Kelly Grant
Heritage Pointe,AB
Summary
Senior IT Cybersecurity and GRC professional with over 20 years of experience building, directing, leading, and facilitating cybersecurity teams within multi-regional services while managing multiple projects simultaneously. Managed project expectations with team members and other stakeholders and delivered projects and assignments on time, on budget, and within identified scope. Identified and tracked new opportunities within accounts including the participation in business development and creation and implementation of successful business plans. Maintained teams with the appropriate mix of business knowledge and technical skills required to achieve business objectives.
Overview
18
18
years of professional experience
1
1
Certification
Work History
Senior Cybersecurity and GRC Consultant
Gibson Energy, Nutrien, Celero
Calgary , Alberta
01.2018 - 08.2024
- Provided guidance on the design, implementation, and monitoring of GRC solutions across multiple functions.
- Monitored industry trends related to GRC regulations and standards to inform organizational strategy decisions.
- Conducted internal control reviews to assess effectiveness of existing controls.
- Collaborated with cross-functional teams to ensure effective communication regarding GRC initiatives.
- Identified gaps between current state of operations and desired future state based on industry standards or best practices.
- Provided advice on how to respond effectively to new or changing regulatory requirements.
- Assisted in developing key performance indicators for tracking progress against goals.
- Evaluated third-party vendors for security compliance according to company requirements.
- Facilitated workshops to educate stakeholders on relevant GRC topics such as regulatory changes and best practices.
- Ensured that corrective action plans are properly documented after completion of audits.
- Assisted in developing risk assessment frameworks for identifying and measuring enterprise risks.
- Prepared reports outlining findings from assessments of internal control systems.
- Developed and implemented GRC policies, procedures, and controls to ensure compliance with applicable laws and regulations.
- Coordinated activities with external auditors during audit engagements.
- Analyzed business processes to identify potential risks and develop mitigation strategies.
- Supported the development of IT governance structures that align with corporate objectives.
- Advised management on the most appropriate risk response options based on cost and benefit analysis.
- Reviewed customer contracts for compliance with applicable laws and regulations.
- Designed training programs for staff members on GRC principles, processes, tools.
- Built disaster management and recovery plans for different types of financial emergencies.
- Conducted investigations and took appropriate actions to resolve concerns.
- Performed statistical analyses to identify trends, variations, patterns and insights.
- Monitored risk assessments and assessed validity using industry-specific methods.
- Conducted in-depth analyses on potential risks, impacts of new legislation or potential economic factors related to financial activities.
- Assessed products and processes to evaluate potential environmental and financial impacts and long-term profitability .
- Compiled and submitted regular reports to update senior management on operations and progress.
PCI Program Manager
University of Calgary, City of Calgary, lululemon
Calgary , Alberta
01.2010 - 05.2023
- Performed in-depth evaluations of university payment card systems/merchants for PCI Compliance, presenting all findings and documenting improvement suggestions to both executive Steering Committee and Audit Committee.
- Conducted comprehensive evaluation of optimal SIEM approach and toolset.
- Planned, organized, and oversaw end-to-end execution of IT Security/PCI projects, resulting in successful implementation of network segmentation.
- Lead and directed cross-functional teams to deliver projects within the constraints of quality, scope, schedule and budget.
- Worked collaboratively with both business sponsors and internal IT teams, resulting in the successful creation of a roadmap for achieving PCI compliance.
- Developed and maintained project plans, schedules, and budgets.
- Facilitated workshops designed to educate stakeholders about best practices for managing programs successfully.
- Conducted regular meetings with team members to review progress and address any issues or concerns.
- Analyzed data collected during the course of the program operations and reported results accordingly.
GRC and Cybersecurity Consultant
Seccuris
Calgary , Alberta
01.2017 - 12.2017
- Utilized SABSA TRA methodology and performed overall PCI-DSS and NERC risk and gap assessments for clients
- Conducted and delivered numerous IT Security risk postures (current state), and roadmaps for security strategy
- Utilized ISO 27001, 27002 and 27005 to conduct future state and tactical security.
Director of Cybersecurity
TELUS/PWC/KPMG
03.2007 - 03.2017
- Reviewed internal reports and identified areas of risk or potential cost savings.
- Developed and implemented security policies, procedures and standards to protect the organization's information systems from unauthorized access, modification and destruction.
- Worked closely with other members of the IT team to ensure proper implementation of new hardware and software solutions into production environments is completed securely.
- Maintained up-to-date knowledge of cyber security trends and best practices.
- Recommended changes to existing processes or procedures based on analysis of threat intelligence data.
- Provided guidance on cyber security awareness training for employees at all levels of the organization.
- Researched emerging technologies that can improve the overall level of protection against cyber attacks.
- Performed security assessments on new technologies to identify potential threats and vulnerabilities in the system.
- Assisted in developing a comprehensive disaster recovery plan in case of a major breach or attack.
- Responded promptly to all reported security incidents by investigating them thoroughly and taking appropriate action where necessary.
- Partnered with legal staff, professional's office and other law enforcement agencies to optimize favorable outcomes.
- Made recommendations to improve security procedures and systems.
- Mentored junior employees in departmental activities and procedures.
GRC and Cybersecurity Consultant
Altalink
Calgary , Alberta
01.2007 - 12.2007
- Senior IT Cybersecurity and GRC professional with
- Developed and executed the comprehensive Alberta Reliability Standards/NERC compliance program encompassing all standards (CIP-001 to CIP-010), integrating processes, procedures, metrics, and policies.
- Achieved compliance with AESO regulatory requirements.
- Created detailed reports outlining findings from security audits and presented them to management for review.
Cybersecurity Consultant
Talisman
- Responsible for liaising and manage internal and external compliance for global IT; Managed all SOX reviews
- Provided compliance advice and assistance, conducting compliance investigations, managing annual ethics education programs; and, ensured regulatory filings are made timely and compliance process and transaction monitoring and surveillance
- Utilized ISO27001 NIST, CobiT, ISO270001 and HTRA methodology and performed the overall IT Cyber Security risk and gap assessments which included the overall IT Security posture (current state), and created the road map, budget and required staff to implement the security strategy.
Education
Business Administration Certification -
Red River College
WinnipegComputer Programmer Analyst Certification -
Red River College
WinnipegSkills
- Risk assessment methodologies (ISO 31000, OCTAVE, CMM, HRTA, SABSA)
- ISO/IEC ISO27001/ISO27002/ISO27005
- CoBIT
- NIST 800-53
- CIS
- COSO
- GDPR
- PCI-DSS
- NERC CIP
- ARS
- PIPEDA
- HIPAA
Certification
- Certified Data Privacy Solutions Engineer, ISACA, 2020
- Payment Card Industry Professional, PCI Standards Council, 2020
- Certified Payment Security Practitioner, Network Intelligence, 2020
- Certified in Risk and Information Systems Control, ISACA, 2011
- Certified Information Security Manager, ISACA, 2008
- Certified in the Governance of Enterprise IT, ISACA, 2008
- Certified Information Systems Security Professional, ISC2, 1999
References
Available upon request
Timeline
Senior Cybersecurity and GRC Consultant
Gibson Energy, Nutrien, Celero
01.2018 - 08.2024
GRC and Cybersecurity Consultant
Seccuris
01.2017 - 12.2017
PCI Program Manager
University of Calgary, City of Calgary, lululemon
01.2010 - 05.2023
Director of Cybersecurity
TELUS/PWC/KPMG
03.2007 - 03.2017
GRC and Cybersecurity Consultant
Altalink
01.2007 - 12.2007
Cybersecurity Consultant
Talisman
Business Administration Certification -
Red River College
Computer Programmer Analyst Certification -
Red River College
- Certified Data Privacy Solutions Engineer, ISACA, 2020
- Payment Card Industry Professional, PCI Standards Council, 2020
- Certified Payment Security Practitioner, Network Intelligence, 2020
- Certified in Risk and Information Systems Control, ISACA, 2011
- Certified Information Security Manager, ISACA, 2008
- Certified in the Governance of Enterprise IT, ISACA, 2008
- Certified Information Systems Security Professional, ISC2, 1999
Similar Profiles
Tammy MaxwellTammy Maxwell
Control Room Operator at Gibson EnergyControl Room Operator at Gibson Energy
Lora AppletonLora Appleton
Commercial Analyst at Gibson Energy, LLCCommercial Analyst at Gibson Energy, LLC
Sheldon WagnerSheldon Wagner
Control Room Team Lead at Gibson EnergyControl Room Team Lead at Gibson Energy