Financial Services Company
Chief Information Security Officer

Information Security Governance

Information Security Standards: Led the creation of an information security policies and standards program that aligned with internationally recognized best practices. Built policies and standards working collaboratively with business units, IT and other key groups to develop organizationally aligned requirements.

Information Security Controls: Developed processes to identify control thresholds, testing procedures and reporting for information security controls. The metrics were then reported to executive management and business units.

Information Security Metrics: Revamped all information security metrics reported to executive leadership, removing focus on activities completed to actionable, executive level information that directly led to more informed risk decisions.

Enterprise Risk Assessment: Led effort to evaluate information security risk across organization using ISO 27001 aligned standards to set baseline for organization and identify key risks.