Greater Toronto Area, Canada
Specialties: CISSP - Certified Information Systems Security Professional CISA - Certified Information System Auditor GSEC - security essentials certification CISM - Certified Information Security Manager
Manage team of Security professionals responsible for such activities as: - Compliance: Annual SOC2 audits, ISO27001, 27017/18 certifications, FedRAMP certification and compliance - Tracking identified Risks and remediation plans to closure - Conducting Third Party Risk Assessments on Cority suppliers/vendors - Responding to Client Questionnaires, and implementing improvements to the process - Develop and implement the corporate Security Awareness program - Logging and monitoring of alerts – including SIEM integration and management
- Developed and Managed processes and reporting for Information Security Reviews for projects and third party supplier reviews. - Reviewed contracts for appropriate security language - Co-ordinated Risk Register & Exception processes, including communications to appropriate stakeholders and tracking of remediation plans - Worked with Internal Audit to develop initial IT controls testing requirements - Conducted annual reviews of Information Security Standards & Policies and update as appropriate - Managed Security Awareness program, including monthly phishing tests - Lead team responsible for Information Security questionnaires from clients, developing/streamlining processes around questionnaire responses
- Developed and implemented process for Information Security risk assessments for projects, including Risk Acceptance process for non-remediated risks - Conducted reviews of third-party suppliers – including reviews of third-party audit reports, identification and tracking of any identified risks, and development of a standard Information Security addendum to be included in vendor contracts - Lead Information Security projects such as implementation of self-serve password reset tool and anti-phishing training
- Managed project to install Data Loss Prevention software - including testing and tuning of detection policies, incident management and investigations - Conduct Information Security Risk Assessments for projects - Manage External Service Provider review process – review contracts to ensure appropriate Information Security language is included, review and assess documentation provided by vendors, including questionnaires, SOC2 reports, other vendor specific documentation - Conduct information security awareness sessions for staff across IT and the business - Manage the policy exception process for Information Security - Review and approve firewall rule change requests
Manage Control Self-Assessment and Audit processes for Canada IT - includes issue reporting to Senior Management, and tracking all Audit related issues to resolution. Manage Chase Canada Access Administration staff - responsible for provisioning access to key systems, recertification, terminations, issue resolution, reporting, and process improvement Participate in Third Party reviews/audits of Chase Canada vendors, including onsite security reviews Provide first line security consulting to the business in implementing technology control practices for business projects Member of Chase Canada Computer Security Incident Response Team - aid in the investigation of incidents and development of remediation plans Aid the business in participating in security processes - risk classification, application certification, Third Party Relationship (TPR) review Act as a subject matter expert in information risk, controls, compliance and security best practices Contribute to continuous process improvement through risk identification and mitigation Communicate effectively with both technical and non-technical individuals at all levels
Coordinated projects - documented business requirements and coordinated activities between internal and external stakeholders Implemented OSFI portfolio monitoring for Sears Canada Managed relationship between TSYS, the business and IT for selected modules Consulted with the business on opportunities for business process improvement available through TSYS
Developed and implemented testing strategies for enhancements to the Sears.ca website and various supporting workflow applications Managed introduction of web analytics (Coremetrics) to Sears.ca Researched and documented the competitive environment for Sears.ca and presented results to senior management
Developed and documented Credit internet strategy, and presented to Senior management Coordinated various projects with IT, including development of an online credit card application Managed developments for Credit IVR systems