Toronto, Ontario, Canada
Senior Information Security Advisor | AI, Salesforce & Azure Governance | Cyber Risk Evangelist For over 15 years, I’ve been helping organizations find the balance between innovation and protection. Whether it’s rolling out new AI tools, securing Salesforce Health Cloud, or supporting Azure transformations, my goal is always the same: make security practical, scalable, and business-friendly. I work closely with teams across financial services and healthcare to build trust into every step of their digital journey. My approach is grounded in global standards like NIST CSF 2.0, NIST AI RMF, EU AI Act, HIPAA, PIPEDA, SOX, PCI DSS, and ISO 27001—so the foundations are strong no matter how fast we move. What I enjoy most is connecting the dots—between risk and opportunity, between strategy and action. I partner with senior and cross-functional leaders to translate complex risks into actionable, secure strategies that drive innovation forward.
As a Security Consultant at Manulife / John Hancock, I support digital transformation initiatives across the U.S. segment by embedding cybersecurity into platforms such as AI, Salesforce, and Azure. I serve as a trusted advisor to business and technology leaders, ensuring alignment with enterprise standards, regulatory frameworks, and secure-by-design principles. I lead enterprise risk assessments, define control strategies, and provide governance oversight for high-impact initiatives—including vendor-led transformations delivered by Infosys. My work ensures alignment with frameworks such as NIST CSF 2.0, ISO 27001, and HIPAA, while supporting innovation without compromising trust. Key areas of responsibility: • Oversee security for Azure solutions (AKS, Logic Apps), focusing on access control, encryption, token authentication, and compliance with internal cloud policies. • Conduct risk assessments and guide platform security across Salesforce Health Cloud and Experience Cloud, including SSO/MFA, guest access, and Akamai/WithSecure integrations. • Support AI governance by evaluating GenAI use cases, prompt safety, and model risk in alignment with NIST AI RMF, EU AI Act, and internal governance frameworks. • Act as a BUSO delegate, advising on security reviews, control design, risk triage, and exception handling across Privacy, Legal, and Risk. • Partner with business and technology leaders to translate complex risks into scalable, secure solutions that accelerate delivery and support enterprise goals. Positioned at the intersection of governance, platform strategy, and execution, I help drive secure innovation in a regulated environment.
Guestlogix is a global travel technology company specializing in end-to-end retail and payment solutions for the airline and travel industry. At Guestlogix, I contributed to building the foundation of the company’s security posture by helping develop key information security policies, standards, and governance practices. Working in collaboration with a third-party cybersecurity vendor, I supported efforts to align internal controls with industry expectations and evolving compliance requirements. My responsibilities included drafting internal security documentation, contributing to audit readiness, and working closely with cross-functional teams to integrate secure practices across the organization. Key focus areas: • Security Policy and Standards Development • Governance and Compliance Alignment • Internal Controls and SOC 2 Readiness Support • Risk and Control Documentation • Collaboration with Third-Party Security Vendors • Security Awareness and Culture Enablement
Trusted security advisor and program lead responsible for protecting enterprise information assets through risk-driven strategies, policy governance, and scalable security control implementation. Key Contributions: • Managed end-to-end vulnerability management and risk assessment initiatives across enterprise systems. • Applied Information Risk Management Maturity Models to assess and enhance the organization’s security posture. • Developed and implemented a robust Information Security Program, ensuring alignment with business objectives and regulatory compliance. • Authored and maintained security policies, standards, and procedures, securing approvals from the Information Security Organization and IT Steering Committee. • Executed and supported the organization-wide rollout of security policies. • Conducted annual policy reviews to ensure documentation remained current, relevant, and risk-aligned. • Administered the exception management process, investigating and resolving non-compliance cases and suspected security incidents. • Coordinated and led incident response activities, ensuring timely escalation, reporting, and resolution. • Performed security reviews and assessments for new applications, systems, and major enhancements. • Oversaw the implementation of technical and administrative security controls. • Delivered consulting and training services to internal stakeholders to strengthen security awareness and practices. • Provided leadership with timely updates on emerging threats, risks, and regulatory developments. • Reported to the IT Steering Committee on incidents, exceptions, and the overall security posture. • Directed the deployment and governance of a Data Loss Prevention (DLP) solution across over 5,000 endpoints.
At SecureKey, I played a key role in leading the development and rollout of the company’s first Information Security Program, in collaboration with a third-party cybersecurity vendor. This initiative was critical in meeting compliance objectives and building trust with enterprise clients, including the Canada Revenue Agency (CRA). I contributed to defining core security policies, implementing risk management practices, and aligning the program with industry best practices. Key accomplishments: • Co-led the design and implementation of a comprehensive Information Security Program • Developed foundational security policies, procedures, and governance documentation • Served as one of the primary security liaisons with the CRA to meet federal data-handling and client-specific requirements • Supported SOC 2 audit readiness and contributed to internal control assessments • Helped launch SecureKey’s early-stage vulnerability management and security awareness initiatives Core focus areas: • Security Governance and Management • Information Security & Privacy Program Development • Security Frameworks, Policies, and Procedures • Vulnerability Management and Assessment
• Developed and implemented an Information Security Program that will ensure the protection of Transamerica Canada's information assets. • Developed information security policies, standards and procedures for review and approval by the Information Security Organization and the Information Technology Steering Committee. • Implemented information security policies and provide support as required. • Completed an annual review of all policies, standards and procedures to ensure they remain current and relevant. • Administered an exception process when compliance with information security policies and standards is not possible. • Investigated and resolved known or suspected compromises of sensitive information assets and known or suspected violations of Transamerica Canada information security policies. • Coordinated information security incident reporting and response. • Performed information security reviews of new applications or systems and major enhancements to existing applications or systems. • Oversaw the implementation of information security controls. • Provided information security consulting and training as required. • Kept abreast of evolving information security issues and report to management on a timely basis. • Informed the Information Technology Steering Committee of known or suspected compromises of sensitive information assets and violations of Transamerica Canada information security policies and standards.