Director of Enterprise Security Architecture

Tony Grimshaw

MIET, CISSP

*********@***.*** 857-***-****

A highly effective and motivated security professional with extensive experience delivering business value by

enhancing how security is perceived and leveraged as a business enabler.

Successfully created and drove the vision of the enterprise security target architecture, associated designs, and the

implementation of security solutions for a Fortune 200 company for over a decade

Visionary strategist and technical thought leader across multiple industries: financial services, telecommunications,

and network & computer manufacture, including experience with two start-ups.

Successful technical leader of cross-functional teams that evaluate, design and deliver enterprise level solutions.

A continuous learner who excels at evaluating complex technical issues, conveying valuable insights, and proposing

creative solutions using appropriate technology and processes to meet current and future business objectives.

Security Architecture & Design Information Risk Management/Policies Cloud, Mobile, BYOD

IT & Security Strategy Business and IT Partnerships Vulnerability Management

Cryptographic Solutions Identity Management & Access Control Agile Frameworks Kanban Scrum

Communications & Networks Application / End Point Security PCI, NIST, ISO7001, SOX

CAPITAL ONE, Boston MA, & Richmond VA. 1999-2014

Capital One is a diversified top ten bank and a Fortune 200 company that offers a broad range of financial services

in the USA and UK.

Director of Enterprise Security Architecture/Master Technology Architect (2003 – 2014)

Chief security architect for Capital One. Leading a team to deliver tangible business value while advancing the

security architecture practice and improving the security posture across the organization in the USA & UK.

• Providing enterprise wide technical leadership to identify and address security and risk management concerns across multiple

lines of business – credit card, retail & commercial banking, mortgage, auto finance, and brokerage services – enabling the

business to adopt consistent security capabilities and practices that improved operational outcomes and lowered risk.

• Led my team to leverage security architecture practices and provide subject matter expertise and oversight on big complex

projects, as Capital One changed from a mono-line credit card company to a highly diversified financial services organization,

maximizing business value, and minimizing costs.

• Established and maintaining a rolling three+ year holistic vision/gap analysis of the enterprise target state for security

capabilities. Evaluated, proposed and implemented solutions to simplify security infrastructure and processes to support

emerging business objectives, while lowering security and IT operational costs.

• Led strategic and technical work-streams to provide incisive decisions for a multi-million dollar, multi-year, multi-stream PCI

transformation program in the USA and UK.

• Defined and led the adoption of a consistent approach to acquisition integration. Focused on designing and delivering

reusable infrastructure that avoided a recurring $2M cost for each acquisition and lowering risk.

• Defined “don’t take your baggage to the cloud” security solutions to enable business & IT cloud migration.

pg. 1

www.linkedin.com/in/tonygrimshawcissp/ 4.9t

• Created and led a virtual "swapshop" team of engineers and architects across multiple lines of business that for five years

promoted communication and collaboration for solving infrastructure problems across the USA/UK.

• Led the creation of an architecture for an information based strategy/design for security analytics using Hadoop.

• Identified and resolved security concerns in the use of VMWare/virtualization by: partnering with engineering groups,

vendors and senior management; drafting a security standard to redirect rollout; and avoiding a virtualized environment that

would have elevated operational risk and been expensive to remediate.

• Gave legal depositions as a subject matter expert in several patent infringement claims.

• Member of the architectural council - project oversight, standards owner, architectural control and governance.

• Evaluated security-related VC opportunities for Capital One’s venture capital group in Boston.

Senior Information Security Architect (2002 – 2003)

Established security architecture as a practice within Capital One. Developed methodologies and frameworks that

enabled business agility while balancing information protection/risk and delivering clearer security requirements

and capabilities earlier in the design process.

• Changed the culture and conversation across IT and the business in their approach to security by creating a capability-driven

security architecture, security domain models, use cases and patterns & standards.

• Enabled the business to move securely into new opportunities by delivering current state assessments and formulating a target

vision and how to reach it – requirements, design, roadmaps.

• Proposed a $7M network zoning strategy and delivered detailed designs to migrate from an ad hoc infrastructure to one

focused on environmental consistency that reduces cost, simplifies operations and compliance, decouples SLAs, improves

time to value, and reduces threat surfaces and organizational risk posture.

• Identified risk issues during the 100 day acquisition integration of a medical loan company, then resolved over 56% of the

issues within the first nine months.

Senior Information Security Consultant (2000 – 2002)

Global information risk management role covering USA, UK, France, and People’s Republic of China.

• Provided enterprise-wide leadership across multiple lines of business in the USA and UK to solve security and risk

management concerns relating to global acquisitions, and strategic/big complex projects.

• Delivered custom security and IT consultancy to acquired companies, defining and designing security solutions to reduce

their overall risk posture, achieve tighter business integration, and lower cost.

• Contributed to change in the security industry by working closely with several major security software manufacturers to

address functionally and usability issues in their designs.

• Performed on-site risk assessments of an acquired software development company in Shanghai, and developed mitigation

strategies and technical designs for communications and information sharing.

• Mitigated risks associated with a multi-million dollar rollout of large scale IT monitoring service.

• Established, recruited for, and led the information security group for Capital One in the UK, while providing consultancy on

new cyber-defenses for the UK's eCommerce presence, and fraud control.

PREVIOUS CAREER SUCCESS:

Information Security Consultant - Intellos/Reuters; Systems Architect/Technical & Security Authority - Energis

Communications; Software Design and Security Consultant - Xternal Associates; Principal Software Engineer -

Digital Equipment; Electronic Design Engineer -International Electronics.

pg. 2

www.linkedin.com/in/tonygrimshawcissp/ 4.9t

PROFESSIONAL TRAINING

Sportsmind - Achieving Global Results, Leadership with Presence, Leadership Challenge, Extreme Hacking, Threat

Modeling, Mobile Security Development, Agile Development, IBM eBRA Architecture Modeling. C, Java languages.

TECHNICAL SPECIALITIES

Strategy, Consultancy, Risk Management, Enterprise Security Architecture, Identity Management, Access Controls, Threat and

Vulnerability Management, Network Security, Communications, eCommerce, Application Software Security, End Node

Protection, Active Directory, Mobile, Remote Access, VPN, Wireless, Cryptography, PKI, Federation - SAML, OATH, OPENID,

SOA, REST, FIDO, JSON, Cloud Security, Hadoop, Private & Public Clouds (IaaS, PaaS, SaaS), Virtualization, Data Center

Design, Acquisition Integration, Agile Methods, SIEM, Cybersecurity, Project Management, Team Leadership, Mentoring,

Systems Integration, Emerging Technology, NIST, FFIEC, PCI DSS, HITECH, SDLC, Hardware Design, Software Engineering,

Real-time Design, Troubleshooting, Telecommunications, Operating Systems. C, Python, Java, Assembler.

EDUCATION

BSc Hons Electronics & Computer Science, Sheffield University, UK.

PROFESSIONAL ORGANIZATIONS

Certified Information Systems Security Professional ISC2 – CISSP, Member of the Association of Computing

Machinery, Member of the Institute of Engineering & Technology – MIET.

pg. 3

www.linkedin.com/in/tonygrimshawcissp/ 4.9t

Contact this candidate