-Championed the creation of and currently leads the International Cyber center of excellence. Delivered enhanced governance and oversight of all regional entities ensuring global expectations and risk appetite are met. -Holds regional accountability for Cyber Security across UK, EU and Asia Pacific. Registered as the SMF 24 for Cyber Security under the UK PRA / FCA Senior Management Framework and holds the position of UK Chief Information Security Officer. -Established regional Cyber Security Committees enabling local officers to ensure effective oversight of enterprise delivered cyber security programs and services.-Member of regional Management Committees, including UK and Asia Pacific, providing business leadership with assurance of the effective operation of the cyber security control environment.-Member of a range of Global, Cyber and Technology Risk forums ensuring regional input and perspectives including the Global Cyber Security, Security Excellence and Technology Operational Risk Committees.-Developed the banks framework for Mergers & Acquisitions Lifecycle for Cyber Security. Led numerous M&A programs including acquisitions in the US and the planned divestiture of a major banking unit in the Caribbean.-Responsible for the integration of regional requirements into the bank’s global cyber security strategy and program ensuring regional requirements including those driven by the CSSF, HKMA, MAS, APRA, PRA etc. are appropriately prioritized and delivered.-Developed a comprehensive suite of Inter-Company Agreements, managing a robust Service Level Agreement oversight regime. The regime brings together service providers and recipients in an effective and efficient process providing both a regional and global perspective on service delivery. -Established a right-scaled, global governance and oversight program enabling the banks Global CISO to effectively ensure that regional units operate within the banks defined risk appetite.

Seconded to CIBC’s US Region as Interim Chief Information Security Officer on two separate occasions. The region consists of CIBC Bank USA, Capital Markets and Private Wealth Management operating in all major markets across the US.2017-2018-Provided Cyber leadership for the newly created US Region built upon the 2017 acquisition of the Chicago based Private Bank Corp. -Defined and implemented comprehensive CISO accountabilities for the US Region including integrating CIBC Bank USA with legacy CIBC Capital Markets and Wealth Management operations in the US.-Led the Information Security, Vendor Risk Management, Business Continuity & Disaster Recovery, Physical Security, Identity & Access Management and Records Retention prior to the hiring of a permanent US Region CISO.-Successfully led the NYS DFS Part 500 (23 NYCRR 500) Cyber Compliance Project, continuing to lead the ongoing sustainment and maturation of the program.2019-2020-Rapidly stabilized US Region Information Security functions upon US Region CISO’s unplanned departure in mid-2019 addressing leadership and delivery failings. -Established the regional Cyber Security Strategy, developing and operationalizing processes for governance, risk assessment, mitigation, management, reporting and defining the regional risk appetite. -Successfully and rapidly addressed many outstanding regulatory (FRB, FDIC, OCC & SEC) and internal audit findings and re-gaining regulatory support for Cyber Security with CIBC’s US regulators.-Re-established collaborative relationships with regional regulators across all US business units through extensive, transparent briefings and examination support including FRB, DFS, OCC and FDIC.-Led post M&A Cyber Integration delivering on schedule and in-budget a multi-year cyber integration project, ensuring alignment of US Regional cyber risk posture to that of the broader CIBC enterprise.

Led three teams delivering information security risk assessment services to the bank. These teams provide critical risk assessment, third party risk management and control testing services ensuring the banks operates within its risk tolerance.-Led the development, implementation and subsequent operationalization of an enhanced annual Information Security Scorecard. The scorecard builds upon traditional control maturity to deliver to the Board of Directors and Senior Executives, a balanced, NIST based, risk view of information security. -Directed the banks Supplier Risk Management function, transitioning from a procurement led to risk led culture. Significantly enhanced operational effectiveness to align supplier assessment timescales to the banks high-velocity growth trajectory. -Led the Technology Control Testing 1b function transitioning from a centralized Governance, Risk & Control group to a distributed model. Provided much needed stability and leadership ensuring consistent, on-time completion of annual assurance testing supportive of the banks annual SOX-attestation process and board certification of financial results

Led the Information Security Risk Advisor Team responsible for a team of senior information security resources interfacing with Technology Executives at CIBC.

Established and led the Information Security Strategy & Policy team responsible for the development and implementation of information security policies, standards, processes and procedures governing CIBC’s global operations

Led the Information Security team reporting to the Chief Information Officer. Responsible for the confidentiality, integrity and availability of IFDS information assets and operational ownership of key information security infrastructure.

Led the Information Risk Management team reporting to the Director Operational Risk, responsible for the confidentiality, integrity and availability of ING Directs information assets. key achievements included:Leading a team of Information Security professionals encompassing infrastructure, operations and development disciplines successfully delivering ISO17799 compliance, implementing and managing the banks governance and risk control system. Implementing an industry standard Risk and Control Self-Assessment within Information Risk providing management with tools to consistently identify, measure and monitor key information security risks.