Hello,

My name is Robert Plaenk. I am applying for the position Chief Information Security Officer at MCAN. I am currently employed at Check Point Software Technologies Ltd. as a Security Sales Engineer on the Strategic Team and previously I was employed at CIBC as Director, Information Security.

I have been actively engaged in IT for 24 years and in Information/Cyber Security for 21 of those years. I currently hold CISSP and CISA certifications in good standing; I also currently hold numerous technical vendor certifications. My roles have been diverse and ever-growing, starting as help desk analyst, advancing through Level II support, to Integration Engineer on the technical side. This involved IT and Security infrastructure – core and perimeter networking and security architecture, support, upgrades, maintenance, change management, as well as teaching and facilitating about security devices (hardware and software) to clients and mentoring junior staff.

At BlackBerry, I was involved in GRC, starting as a Policy Analyst, developing, updating, and conducting gap analysis to ISO 27001/2, PIPEDA, and PCI as well as, interpreting corporate policies. I developed the business unit’s Business Impact Assessment (BIA) and Business Continuity Plan (BCP). I then went to the Risk Management team, where I led the change from a compliance-based program to risk-based risk management program for the company, globally. This involved leading a geographically dispersed, international team of highly talented and skilled security professionals. This also led to my development of a Risk Register to be used globally throughout the company. I led a group of Risk Analysts to develop a risk management framework; as well, I drove the program to further implement our Risk Register into the Archer eGRC tool. I was then promoted to Senior Policy & Risk Manager, where I led both teams, globally.

At Primus, as the Senior Manager, Information Security, I have been instrumental in development of an entire global security program, from conception to implementation. I have led the creation of a new canon of security policies, standards and baselines; I have led the creation of an entire security awareness program, Risk Management Program and developed the processes for the program, as well as being instrumental in garnering new technology to aid in upgrading Primus’ security posture. I was the SME regarding all things related to cyber and information security, to all senior and executive management, particularly when relating to PR campaigns regarding security; as well as the ‘go-to’ person for any questions regarding security within the company. As well as a general security awareness program which has seen an immediate reduction in corporate virus infections of 70%; I have also created a PCI awareness program including training slides and mandatory test for Customer Service Agents, which has seen an initial 97% compliance rate, followed up with 100% compliance on passing the test.

Recently, at CIBC, I was a Director, Information Security, and I lead a team of highly skilled security professionals in the development of hardening standards used by the enterprise as a whole; update and develop security standards and policies; as well as lead the regulatory oversight team regarding any new regulations pertaining to cyber security, in any jurisdiction that the bank has a subsidiary, or in some way carries out business. This role was a highly visible role which involved reaching out and collaborating with all business units, particularly in technology, as well as other financial institutions, nationally and internationally.

At Lyrical, I was a Senior Advisor on the Risk and Compliance Advisory Service, where I worked with companies globally to help them acquire compliance with their required regulations.

Most recently, I took a position with Check Point, which was more of a technical / sales position where I would have the opportunity to deal with executives on a global level. In this capacity, I managed to be instrumental in saving a large global strategic account that was threatening to no longer be a Check Point customer.

Throughout my career, I have been leading geographically dispersed teams of technical and non-technical people and mentoring staff on a global scale. In fact, one of my great accomplishments very early in my career was singlehandedly training an entire help-desk crew of new hires, while still maintaining the business’ SLAs for clients. The trainees were very successful, and were up to speed in a very short time.

Other successes that I have had over my career include:

-At Check Point, I was instrumental in keeping a large, global client from leaving Check Point and using another vendor.

-At Lyrical Security, I lead a global multinational company; headquartered in the United States to achieve NIST SP 800-171 compliance (this is regarding Controlled Unclassified Information or CUI and is U.S. specific.)

-Lead the team at CIBC, which was responsible for global regulatory oversight as it pertains to cyber security.

-Develop the processes at CIBC, to ensure that we are kept abreast of all regulatory changes globally.

-Developed an entire security program – Awareness, Risk Management, Vendor Assessment, and Corporate Security Policy at Primus Telecommunications Canada Inc. as there was none when I started.

-Developed a Security Awareness Program - This saw an immediate drastic reduction in infections.

-Developed a PCI Awareness program – seeing 97% compliance within 3 months – 100% within 4 months.

-Created a Security Steering Committee at Primus, comprising members from senior leadership to ensure ongoing collaboration throughout the enterprise between Security and internal business units which are dispersed globally. Meetings were held monthly to ensure the program kept on track with action items for everyone.

-Collaborating and liaising with all internal teams to ensure security of all customer information and credit card data.

-Led the development of, and owned the defacto Risk Register for BlackBerry to be used globally.

-Led the development of ‘Top 5’ process for business units with higher number of risks.

-At NCI I successfully replied to RFP’s resulting in hundreds of thousands of dollars of new business for my employer in the first year.

-New product testing which caused the manufacturer to create 4 new firmware revisions based on my testing.

-First engineer at AT&T Canada to successfully create a firewall cluster between two firewalls which were, not only on different networks, but in different geographical locations.

I have worked with external clients and internal clients. I have had public speaking engagements where my audience numbered over three hundred. Many team mates have been globally dispersed. Many clients I dealt with were also globally dispersed which presented numerous challenges. I have had audiences with senior and executive leadership in many of my roles, including my current one. I believe my numerous years of experience in both technical and GRC roles have prepared me for the challenges that a global organization such as yours could provide. I also believe that my leadership ability would be ideally suited to help your organization through many of the projects and challenges that it will encounter in the future.

I look forward to discussing my qualifications with you at a mutually convenient time.

Sincerely,

Robert Plaenk, CISSP, CISA

Contact this candidate