Brian Shea

Brian Shea Email and Phone Number

Director of Technical Audit @ Expedia Group
Kirkland, WA, US
Brian Shea's Location
Seattle, Washington, United States, United States
Brian Shea's Contact Details
About Brian Shea

Information Security, GRC, Risk Management, Compliance, Technology Architecture and Systems Design, Cloud Computing, Innovation, Gaming Tech, Consulting, Security Strategy, Technology Risk Assessment, Controls Assessment, CertificationsSpecialties: GRC, Risk assessment and management, technology strategy and architecture, Cloud Computing, Information Security and Technology Design, Innovation, Compliance and Certifications, Policy Management

Brian Shea's Current Company Details
Expedia Group

Expedia Group

View
Director of Technical Audit
Kirkland, WA, US
Brian Shea Work Experience Details
  • Expedia Group
    Director Of Technical Audit
    Expedia Group
    Kirkland, Wa, Us
    View
  • Salesforce
    Biso - Senior Director Of Security
    Salesforce Mar 2020 - Present
    San Francisco, California, Us
    As a Business Information Security Officer (BISO) at Salesforce I support delivery of security and compliance into the clouds we operate to ensure Salesforce's #1 value of Trust is always delivered, top of mind, and evolving to stay current. In this capacity I support our CRM Infrastructure, our Industries Cloud, and Salesforce.org including Non-Profit, Education, and Philanthropy clouds.- Act as a security and compliance domain expert who assists Senior Product and Engineering Leadership with the improvement of security. Provide information security direction and counsel for initiatives in e-commerce, mobile, cloud technologies, and agile development projects.- Track program and project delivery through the entire lifecycle to ensure delivery of the right things, at the right time, with the right priority and resourcing.- Negotiate and drive priority on security and compliance projects across supported clouds and technologies (PKI, Identity, Key Management, Detection and Response, and Vulnerability Management, etc).- Work with newly acquired companies on baselining security and compliance and gap closure to meet Salesforce's standards. - Drive consistent improvement in speed, accuracy, and coverage for security and compliance controls and processes.- Be the single escalation point and disambiguation point for requirements, priorities, and delivery for security and compliance activity. Interpret and implement information security policies and standards specific to the clouds I support.- Additionally I serve as the main point of contact for security integration to GRC to align compliance and risk management objectives with the business objectives of the clouds.- Active Equality Mentor within Salesforce to help support and be an ally for under-represented populations within the security and compliance field.- Monitor current and proposed laws, regulations, industry standards and ethical requirements related to IT risk, privacy, and information security.
    View
  • Red Sherpa Enterprises, Llc
    Owner And Ceo
    Red Sherpa Enterprises, Llc Jan 2010 - Present
    - Owner and CEO of Red Sherpa Enterprises, LLC. Manage P&L and property management vendor relationships, oversees market analysis and pricing decisions, coordinates contracts and payments.- Overseeing property in Waikoloa, HI.
  • Microsoft
    Principal Program Manager Lead - Grc
    Microsoft Sep 2016 - Mar 2020
    Redmond, Washington, Us
    Operate the Policy, Certifications, and Compliance areas of the COSINE GRC Team within Azure including the following activities:- Deliver compliance with ISO27001/18, SOC 1-3, FedRAMP Moderate and High, and PCI / SOX support to cloud services ensuring preparation, audit, and certification. These activities led to over 200MM in sales.- Build a cross team compliance boundary strategy that ensures smooth and accurate delivery of compliance across orgs (Azure, Windows, O365, Gaming)- Ensure delivery of compliance for the Development and Build process in Azure specifically Windows Client, Server, Applications, and Service releases for all compliance domains, including Anti-Trust, compliant software and supporting services, Gaming, and device / supply chain.- Report results of compliance activities weekly and monthly to leadership to drive behavior and results- Support and enhance tools for optimized delivery of compliance requirements to dev and PM teams. Automated tracking and reporting on success through KPI monitoring and Power BI Reporting- Manage tracking, reporting, and delivery for corporate obligations to regulators, including audit support and senior leadership reporting, and outreach to obligation owners and executors- Oversee the team compliance tools strategy for optimizing business process, adding machine learning and AI to existing tools, decreasing overhead, and ensuring high quality data is presented to SLT- Support proper use of Open Source Software (OSS) within products and ensure licensing and attribution compliance- Track and report on audit issue status and consult with teams on pre-audit activity, audit execution, post audit responses and actions, and audit reporting and remediation tracking- Ensure Business Continuity, Disaster Recovery, and Service Resiliency are delivered, including people displacement and drive for high rigor in test execution- Work closely with teams in Dublin and Shanghai
    View
  • Microsoft
    Director Of Security - Grc, Wdg Division
    Microsoft Sep 2013 - Sep 2016
    Redmond, Washington, Us
    - Support the Windows and Devices Group (WDG) of Microsoft for Policy, Compliance, Risk Management, and Business Continuity Management.- Oversee the implementation and delivery of a formal GRC Program across WDG.- Optimize Business Continuity program to improve data quality around recoverability for all business units, ensure program reporting to senior management, and ensure all systems from developer support through service delivery are recoverable. Initially improved recoverability by 30% through better data quality and ongoing reporting.- Establish a Risk Management practice for WDG including aligning to corporate ERM processes, sustaining a consolidated risk register, and establishing a regular risk reporting process and rhythm to ensure senior leaders are enabled to make risk informed decisions.- Provided Risk Management support for the Nokia integration during transition period. Supported Enterprise Risk Management reporting and assessment process to inform the Board of Directors about risks associated with supply chain and Nokia integration.- Sustained and consolidated a Policy Program for WDG, aligning to the corporate policy programs and process but allowing for business driven variance where required to meet business objectives. Ensured policy, standards, and baselines were rationalized, clear, and easily discoverable to the engineering teams for delivery.- Provided Compliance support for PCI, Privacy, Security, Ethical Social Environmental and mapped compliance objectives and certifications to internal policies, built the control framework and mapping to allow tracking of compliance delivery across all plan, build, run activities in scope. - Supported review of Internal Audit issues and supported OSG and MDG Audits from scoping to execution to remediation. Tracked and managed closure of Audit Issues as well as coordination of audit planning and scoping activity with Internal Audit.- ISO support for 13485, 27001, 27018.
    View
  • Microsoft
    Director Of Security - Grc, Ieb Division
    Microsoft Feb 2013 - Sep 2013
    Redmond, Washington, Us
    - Support the IEB Division of Microsoft for Policy, Compliance, Risk Management, and Business Continuity Management across Xbox, Xbox Live, Game Studios, Supply Chain and Manufacturing Operations.- Oversee the implementation and delivery of a formal GRC Program across IEB division at Microsoft.- Assess, align, and optimize Business Continuity program to improve data quality around recoverability for all divisions, ensure program completion and reporting to senior management, and reduce tracking of over 200 critical processes to 27 vital few objectives required to improve the program. - Establish a Risk Management practice for IEB including aligning to corporate ERM processes, building and sustaining a risk register, and establishing a regular risk reporting process and rhythm to ensure senior leaders are informed and enabled to make risk informed decisions.- Assessed, tracked, and drove remediation for dozens of risks identified during Xbox One launch and build process. - Built a Policy Program for IEB, aligning to the corporate policy programs and process but allowing for business driven variance where required to meet business objectives. Discovered and assessed existing policy and procedures for publication to the division.- Provided Compliance support for PCI assessment and audit, built the initial mapping of PCI Evidence to Xbox Specific requirements, reviewed and supported compliance work for Privacy, Online Safety, Anti-Fraud. - Supported review and closure of 8 overdue Internal Audit issues on arrival and supported IEB Audits from scoping to execution to remediation planning. Tracked and managed closure of Audit Issues as well as coordination of audit planning and scoping activity with Internal Audit.
    View
  • Create.Org – The Center For Responsible Enterprise And Trade
    Cybersecurity Board Of Advisors
    Create.Org – The Center For Responsible Enterprise And Trade Jun 2016 - Feb 2020
    - Provide input and guidance on how cybersecurity and NIST CSF can be implemented in enterprise environments.- Review methodologies for using NIST CSF and advise on improvements, metrics, and reporting.
  • Nodus Technologies, Inc.
    Board Of Technical Advisors
    Nodus Technologies, Inc. Jul 2014 - Aug 2017
    Anaheim, California, Us
    - Provide Compliance and Security guidance and advice, provide executive team input on company direction and strategy, assist in identifying strategic directions and options.
    View
  • Starbucks
    Director Of Risk And Compliance
    Starbucks Nov 2011 - Feb 2013
    Seattle, Wa, Us
    - Oversaw the Risk and Compliance Team, consisting of Risk, Compliance, SAP Security, Records Management, Privacy, Policy, Training and Awareness teams.- Created Risk Framework and IT Risk Program for use across all of IT and for reporting risk through the ERM program to Senior Management.- Served as Security Architect and sat on the Architecture Director's forum and EA Architecture Review teams to ensure risk, compliance, and security issues were covered.- Temporarily oversaw the Security Engineering and Operations teams during periods when there was no director over those teams.- Drove hiring and reorganization of the Information Protection Services (IPS) Team, including the dissolving of the Engagement Management function, to optimize the team for throughput and delivery.- Operated projects for IPS to analyze requirements and vendors, select products, and deploy capabilities for eDiscovery and Litigation Hold Management, performed budget and resource analysis for Privileged Access Tracking, Tokenless Multi-Factor Authentication, and supported engineering projects for Data Loss Prevention, configuration of internal network segmentation, and internal delivery of security services.
    View
  • Bank Of America
    Senior Vice President, Operational Risk Manager
    Bank Of America May 2010 - Nov 2011
    Charlotte, Nc, Us
    - Provide consulting and executive support assessing and identifying risks for Bank of America's Global Information Security, Data Warehouse, and Global Shared Services environments. - Sitting on the Security Policy Review Committee, Control Inventory Steering Committee, and Cybersecurity and Identity Management Network (CIMNet) Team.- Provide consulting support on action plans, reviews, and evidence supporting closure for Audits, including internal, federal, and international regulatory agencies. Support SOX, PCI, and other security and risk reviews as needed by the executive team.- Assisted in creation and execution of the Control Assessment Program across the Global Technology and Operations team for mapping processes, controls, and risks into a common framework and reporting tool for risk identification, prioritization, and remediation.- Coordinate with our Information Security Assessment teams (application, data center, threat management) and our risk and control assessments to ensure risk and control gaps are entered into our risk pipeline and are aligned to our global security strategy.- Influences auditors, executives, technology managers, and finance teams to come to consensus on severity ranking, planning, and execution of remediation of risks through negotiation, consensus building, and mapping of resources to work efforts and plans.- Routinely present security and risk management metrics, topics, and Points of View to executive management and stakeholders. Presented our Cloud Computing Security Strategy to Federal Regulators twice ensuring our risk and security strategy met with their approval and our business goals.
    View
  • Bank Of America
    Senior Vice President, Senior Architect In Technology Innovation
    Bank Of America Nov 2001 - May 2010
    Charlotte, Nc, Us
    - Served as Chairmen for the Cloud Computing Task Force, overseeing our strategic move to adopt Cloud Computing with a target of a net IT save of over $250 million. Built and grew this matrixed team from 12 to 75 members.- Negotiated the successful deployment and security configuration for Microsoft's LiveMeeting, saving roughly $5.5 million in 2007 (projecting to $23 million in savings annually) in Web Conferencing costs.- Achieved Designed For Six Sigma Green Belt certification that redesigned Blackberry Procurement, resulting in savings of $125,000 a month and improved delivery from 7 to 4 days.- Created and served as chairperson of the Windows Security Center of Excellence ensuring security compliance goals aligned with business goals and risk management objectives.- Responsible for all security architecture and design for Windows platforms on roughly 350,000 computer systems across 32 countries, in Production, Testing, and Development environments.- Managed the Windows Security Engineering Team supporting global implementation of our security policy across the global Bank of America network.- Represented Bank of America at Microsoft’s CSO Council and other senior level meetings involving CSO Executives from Fortune 500 companies representing Pharmaceuticals, Automotive, Defense, Manufacturing, Shipping, and more. - Took on a role on the steering committee for SecureWorld Seattle Security Conference.- Implemented patch management process improvements bringing our patching down from 60+ days to fewer than 14 over an 18 month period for 350,000 Windows devices.- Established and sustained 19 security baseline policies including writing, supporting, defending, auditing against, and improving the documents and process. Supported an additional 30 baselines and standards.
    View
  • Microsoft, Msn
    Windows Build Manager
    Microsoft, Msn Mar 2001 - Oct 2001
    Redmond, Washington, Us
    - Coordinated and managed automated builds for all OS, IIS, SQL, .NET, and Custom code for 27 MSN Web Properties. - Coordinated with IT Build teams to get reqiurements identified and included in versions of the builds and troubleshoot issues related to new technology and build releases.
    View
  • Ignia
    Chief Technical Officer
    Ignia Jun 2000 - Jan 2001
    Us
    - Operated Development teams for Web Back-end and taught coding practice and process management.
    View
  • Bank Of America
    Assistant Vice President
    Bank Of America Jul 1997 - Jun 2000
    Charlotte, Nc, Us
    - Information Security Officer, responsible for the growing portfolio of Windows Security Baseline Documents, from creation, through vetting, to implementation.- Email administration and security for Lotus Notes, Exchange during migrations to centralized Exchange environments.
    View
  • Wintech Communications
    Senior Consultant
    Wintech Communications Sep 1996 - Jun 1997
    - Provided Custom Consulting and Technical Services to Seattle area small and medium sized businesses.
  • Keane
    Project Manager
    Keane Jul 1995 - Sep 1996
    London, United Kingdom , Gb
    Team lead for technical support and call center technicians supporting Windows 95, Microsoft Games, TechNet, and Select projects for Keane. Included in responsibilities were the productivity and performance of the team for call volumes and call quality, ongoing training of the team and training of new hires on supported technology, escalations on customer dissatisfaction and compliants received and handled.
    View
  • The Software Labs
    Manager Of Technical Services
    The Software Labs Jul 1993 - Jul 1995
    Lead a team that provided software evaluation, testing, and selection for inclusion in a monthly catalog. This also included technical writing services, install program creation, technical support, and collaboration with the publishing department on production of the monthly catalog content.
  • Us Army
    Officer Military Police
    Us Army Jul 1989 - Jan 1993
    Arlington, Virginia, Us
    Rank 2LT, 1LT, and promoted to CPT as I left service. Served as Executive Officer for a prison support unit, platoon leader for a law enforcement unit, and assistant training officer for a Battalion prior to leaving service.
    View

Brian Shea Skills

Security Information Security It Strategy Cloud Computing Risk Management Computer Security Information Technology Vendor Management Business Continuity Enterprise Architecture Process Improvement Management Sarbanes Oxley Act Financial Risk Data Center Disaster Recovery It Management Information Security Management Leadership Governance Analysis It Audit Business Intelligence Networking Cissp Windows Standards Compliance Sdlc Team Leadership Security Architecture Design Security Policy Business Process Improvement Risk Governance Six Sigma Software Development Life Cycle Information Security Engineering Visual Basic Global It Operations Records Management Pci Dss Cybersecurity Technology Innovation Scrum Agile Project Management Project Management Executive Management Supply Chain Management Product Management

Brian Shea Education Details

  • Uc Santa Barbara
    Uc Santa Barbara
    Chemistry

Frequently Asked Questions about Brian Shea

What company does Brian Shea work for?

Brian Shea works for Expedia Group

What is Brian Shea's role at the current company?

Brian Shea's current role is Director of Technical Audit.

What is Brian Shea's email address?

Brian Shea's email address is b.****@****rce.com

What is Brian Shea's direct phone number?

Brian Shea's direct phone number is (866) 620*****

What schools did Brian Shea attend?

Brian Shea attended Uc Santa Barbara.

What are some of Brian Shea's interests?

Brian Shea has interest in Children, Education, Environment, Poverty Alleviation, Science And Technology, Disaster And Humanitarian Relief, Human Rights, Animal Welfare.

What skills is Brian Shea known for?

Brian Shea has skills like Security, Information Security, It Strategy, Cloud Computing, Risk Management, Computer Security, Information Technology, Vendor Management, Business Continuity, Enterprise Architecture, Process Improvement, Management.

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Aero Online

Your AI prospecting assistant

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.