Summary
Performance driven and proven information security leader with over twenty years of experience. Led multiple teams, engagements and initiatives focusing on security, privacy, compliance, risk assessments, and technical security reviews. Operationalized information security functions, performance metrics and forecasted budgets. Spearheaded a series of practical security assurance practices that aligned with the business objectives.
Overview
18
18
years of professional experience
4
4
Certifications
Work History
Head of Information Security & Corporate IT
Stylitics
1 2022 - Current
- Led and developed information security strategy and roadmap
- Pioneered Stylitics information security program which included policy development, policy governance structure, vulnerability management practices, compliance reviews and risk management
- Led and developed the privacy program including an extensive review of EU and US Privacy regulation and requirements
- Operationalized Information Security and Information Technology practices
- Led and managed corporate IT initiatives, including operations
- Managed the system integration plan for affiliate acquisition
- Constructed the Stylitics Risk Register program with quarterly reviews by risk owners while leading initiatives for remediation, establishing key timelines, and deliverables
- Formulated and allocated a dedicated budget for the InfoSec program at Stylitics that included annual engagements, assessments, and resources.
Director Information Security
Affirm
01.2020 - 01.2022
- Led and developed multiple workflows for information security, privacy, and compliance initiatives to strengthen the organization's information security posture
- Directed the Merger and Acquisitions (M&A) information security activities for Affirm affiliates, which included an integration plan for approx
- 50 systems, execution of the readiness assessment plan, and remedial activities to close the transaction
- Formulated and presented quarterly dashboards to review the health of the information security/posture of the program, while identifying metrics or KPIs with key business stakeholders across Affirm and affiliates
- Led, spearheaded & corresponded to the security incident response exercises for Affirm by providing guidance on defense in depth strategies, documenting the details of the incident, reviewing all required actions, and conducting a postmortem exercise with key stakeholders
- Conducted a data transformation exercise for the data logging collection process while aligning with privacy industry best practices and protecting sensitive data
- Operationalized information security practices to align with the NIST CSF framework and identified areas for improvement.
Director Information Security
Flipp Corporation
01.2017 - 01.2020
- Resolved key deficiencies within the information security & data protection practices by achieving the key half-year goals/objectives
- Led the California Consumer Privacy Act (CCPA) compliance initiative, which included interpretation of the CCPA obligations, data transformation efforts across multiple data repositories/systems, and alignment with key stakeholders across multiple business functions.
Information Security & Privacy Manager
Alida
01.2014 - 01.2017
- Led and managed the compliance program against SOC2 which included all five trust principles for both Type I and Type II reporting
- Conducted regular security reviews of configurations for network appliances such as firewalls, network filtering, IDS, vulnerability management and email filtering
- Assessed security practices available in the Alida private cloud, Amazon AWS (EC2, S3, Trusted Advisor, etc.), and MS Azure.
Corporate Security Analyst
Blackberry
01.2011 - 01.2013
- Collaborated with key internal BlackBerry stakeholders to identify key information security risks, issues, and reporting them to the designated the security functional teams
- Led multiple engagements as the lead security architect, assessing the project scope in evaluating the proposed network infrastructure design and application functionality against ISO 27001 and PCI-DSS certifications.
Senior IT Auditor
WestJet Airlines
01.2010 - 01.2011
- Performed IT General Computing Controls (SOX) and PCI-DSS compliance assessments.
Senior Consultant
Deloitte LLP
01.2007 - 01.2010
- Performed TRA (Threat and Risk Assessments), PIA (Privacy Impact Assessment), Automated Controls Review, business cycle reviews.
Senior Associate
Price Waterhouse Coopers LLP
01.2006 - 01.2007
- Assessed IT General Controls audits and threat and risk assessments while evaluating the business impact.
Education
B.Comm. (Hons) - MIS -
B.A. - Psychology - undefined
Skills
Google Workspace Administration
GRC Tools Integration
Amazon AWS and MS Azure
Task Management (JIRA, Asana)
Vulnerability Scanners (Netsparker, Rapid7)
Antivirus (Fortinet, Symantec)
EDR (Crowdstrike Falcon)
Firewall (TrendMicro, Fortigate)
MDM (Intune, JAMF)
IAM Tools (OneLogin, Okta)
MFA (Google, Duo)
Server/Container Automation (Terraform, Docker, Ansible)
SIEM Logging (Elastic)
Automation Pipelines (Jenkins, GitHub Actions, Go)
IDS (GuardDuty, OSSEC)
CDN (Cloudflare, Azure FD)
Python (Novice)
Websites
Certification
Cert. Info. Privacy Manager (CIPM), 2015
Timeline
Director Information Security - Affirm
01.2020 - 01.2022
Director Information Security - Flipp Corporation
01.2017 - 01.2020
Information Security & Privacy Manager - Alida
01.2014 - 01.2017
Corporate Security Analyst - Blackberry
01.2011 - 01.2013
Senior IT Auditor - WestJet Airlines
01.2010 - 01.2011
Senior Consultant - Deloitte LLP
01.2007 - 01.2010
Senior Associate - Price Waterhouse Coopers LLP
01.2006 - 01.2007
Head of Information Security & Corporate IT - Stylitics
1 2022 - Current
University of Manitoba - B.Comm. (Hons) - MIS,
University of Winnipeg - B.A. - Psychology,