Dave Heaney Email & Phone Number

Somerville, Massachusetts, US

London, GB

• At EY, I advised CISOs, business executives, and boards in a variety of industries with large-scale strategic cybersecurity initiatives. Experienced in healthcare, retail, biopharma, and manufacturing, I developed and.
• Led the development of cybersecurity roadmap, board-level communications, and initial steps of IAM transformation at a large global consulting firm, allowing them to focus cybersecurity efforts in areas of highest risk.
• Led assessments of cybersecurity capabilities and risk posture at multiple multi-billion-dollar organizations, including peer maturity modeling, roadmap development, executive stakeholder management, and board.
• Led the development of application security roadmap, including integration with DevOps pipeline and Agile development workstreams at a $20 billion+ retailer.
• Led Security Operations transformation at Fortune 25 retailer resulting in more efficient and effective vulnerability management processes, increased SOC visibility, and improved ability to respond to known events.
• Fully accountable for profitability of all of engagements within my book of business.

Framingham, MA, US

• In my role at TJX, I led a team of 15 associates and a varying number of contractors providing three main services: ownership & maintenance of the IT Security strategy & roadmap, delivery of projects against that.
• Created the first team within TJX dedicated to the delivery of IT Security projects. Designed organization in line with TJX Solution Delivery practices, identified roles, and staffed the team. Led the creation.
• Successfully delivered projects around privileged user & password management, next generation firewalls, multifactor authentication, identity & access management, endpoint detection & response, operational stability.
• Created portfolio office structure to plan and monitor the execution of roadmap work performed by other teams.
• Created security consulting function to provide detailed design services to IT projects, enhance application security program, and serve as a “front door” for other services within IT Security.
• Drafted quarterly presentations for Board of Directors, with considerable experience presenting to board members and other executives.

Framingham, MA, US

• In my first role at TJX, I oversaw a team of 38 associates in groups responsible for responding to security events, performing all manner of threat research & security assessments, building & maintaining our security.
• Performed a strategic assessment of organization, recommended and implemented organizational and procedural improvement. Restructured team to align to current threat models, reduced staff openings by 70% and turnover.
• Updated all roles and hiring methods to make the team more competitive in the market, and developed & upskilled existing staff to provide capabilities needed in today's environment.
• Consolidated the overall Security Operations book of work, significantly reducing overall Work in Process and increasing velocity of deliverables.
• Developed and implemented new standard operating procedure to work more efficiently and effectively with both internal and external auditors. Took on responsibility as primary control owner for SOX controls, automated.
• Drove coordination with security architecture team to streamline budgets, rationalize toolset, and reduce cost.

London, GB

• As the Director of Security & BCP for Pearson Learning Technologies (PLT), I am responsible for information risk management across systems that support online learning for over 24 million users. This responsibility.
• Integrated and directed team of nine people to minimize risk to Pearson’s online learning products within the PLT organization. Overall budget responsibility is $2 million+.
• Specific efforts led include application & infrastructure security testing, IDS/IPS, SIEM system implementation, security awareness program implementation, SOC 1 testing, and Safe Harbor certification.
• Directed preparation of business continuity plans for over 1,200 staff in five domestic and one international location.
• Supported SVP of Systems & Operations team in multiple roles including standardizing job roles across the organization using Lominger leadership competencies, setting message tone for organizational communications, and.
• Partnered with Internal Audit (IA) in updating risk frameworks and established guest auditor efforts to provide IA with additional technical resources for specific engagements.

London, GB

• Managed team responsible for security & BCP across Pearson’s flagship online learning platforms, developed and maintained by the Learning Technology Group (LTG). This included overall budgetary responsibility of.
• Established application security program, including testing, training, secure coding, and vulnerability management. Designed first application security-specific job function within LTG and built out staffing model.
• Developed and executed security incident response processes. During incidents, managed virtual teams with representation from security, systems & network administration, legal, and communications to drive.
• Drove the rollout of the organization’s first set of security processes & procedures leading to increased awareness of security activities & requirements and lowered risk to the organization.
• Partnered with security management in other Pearson organizations to ensure activities are performed efficiently and consistently. Served as primary point person for all internal and external audits of the organization.
• Managed execution of Pearson’s Global Data Privacy Program within LTG to completion.

GB

• Responsible for sales, engagement management, and personnel development within Advisory Technology Practice. Representative engagements included penetration testing, security strategy, SAS70 testing, and IT.
• Responsible for over $500,000 of sales and managed engagements with revenue of over $1,000,000 in FY08.
• Developed and implemented processes, project management standards and revenue models for leveraging PwC India in security assessments. Developed and delivered security training on-site to PwC India staff in Kolkata.
• Successfully managed up to four engagements at multiple clients simultaneously.
• Acted as a formal coach to guide the professional growth & development of four associates.
• Frequent speaker in front of client technical teams and senior management on various topics relating to information security.

GB

• Performed and led web application security assessments and internal and external penetration tests for clients in the financial services and retail industries.
• Responsible for over $400,000 of sales in FY07, and led engagements with revenue of over $300,000.
• Trained new associates hired into the Practice.
• Managed teams of up to five PwC staff on individual engagements.
• Member of National Web Application Security Core Team setting standards for consistent engagement delivery, testing methodologies, and overall client service..

GB

• Performed web application security assessments and internal and external penetration tests for retail and financial services clients using both manual and automated techniques. Tools used included CORE Impact, Nmap.
• Perform additional security testing relating to Sarbanes Oxley requirements, SAS70 reviews, financial audits, and HIPAA reviews.
• Conducted risk and gap assessments on client environments using PCI DSS, ISO 27001, GLBA, and state/federal privacy regulations.
• Performed technical configuration assessments of UNIX, Windows server and Active Directory, network, and database environments.

New York, NY, US

• During my tenure in the IT Leadership Development Program (ITLDP) at Travelers, I completed two rotations:2002-2003: Internal Audit
• Perform audits of the company’s applications to verify that data confidentiality, integrity, and availability are maintained.
• Participate in company-wide HIPAA Assessment and Sarbanes/Oxley Certification Process.2001-2002: COBOL Developer
• Support client/server and mainframe batch daily, monthly, and quarterly processing.
• Develop COBOL programs for use in processing system conversion.

Mba, Business

Bachelor Of Science, Computer Science

Certificate, Strategic Decisions & Risk Management