Global Chief Information Security Officer (CISO), 2018-Present
Reporting to the Chief Information Officer (CIO), accountable for overall Strategy, Vision, Thought Leadership, Risk Management, and Program Governance for Cybersecurity centrally, across the EBSCO Industries global portfolio of companies.
Successfully created a Global Cybersecurity Capability, to include: Identity and Access Management (IAM), Architecture, and Engineering, Threat & Intelligence, Governance, Risk, and Compliance (GRC), Security Operations (SOC/CIRT), Computer Security Incident Response Team (CSIRT), Crisis Management Process (include CEO, COO, CFO, CLO, Communications, and BOD), all centrally managed serving the portfolio of EBSCO businesses globally.
- Aligned and Increased Existing Under-utilized Capabilities Identified and removed duplicative spend across existing solutions. Initiated technical architecture. Built ongoing engagement process with vendors, and gained capability across all existing solutions.
- Initiated Multiyear Roadmap Based on Risk Across Diverse Portfolio Based loosely on NIST and ISO 27001 frameworks, performed risk assessment as foundation to drive creation of multiyear roadmap for Cybersecurity. Roadmap to include process, technology, and governance creating a comprehensive approach for continual maturity.
- Staffed and Aligned Cybersecurity Talent In addition to building career pathing, new job descriptions, creating functional areas, and a few external hires, identified internal resources with ‘passion’ to grow through self-learning and structured training plans.
- Created Governance Structure Across Enterprise To include alignment with BOD, Executive Committee, Newly formed Risk Committee, and Information Security Management System (ISMS) representing each of the 28 portfolio businesses for Risk review, policy ratification, and roadmap review / approval.