SIMON DITCHAM, CISM, CISA, CERP

Boston, MA ***** 978-***-**** ad0jtw@r.postjobfree.com linkedin.com/in/simonditcham INFORMATION SECURITY EXECUTIVE

Experienced leader with extensive experience with security, privacy and technology. Led global teams up to 400 people in financial services in the retail and commercial banking, investment, and wealth management sectors. Delivered large- scale security and technology transformations, including cloud implementations, merger integrations, and regulatory / compliance initiatives. Deep understanding of financial services business processes and corporate finance. Industry SME on privacy regulations and cybersecurity controls. Expertise building new teams, projects and programs, leading strategic change and solving complex problems. Very comfortable in global and commercial environments, negotiating with senior internal and external stakeholders up to C-level, and being involved in the sales cycle. AREAS OF EXPERTISE

Security Programs: Product / Application Security Cloud Security Identity and Access Management Data Privacy Data Loss Prevention Physical Security Zero Trust Third Party Risk Security M&A / Due Diligence Compliance: NIST CSF NIST 800-53 PCI-DSS SOC II (Type 1 / Type2) HIPAA GDPR CCPA GLBA FFIEC NYDFS

Sarbanes-Oxley (SOX) Dodd-Frank Volcker MiFID Technologies: SaaS IaaS PaaS AWS Azure, GCP Windows Linux Mac OS EXPERIENCE

BANK OF THE WEST / BMO, Boston, MA 06/2022 - Present SVP, Information Security

Reported to the CISO managing information security programs with 420 people and $70M+ budget through separation from BNPP and integration with BMO. Operational responsibility for all aspects of the security program including cyber security, physical security and business resilience. Drove significant remediation, growth and improvements in key areas such as data protection, application security, vulnerability and configuration management, access management, governance / risk / compliance, cybersecurity operations and third-party vendor management. Presents quarterly reporting to the Executive team and helps prepare quarterly Board reporting.

• Consolidated information security functions under the CISO and a single program.

• Hired 30 cyber staff in 6 months to improve core functions, remediate deficiencies and drive integration with BMO.

• Assumed operational management of access management, application security, vulnerability management, security architecture and business information security functions and successfully addressed security weaknesses identified by regulators and auditors.

• Established working groups and committees strengthening collaboration with key partners including IT, secondline risk management, and audit.

• Built and led a team focused on decoupling the Bank of the West information security program from BNPP and integrating with BMO. Developed and implemented integration, retention and decommissioning plans for people, tools, data. Ambassador for Bank of the West staff, assisting with skill development and placement at BMO. SANTANDER US, Boston, MA 04/2018 - 06/2022

SVP, Head of US Information Security Governance, Risk and Compliance Managed 60 people responsible for the security governance, risk and compliance, access management and BISO programs for a 16k person global financial services business. Chief of Staff for US CISO and 4 Business CISOs. Managed the US InfoSec Program governance, risk and compliance. Participated in executive information security and compliance committees, regularly interacting with US and Global Santander executives.

• Built US-wide FFIEC / NIST-based InfoSec Program, consolidating 5 different business programs and doubling the staff to 250+ and the annual budget to $70M.

• Implemented program governance including 600+ requirements database, compliance tracking and reporting, information security and privacy executive committees, annual report to the Board, regulatory and audit exam management, policies / standards, and a Written Information Security Program (WISP).

• Remediated and closed all outstanding regulatory and audit findings, achieving GLBA and NYDFS compliance.

• Developed strong working relationship with Internal Audit and Regulators.

• Advanced overall US Program security control maturity from FFIEC sub-baseline to Intermediate in 3 years.

• Established US-wide employee and client training, education and awareness programs including phishing simulation campaigns focused on ransomware, social engineering and business email compromise.

• Established cyber risk assessment and management processes based on NIST / CIS best practices including Risk Control Self Assessments (RCSAs), CIS / MITRE cyber risk and vulnerability profilin. Built a strong partnership with Second Line of Defense (information and operational risk management, compliance, privacy).

• Implemented a Monthly Operational Review process to review key management metrics (KRIs / KPIs) improving the operational effectiveness of the InfoSec program.

• Implemented a Business Information Security (BISO) Program with business executives across the bank STATE STREET BANK, Boston, MA 10/2009 - 04/2018

VP, Global Markets Technology

Managed derivatives, fixed income and FX systems and $20M budget supporting global markets Trading business. Interacted with global markets business head, CIO and COO on regular basis.

• Managed trading systems, ensuring compliance with corporate information security and IT risk and control policies, and Dodd-Frank, Volcker, EMIR / MiFID, and central clearing regulations.

• Represented FX systems in IT risk and compliance, business continuity, and first line of defense compliance working groups, as well as numerous regulatory and internal audits.

• Built and led FX Technology PMO to establish metrics-driven portfolio management discipline and transition 30 global teams to Agile development enabling 300+ releases year.

• Built a global team of 100+ staff, including 25 new hires and 75 contractors in US, London and China as part of a 5- year strategic plan to re-engineer core FX systems.

• Led business critical program to migrate core FX trading platform to vendor ASP platform with high- availability architecture to support business expansion.

• Led selection and implementation of new global Fixed Income Derivatives trading technology including Summit, Bloomberg and Broadridge systems to support new business launch. J.P. MORGAN CHASE, Lowell, MA 04/2002 - 10/2009

Executive Director, Treasury Services Technology

Technology delivery management for $2.1T global financial services firm including planning, system analysis, architecture, development, testing, production support, and infrastructure upgrades. Managed $12M budget and supervised 120 employees and contractors worldwide.

• Built self-administration system designed to manage access for >120,000 users to 400+ Treasury and Securities Services applications via web portal.

• Defined industry-leading system using commercial workflow management and authorization technologies.

• Managed Global Liquidity systems reporting into Treasury CIO. Successfully led systems and teams through 18- month merger between Chase and JPMorgan.

• Managed development and conversion to new file transmission management platform leveraging Internet B2B

(webMethods) technology to reduce operating costs by millions of dollars.

• Reduced legacy system production issues 70% by increasing capacity, stability, and code quality. ADDITIONAL RELEVANT EXPERIENCE

PFN Inc., Cambridge, MA

Vice President of Client Services

FIDELITY INVESTMENTS, Boston, MA & Merrimack, NH

Director, Information Systems

SEER TECHNOLOGIES, New York, NY & Cary, NC

Senior Consultant, Advanced Lab Supporting Sales

MORGAN STANLEY, New York, NY

Systems Developer

Simon Ditcham 978-***-**** ad0jtw@r.postjobfree.com Page 2 EDUCATION

Bachelor of Science (BSc) Applied Geophysics and Engineering Geology, with honors Exeter University, Exeter, UK

SIFMA Securities Industry Institute Graduate, 2018 The Wharton School

TRAINING AND DEVELOPMENT

Certified Enterprise Risk Professional CERP 2020

Certified Information System Auditor CISA 2021

Certified Information Security Manager CISM 2021

TOOLS

CrowdStrike Akamai Symantec DLP Carbon Black SailPoint CyberArk Ping Titus Veritas Delphix Qualys Splunk SIEM Heracles Archer Hiperos Bloomberg TOMS Summit FT Wall Street ION Fenics TradeSTP SmartStream SuperDerivatives EBS Reuters NEX Traiana MarkitWire MS Office/Project/Visio ClearCase HP Quality Center LoadRunner Sharepoint iPlanet Weblogic Actuate Rational Team Concert Pega PRPC EDI webMethods Oracle DB SQL Server Sybase SQLAnywhere MS Access DB2 Adabas J2EE Web2.0 HTML XML SPML FpML FIX TOF SQL Crystal Reports Exstream Dialogue Visual Basic. Simon Ditcham 978-***-**** ad0jtw@r.postjobfree.com Page 3

Contact this candidate