►Define Organization's Security Awareness Strategy.►Own, develop, and mature the Security Training, Security Awareness and Security Champions Programs.►Implement large scale programs and influence decisions that work to improve the company's overall security posture.►Maintain programs charters, roadmaps and monitor effectiveness.►Assess and select vendor products and work with external parties for training content creation.►Collaborate with vendors to ensure the seamless integration and performance of third-party applications.►Lead the CISO's communication strategy in collaboration with corporate communication.►Create, update, and deliver security awareness initiatives and content across various audiences using available tools and channels.►Authoring, revising, partnering with others on communications to promote security initiatives and announcements.►Perform Security Assessment and Assess Users’ Behavior.►Promote Cyber Risk Practices►Collaborate with Risk management, SOC, Threat intel sources to understand vulnerabilities and remediation path for user vulnerabilities.►Define and Validate Awareness Metrics (KRI’s and KPI’s).►Run security campaigns and provide metrics.►Report Status of Compliance and Outcomes.►Lead and mentor a team of skilled professionals responsible for promoting Cybersecurity culture within the organization.►Manage security awareness budgets.►Work directly with Procurement and Vendors to ensure purchasing process runs smooth.►Provide executive reports to senior leadership team.►Validate cybersecurity training assignments to ensure effective learning assignments.►Collaborate with various teams to guarantee that role-based and threat-based trainings are accessible and provided through several channels during the digital transformation.►Security presentations, publications, and industry collaboration►Develop and roll out trainings against CMMC certification for Bombardier Defense.

Phishing Campaigns► Design the phishing simulation process and develop the phishing program.► Lead all phishing campaign matters including, execution of regular campaigns, tracking, and reporting on repeat offenders.► Coordination with cross-functional teams to manage global, local, and ad-hoc campaigns.► Play subject matter expert (SME) role for Proofpoint and Terranova phishing solutions (SaaS).► Review suspicious email reports and follow up with end-users and SOC teams as needed to ensure such emails are removed from IT environment.Information Security Awareness► Develop a security awareness strategy. Develop a program aligned with industry regulations, standards, and compliance requirements.► Ensure that the security awareness program communicates security policies and requirements, ensuring employees, third parties and other stakeholders know, understand and can follow them.► Identify the top risks to the organization and the behaviors needed to change to mitigate those risks.► Rollout and maintain a security awareness program that effectively changes behaviors, helping employees to act in a secure manner, and reducing risk to the organization.► Create a user-centric program that engages employee attitude, attention and focuses on changing behaviors both at home and at work, helping employees to demonstrate the same secure behaviors regardless of where they are or the devices they are using.►Lead all security awareness training across Canada and US.►Track and manage across Canada and US, key performance indicators and reporting metrics, which effectively measure the health and success of the security awareness program and feed Tableau software.► Provide as SME, technical consultation, guidance, training, and assistance to developers, management, application, database and system owners, and users about cyber security matters.► Play Product owner (PO) role for the security awareness and training technical solutions acquisition projects

► Provide governance over control testing activities and ensure adherence to regulatory and Information Security requirements► Recommend adequate and effective security controls aligned with the Information Security governance and risk management strategy► Collaborate with stakeholders to manage and execute controls testing, gap analysis and remediation tracking► Provide Information Technology General (ITGC) guidance on testing methodology, processes and procedures, adherence to policies and standards, testing artifacts and documentation► Assess and challenge the design and operational effectiveness of controls while working collaboratively with control owners and other stakeholders► Report on deficiencies and agree on remediation plans with control owners and stakeholders► Periodically monitor compliance status with SOX regulations, Payment Card Industry (PCI) standards to align with latest updates and requirements► Review SSAE16 SOC 1 Type2 / SOC2 Type2, SAS70 and various SAQ compliance reports► Assist in the assessment and review of new and existing technology to ensure adequate levels of controls are in place to maintain compliance with regulatory (Sarbanes Oxley, PCI, SWIFT) and security requirements► Develop an understanding of additional compliance frameworks, investigate and estimate scope to implement new frameworks based on new standards and emerging regulations (NIST CSF, GDPR)

► Prepared companies to become ISO27001 compliant► Assisted the Lead Auditor in defining the scope and methodology for compliance► Examined and validated the existence of administrative and technical controls► Verified the effectiveness of technical controls

► Monitored and audited the quality of security information and event management (SIEM) products developed► Examined security analysts’ tasks and tools in the security operation center (SOC) to identify relevant problems► Recommended enhancements of the security information and event management (SIEM) software products and services to the research and development (R&D) to increase the productivity of security operation center (SOC)► Promoted process and document quality improvement to meet quality requirementsAchievements✔ Ensured products were implemented correctly according to the organization’s governance, risk and compliance framework

► Played a pivotal role in the establishment and administration of the Information Systems Security and acted as a Business Continuity team member administering SAP and SUMMIT security for daily productivity► Facilitated management decision making and awarding of contracts by conducting third party service provider security risk assessments on critical vendors; created and kept user accounts active, maintained SAP work environments, tailored profiles to each user’s specific position, ensured all SAP security platforms were maintained at the highest levels►Reviewed all system breaches, developed plans to address them and notified offending users, monitored privilege exemption rights on users PCs to meet security objectives, performed Business Impact Analysis (BIA) and Risk Impact Analysis (RIA) across departments Achievements✔Established the information security policies and standards enabling AfDB to obtain its very first Information Security policy, procedure and guidelines✔Designed security requirements, assessed risks and mitigated them, and ensured systems compliance with internal regulations and security guidelines✔Lowered risk and improved overall security through the organization and delivery of information security awareness seminars to more than 1500 staff members✔Customized and administered Blue Coast Proxy SG system services, including web filtering, webpage caching and web traffic scanning with anti-virus✔Reduced attack vectors by configuring anti-virus servers and monitoring agents on user computers ✔Led the implementation of Information Security restrictions on users PCs to enforce security

► Team member for several software systems analysis and development projects travelling extensively and globally to monitor systems, train and support 1500+ employees from all continents

► Developed and maintained strategic software systems that bridged the gap between provisional mission budgets and actual mission costs helping to monitor and control the execution of missions generating substantial cost reduction and consequently maximizing profits; provided expert advice and technical expertise on client projects.