Short term engagement as Chief Information Officer (CIO).Member of executive team that redefined the company strategy and direction. Partnered closely with CEO, CFO and Heads of Product, Operations, Credit, Marketing and Sales.Advised Product teams on improvements to existing customer on-boarding process to reduce cost and improve customer quality.Reviewed AWS production environment architecture and identified opportunities to improve resilience of critical systems and third party integrations.Identified opportunities to reduce fraud and credit risk with Product, Risk and Credit teams.

Led efforts to prepare for regulatory examination from the Office of the Comptroller of the Currency (OCC) leveraging GLBA, FFIEC CAT and NIST CSF rules and frameworks. Achieved sufficient level of maturity in the program to pass regulatory examination without significant findings.Conducted Board Member education and walkthroughs of the redesigned information security program to gain buy in and support. Invited back to present on changes and continued improvements with the head of the Audit and Risk Committee monthly. Led incident response using cross functional teams including Fraud, BSA/AML, Engineering and Security Operations.Implemented processes and systems through collaboration across the business including Legal, Finance, HR, Technology, Engineering, Product and Risk.Advised and directed technical security tooling implementations in software development lifecycle (CI/CD), network monitoring and detection and response.Hired and retained a security risk management team responsible for continued oversight of cybersecurity risk management and compliance activities.Conducted annual processes to certify to industry standards, certification and audits such as PCI-DSS and SOC2.

Managed the approximately $10m security budget across staff, technology and third-party service providers.Increase budget ROI through outsourcing partners and service providers while maintaining the core team of experts internally.Managed incident response in conjunction with Legal, Compliance, Technology and Third Party Service Provider teams.Collaborated with cross-functional teams to ensure the program met expectations of clients, regulators and business stakeholders.Demonstrated subject matter expertise through quarterly Board meetings at each global location as well as presentations and walkthroughs with large client account teams.

Designed and built core capabilities including vulnerability management, identity and access management, security operations, incident response and third-party risk management.Responsible for over $2m in cost savings during first year.

Interim CISO at global technology supplier, distributor and services organization for 3 months and improved internal security review processes, architecture and relationships between security and technology.Interim CISO at PIMCO prior to joining full time. Recognized for leadership and stakeholder management skills and invited to “change badges”.Worked closely with senior partners to clarify customer needs and define project scope, work, execution and final completion. Average deal flow of $30m per year with $10m in sales in 2013 and 2014.Asked to assist on projects that were not going as well as they could. Leveraged stakeholder and project management skills to realign scope and expectations with customers and re-staffed teams.Revamped global IT risk management program at global insurance provider with multiple subsidiaries.

In this role I performed a wide variety of duties including project manager of an identity and access management strategy development project, consultant responsible for creation of a PCI compliance strategy, facilitator for risk assessment workshop sessions and career coucelling manager for junior staff. The following is a sample of successfully completed projects:Developed an IT security strategy for one of the states largest water distributors.Reviewed and improved the IT security strategy of a large mining companies.Identified areas of improvement in overall IT policy framework, content and implementation strategy.Project managed and provided subject matter expert expertise in the improvement of information security governance practices. Worked with Execurity Management to understand requirements and design the operating model, governance framework, review the appropriateness of policy documentation and develop initiatives including a control self-assessment program.

This role saw me assist a national sales team with marketing strategy development, pre-sales activities and proposal development as well as leading the delivery of consulting work with clients in Melbourne, Sydney and Brisbane.Consulting engagements included business process re-engineering, security strategy development, information security management system framework definition and policy/process definition/review. To keep my hands dirty, I was quite involved in vulnerability and penetration testing as well as security architecture reviews.During this time, DLP (Data Loss/Leakage Prevention) has become the new buzz in the industry... so much so that I gave a presentation on this as a joint marketing initiative with RSA.

Oversaw core security consulting services, including business development, client management, vendor management, process improvements, and project implementations. Conducted information and physical security assessments for clients in diverse industries. Performed technical vulnerability assessment and penetration testing.

Served as “Security Designer” and architecture implementation lead for multiple projects. Identified Internal risks and treatment, creating policies to enable firm to be ISO 27001 certified. Implemented technology solutions for some of Australia’s largest banks.

Managed a team of 10 to create firm’s global information security practice. Oversaw resource planning, project implementation, budgeting, business case development, vendor relations, and operations.Defined and document the Corporate Information Security Policy to ensure effective controls were implemented to protect critical business information, processes and technologies.Developed a proven Information Security Strategy with input from various areas of the business to ensure movement towards compliance with required regulatory requirements including FSA UK and PCI DSS as well as ISO 27001 guidelines.Conducted risk assessments of various business locations, processes, applications and systems including in-house developed applications and assessments of third party applications/solutions/agreements.Championed security, conducted education and awareness sessions with all areas of the business from executive management to technical staff and call center operators.

Joined IBM Global Services Australia as a HP-UX and AIX Security Administrator. Changed roles in 2000 to focus on Information Security Risk Management through implementation of technical controls across large fleets of UNIX and Linux servers for some of Australia's largest banks and airlines. Advised IBM account management and clients on security improvements, controls, and policies. Planned and executed quarterly information security risk assessments and policy gap analysis.