Information Security, Compliance, Privacy and Risk Management governance

Information Security, Compliance, Privacy and Risk Management governance re-organization for one of the world’s largest financial institutions.

Built a highly successful Global Information Security & Compliance Program at Kaplan, Inc. from the ground up over the course of 6 years. As the Global head of Information Security and Compliance, reporting directly to senior management, as well as Kaplan’s parent company, The Washington Post, Mr. Davis was responsible for leading the development and implementation of a comprehensive Information Security, Privacy and Compliance program, based on the ISO 27001/2, that included Sarbanes Oxley Compliance, Privacy Compliance, Payment Card Industry (PCI) Compliance for a highly decentralized environment. Mr. Davis has more than 13 years of experience in the information technology, security and privacy field.

As a Strategy Policy and Information Security Consultant, focused on the development of information security and privacy policy for the federal government. Directly authored portions of numerous NIST Special Publications.Strategic information security consulting and domestic/information security privacy, federated identity and access control management solutions and export policy. For example, co-led project to develop a common framework for flexible, security collaboration for five Aerospace & Defense companies to include the US Department of Defense, UK Ministry of Defence, US Department of State and the UK Department of Trade & Industry. Specifically, Mr. Davis was responsible for developing a set of common policies and procedures spanning 14 policy areas. Chief-of-Staff to the Federal CIO Council responsible for supporting development of information assurance policy as well as developing and leading task forces to address information security issues raised by civil agency CIO’s and the Office of Management and Budget (OMB). Worked on major Federal legislation such as the Federal Information Security Management Act (FISMA).Worked with a number of private and public sector clients to develop enterprise-wide security and privacy programs specifically focusing on the following security areas: Disaster Recovery Planning, Business Continuity Planning, Security Funding, Program System Inventory, Vulnerability Assessment and Material Weakness, Privacy Metrics, Security Training, Incident Response, IT Capital Planning, Critical Infrastructure Protection, Security Life Cycle, Security Program Integration, and Supporting Services Security. Mr. Davis acquired a unique perspective as to the requirements, at both the strategic and tactical levels, for building and maintaining security programs for large distributed environments.

Worked as an EDP auditor using GAO’s Federal Information System Controls Audit Manual (FISCAM) and SAS 70 reviews. Involved in drafting project plans and budgets, allocating resources to meet project expectations. Evaluated the effectiveness of IT controls surrounding clients critical information systems, documented weaknesses, and presented valid and supportable conclusions to senior management. He assisted in technical reviews. Supported teams in developing systems security plans and other security related documentation. Drafted comprehensive narratives, describing clients’ critical financial systems, organized, structured and finalized client deliverables. Referred opportunities to improve and/or expand client services within existing projects.