Chris Mcnamara Email and Phone Number

Chris is currently responsible for the management of all areas of the security program and leads multiple teams in security engineering, risk management, incident response, business continuity, endpoint management and workplace collaboration. Duties include:Leadership, mentoring and coaching multiple teams.Develop and promote the IT security program and evaluate the program against industry standards such as NIST, ISO 2700x and CIS Critical Security Controls.Report on the advancement of the IT security program to various level of leadership in the organization including the governing Council. This includes developing key performance indicators and key risk indicators.Perform project management oversight of security initiatives, including stakeholder engagement, scheduling resources, coordinating 3rd party work, and report on project status.Develop and oversee the incident management, business continuity and business resiliency plans.Design the cloud security strategy. Provide education and training on the strategy. Oversee the implementation of cloud services and assess the effectiveness of controls in the services.Develop and maintain IT security policies, and educate users about the need to adhere to policy.Develop and manage an organization wide security education program.Develop and manage the risk management program that includes formal and informal assessments of technology, processes and 3rd party services, this includes regular vulnerability assessments.Develop and manage incident response activities from detection to retrospective. Select and work with Managed Security Service Partners to ensure high quality service delivery.Develop, manage and report on departmental and project budgets.Develop and deliver reports, briefings and updates to senior management and the governing council of the Association.Oversee the development of DevSecOps strategy including a formal pilot project to demonstrate the tools and processes.

Chris was a security consultant at the Canada Revenue Agency and Shared Services Canada. Duties included:* Senior resource responsible for directing individuals performing risk assessments and developing security requirements for enterprise networks and security systems.* Addressing a range of security concerns including review, analysis and advice on how to achieve compliance with Government security policies, guidance and directives.* Review the latest security trends and topics to ensure that up to date safeguards were being used to meet the security needs of complex applications and infrastructure.* Developed security standards for the organization including the use of encryption, development standards using OWASP and destruction and disposal of digital assets.* Perform incident response for a wide range of incidents including Advance Persistent Threat response.* Develop Briefing Notes, make presentations and oral briefings to Senior Management.* Research and apply latest guidance from both industry and lead government agencies such as guidance NIST, Gartner, Treasury Board, Public Safety and CSEC.

Chris was contracted by the Canadian Medical Protective Association to work closely with the Security Officer to advice on or develop various projects and processes including business continuity, pandemic planning, IT risk management, security awareness and policy development. Duties Included:* Developed security policies, standard and procedures based on industry standards such as ISO and NIST.* Performed a Threat Risk Assessment in support of critical security systems and developed strategies on disk encryption, Data Leakage Prevention and Digital Rights Management.* Development and testing of the Business Continuity Plans.* Developed an organization wide security awareness program targeted at end users.* Developed options for 75,000 members to authenticate to systems and applications.

Chris was contracted by Natural Resources Canada to develop a solution for implementing a Log Management and Security Information Event Management (SIEM) that would easily integrate into their operational environment.

Chris was contracted by CaRMS to provide advice, management and execution of the following projects:* Strategic IT Plan* ITIL and Operations Management * Business Continuity Planning* IT Security and Infrastructure Refresh

Chris was contracted by Guardian to recommend options for implementing a high availability network and server infrastructure that would increase their disaster recovery capabilities.

Chris was contracted by MCC to provide advice, management and execution of the following projects:* Vulnerability Assessment* Threat and Risk Assessments on distributed testing* Infrastructure Refresh* Secure Network Redesign* Incident Handling and Investigation

Chris was contracted by PCRC to provide advice, management and execution of the following projects:* Threat and Risk Assessments on New Systems and Services* Development of Security Policies, Processes and Procedures* Development of a Secure Infrastructure to Support Web Delivery

Chris was contracted by CIPO to perform Threat and Risk Assessments on all new projects as per Government policy and to further develop the Business Continuity Plans.

Chris was contracted by Cygnos to provide advice, management and execution of the following projects:* Network Redesign and Firewall Implementation for the Office of the Privacy Commissioner* Security Awareness Training at Industry Canada* Wireless Security Assessment at Health Canada* Vulnerability Assessments for Various Clients

Chris was an employee of Nexinnovations and was contracted out to clients to provide advice, management and execution various projects. Duties included performing vulnerability assessments, Risk assessments, IT system design, systems auditing, project management and training.

Chris was an employee of Nortel and was contracted out to clients to do network systems design.

Chris was contracted by OSC to provide day to day network management. This included system network design, security monitoring and risk assessment of new systems.

Chris was contracted by Centrinity to provide customer support on a proprietary messaging system.

Chris was contracted by Intria to provide customer support to over 400 clients in CIBC’s electronic banking division.

Chris was an employee of Attaché and was contracted out to clients to provide customer support at various locations using a wide range of IT systems.

Chris was an employee of EDS Canada and was contracted out to Xerox to provide customer support on various IT systems.