Steven Weber

Cybersecurity & Technology Transformation Executive | CISO Advisor | Security Operating Models, Portfolio Governance, GRC & Board Engagement

Columbus, Ohio, United States

About

Cybersecurity and technology transformation executive with deep experience helping large enterprises align cyber strategy, operating model, investment priorities, and executive decision-making. I served as Chief of Staff to the CISO at AbbVie and previously built and led Cardinal Health’s enterprise security governance, risk, compliance, and third-party risk capabilities. My work sits at the intersection of CISO office leadership, security operating models, portfolio governance, GRC, resilience, executive communication, and business-aligned risk decision-making. I help cybersecurity organizations run more like business functions by connecting strategy, financial prioritization, enterprise partnerships, delivery coordination, metrics, and board-level messaging. I bring a practical blend of enterprise operator, CISO advisor, transformation leader, and PwC advisory experience. Colleagues describe me as someone who brings clarity and momentum to complex work while putting people first. I am known for listening before acting, communicating clearly across levels, creating alignment, and helping teams deliver outcomes without losing sight of the human side of leadership.

Experience

  • Independent Cybersecurity, GRC & Transformation Executive at Independent
    Apr 2026 - Present · 4 mos

    Independent executive focused on senior cybersecurity, GRC, IT risk, transformation, and advisory leadership opportunities.

  • Board Member at National Technology Security Coalition
    Apr 2022 - Present · 4 yrs 4 mos

    Advise and engage U.S. House, Senate, and Executive Branch stakeholders on national cybersecurity policy, advocating for practical enterprise CISO priorities across cyber risk, resilience, governance, and regulatory policy.

  • CISO Chief of Staff, Director Information Security and Risk Management Operations at AbbVie
    Sep 2022 - Apr 2026 · 3 yrs 8 mos

    Served as strategic partner and chief advisor to the CISO, translating cybersecurity priorities into executive operating rhythms, investment decisions, portfolio governance, delivery coordination, and board-level messaging. • Served as financial operating partner to the CISO, helping manage portfolio governance across a $75M+ cybersecurity budget and connect investments, business cases, capacity, milestones, and executive decisions to risk priorities. • Established Office of the CISO operating cadence and centralized metrics, improving visibility into portfolio health, transformation progress, delivery risks, decision points, and leadership accountability. • Partnered with enterprise transformation, infrastructure, and technology teams to align cybersecurity priorities with digital initiatives and improve collaboration between cyber and infrastructure leaders. • Led CISO office special projects and delivery coordination, bringing structure, executive visibility, risk-based decision support, and follow-through to emerging priorities. • Built enterprise human risk management and security awareness capability, leveraging behavioral analytics and targeted communications to reduce user-driven security risk.

  • Cardinal Health ()
    • Director IT Risk Management and Compliance
      Sep 2015 - Sep 2022 · 7 yrs 1 mo

      Founded and scaled enterprise security governance and risk capability, growing a 40+ person organization responsible for IT third-party risk, IT risk, cyber risk governance, and compliance across a complex global enterprise. • Designed and led the enterprise IT Risk Governance Committee to enable timely, risk-based executive decisions, eliminating low-value compliance activity and check-the-box controls. • Partnered directly with the CIO, CISO, and Internal Audit to drive practical, defensible audit and regulatory outcomes without unnecessary business disruption. • Led cybersecurity support for mergers and acquisitions, directing diligence, risk assessment, and integration governance across transactions. • Acted as senior advisor to Legal, HR, Finance, and Security leadership, translating technical risk into business decisions and helping leaders prioritize action based on business impact. • Scaled the security governance and risk operating model through a captive offshore team in Asia, improving cost efficiency while maintaining accountability, quality, and operational credibility. • Built and led high-performing, diverse teams, achieving high engagement and below-market turnover. • Delivered quarterly Board-level material risk reporting with the CIO and CISO to inform executive decisions. • Created executive-facing governance structures that helped security leadership communicate cyber risk, compliance, and resilience priorities in business language.

    • Director Internal Audit
      Mar 2013 - Sep 2015 · 2 yrs 7 mos

      Led enterprise SOX compliance, IT audit, and Medical segment financial audit activities in a highly regulated environment, with focus on risk-based assurance, control modernization, executive visibility, and practical business partnership. • Rebuilt the SOX 404 compliance process, enhancing 33% of controls and adding 16% additional controls to address emerging financial, operational, and technology risks. • Drove adoption of COSO 2013 and modernized audit testing to improve efficiency, risk coverage, and insight generation. • Transitioned IT Audit into a business partner model, aligning audit activities to IT strategy while helping technology leaders identify and manage risk. • Coordinated Audit Committee deliverables for the CFO, CIO, and General Counsel to provide clear executive and Board-level visibility into risk and control posture.

    • Director Operational Excellence Deployment Leader
      Feb 2008 - Mar 2013 · 5 yrs 2 mos

      Embedded continuous improvement across IT, Finance, HR, and Legal, generating $97M in financial savings over five years. Oversaw corporate strategic planning for the CFO and leadership team. Strengthened operational risk awareness and accountability across functions.

  • Senior Manager Risk Management at PricewaterhouseCoopers (PwC) LLP
    Jan 1995 - Mar 2004 · 9 yrs 3 mos

    Provided risk, governance, and technology advisory services to Fortune 500 organizations, integrating financial, operational, technology, and IT risk perspectives. Built foundation in consulting delivery, executive client service, methodology development, and partner-led business development. • Selected to spend one year in PwC’s National Office supporting development and rollout of new consulting service offerings across the firm’s client practices. • Worked closely with national practice leadership and partner teams to develop methodologies and service delivery approaches adopted across client engagements. • Advised enterprise clients on governance, cybersecurity risk, and technology transformation initiatives. • Built lasting relationships with partners and consulting leaders across the firm.