Leader, It Risk & Information Security
St. John'S, Nl Canada
• Member of the Working and Steering Committees tasked to bring Johnson compliant with the Payment Card Industry Data Security Standard (PCI DSS). Involved in project planning, coordinating, monitoring project status, and control implementation.• Lead the roll-out of an End User Computing Applications Policy across Canadian operation (RSA Canada and Johnson).• Working with System Operations to identify risks and implement appropriate controls.• Conduct information security due diligence on third party vendors prior engagement.• Documenting and testing of IT General Controls (ITGCs), including Change Management and the SDLC, where testing would be followed by a comprehensive report to management on strong controls, identified risks / gaps, and recommended remediation.• Active in planning and executing security awareness throughout the organization.• Contracted out a complete review of ITGCs in 2012 to EY which started with developing a business case to seek such services and then managed a team of two who did the work.• Play a key role in information security incident response.• Conducted and evaluated physical security assessments on various office locations.• Quarterly reporting of security control status to RSA Security Head Office (UK).• Became leader of a new team in 2007 with one direct report (the System Compliance team which was merged into the Enterprise Risk team in 2009).• Acting as a conduit for the business to address Systems Compliance and Security concerns and working with them to resolve.• Acted as the Business Continuity Coordinator for the Business Continuity National Working Group (2008).• Took initiative by developing and testing Johnson’s first Disaster Recovery Plan.