
Accountable for developing and communicating information security policies, standards and operating procedures
Implemented processes and procedures within the information security sustaining organization, including day-to-day accountabilities, staffing and development plans
Developed the frameworks and maintained processes required to meet Legislation and regulatory requirements
Ex
IFRS, CSOX, PCI, PIPEDA, INTERAC
Research, assessment and consultation to ensure successful implementation and maintenance of security forensic and monitoring products and services
Responsible for the implementation of a comprehensive information and technology security program, including advisory and development of the Information security strategy and three-year roadmap
Accountable for developing Corporate Information Security Policies, Standards, Guidelines and Operating procedures that align with the Corporate Strategy and 5-year plan, including all necessary regulatory and legislative requirements
Ex
International Financial
Reporting Standards (IFRS - CSOX), Payment Card Industry (PCI), Personal Information Protection and Electronic Documents Act (PIPEDA)
Capability Maturity Assessments to ensure the Policies and Standards align with the capabilities of the technology
Liaison and advisor with Corporate Security, Risk Governance and Compliance, Internal and
External Audit services, Senior Executives and Chief Information Officer
Educate employees and contractors about enterprise security issues, policies, awareness, compliance, and threats
Information Security is Everyone's Business
Contribute to the disaster recovery plans and business continuity plans.
Sr Information Security Control Consultant, SOX Project Manager
Canadian Tire Financial Services Ltd
10.1997 - 08.2008
Identified and designed IT critical general computing controls across the IT infrastructure and application environments, including the quarterly and annual testing requirements
Develops, maintains and enforces all IT security policies and procedures
Align the C-SOX (Bill 198
NI 52-109) Certification framework with the risk management methodology
A liaison for the legal department, ensuring legal requirements have been satisfied
Governance and Compliance Audit reviews of IT processes and general computing controls based on the regulatory legislation requirements of IFRS, C-SOX, PCI DSS (Payment Card Industry—Data Security Standards), OSFI Office of Superintendent of Financial Institutions Canada (PIPEDA) Personal Information Protection, Electronic Documents Act and INTERAC regulations, and ISO 17799/27001 standards
Credit Risk, Operational Risk, and Compliance management were maintained and evolved
Provided recommendations to management to correct control weaknesses identified by internal/external auditors and follow up on outstanding audit findings
Liaison with external auditors and coordination of the external audit plan - reducing the timelines external audit required to complete the audit
COBIT framework SME to IT managers and resources, ensuring appropriate controls satisfy the control objective and risk
Internal audit process improvements aligned with the business units Regulatory Compliance SME across multiple regulatory legislations
Senior IT Information Security IFRS/C, Managed a team of 20+ Managers and associated resources
Develops, maintains and enforces all IT security policies and procedures
Designed and implemented the IT Risk Governance and Security Department Competency on behalf of the ITP&S Vice President
Regulatory requirement Subject Matter Expert, Identification and design of IT critical general computing controls
Implemented the COBIT framework to facilitate the regulatory objectives and control design
Conducted IFRS, CSOX Control objective workshops
Credit Risk, Operational Risk, and Compliance management
Created awareness and support within the organization related to
IFRS, CSOX Key contributor to the development methodology and the SDLC process
Executive Account Manager and Corporate Solution Design
Internet Communications Niagara
01.1992 - 10.1997
Senior Consultant
VINCO
I deliver expert guidance as a virtual Chief Information Security Officer (vCISO) and virtual Chief Technology Officer (vCTO), focusing on optimizing technology strategies and fostering organizational innovation
I am adept at spearheading strategic initiatives that enhance competitiveness in a rapidly evolving landscape, collaborating closely with teams to implement adaptable solutions tailored to each organization's unique needs
Provided strategic direction and leadership in cybersecurity, IT governance, and risk management for multiple clients
Oversaw technology infrastructure to ensure optimal performance, security, and compliance
Data Centre and Cloud Migration planning and assessments
Led incident response and crisis management efforts, minimizing downtime and financial impact
Collaborated with executive leadership to align technology strategies with business objectives.
Sr. Information Security Program Manager
INTRIA, CIBC
Providing advisory and management-related activities where a focus is required to build in the sustainment process and ensure the success of multiple audit requirements or remediation efforts within the IT division
Accomplishments include:
Responsible for all planning, remediation, implementation, documentation requirements, sustainment and the presentation of the revised processes to the internal audit department
The remediation areas of focus were:
UNIX Patch Management, Security Configuration, INTEL and UNIX, Logical Access Control, INTEL and UNIX, Capacity
Accountable for the planning, monitoring, and remediation of vulnerability assessments, documentation standards, asset disposal and inventory, management attestation process, and logging and monitoring.
Senior IT Team Lead / IT Project Manager
Acted as an IT Representative and a Team Lead, managing, removing roadblocks and continuously motivating a group of IT Team members to ensure IT Integration across the various IT disciplines participating in the project and IT delivery
Provided effective project communication between multiple clients, functional business units and project teams by creating and issuing IT-related communications as needed to ensure consistency and clarity of information
Recommend and assist with implementing improvements to the IT Process Methodology by communicating and discussing the long-term viability of IT lessons learned to PLDE peers to ensure IT Process Methodology reflects CTFS best practices
Senior IT Systems Solution Designer
Responsible for the application design of solutions that integrate into an efficient and scalable system that meets the strategic objectives
Review upcoming initiatives to understand current and future requirements and to provide advice on technology capability and options
Guide the project team to make the early design decisions by identifying and prioritizing the architecturally significant requirements
On-going solution design for replacing legacy technology in multiple business units.
Senior Test Analyst/QA Specialist
Developed a quality testing methodology, including creating testing documentation, test strategies, high-level and detailed test plans, test cases, test scripts, post-testing documentation and defect tracking.
Test Coordinator/Lead
Responsible for the quality of all testing and deliverables involving various systems and integrated applications
Managed the quality assurance review of projects, testing deliverables and result verification
Tested mission-critical and important desktop products to determine the year 2000 compliance