Strategic IT Cybersecurity, Governance, Risk & Compliance Leader
Resume:
THOMAS E. PEOPLESmcast.net
*************@*******.*** 281-***-**** Houston, TX LinkedIn Profile
Cybersecurity, Risk and Security Governance should not be about telling stakeholders “No”, but rather, “how do we get to yes,” by innovating tailored solutions that meet the requirements of controls and regulations that fit the needs of the business. Using this approach, my teams have successfully driven transformation, implemented automated risk solutions, strengthened security and security frameworks, and improved organizational resilience.
As an accomplished and passionate IT Cybersecurity, Risk and Security Governance Leader with extensive experience in developing enterprise-wide security frameworks, strengthening compliance, and mitigating cyber risks that focus on the enterprise I’ve succeeded in these goals. However, I do not believe in one size fits all for every enterprise or every individual issue. Significant input from all stakeholders and strong business acumen is necessary to drive success based on the needs of the business and all its stakeholders. Without this core understanding and strong partnership, there cannot be a value add to the business.
AREAS OF EXPERTISE
IT Transformation IT Risk Management Cybersecurity Governance Security Risk Assessment Cloud Security Strategy Cloud Engineering DevSecOps Implementation Governance, Risk & Compliance Third-Party Risk Management IT Control Frameworks Enterprise Risk Management Security Awareness Training Compliance and Regulatory Alignment Incident Response Leadership Digital Transformation Security Vulnerability Management Business-Aligned Cybersecurity
KEY ACCOMPLISHMENTS
•Transformed an undeveloped IT GRC team from 1 to 9 members, significantly enhancing cybersecurity risk management capabilities and strengthening enterprise-wide governance.
•Designed and deployed enterprise-wide risk framework, aligning IT controls with NIST, GDPR, HIPAA, PCI DSS, and ISO 27001, assuring compliance across 66 countries.
•Led the successful transformation of a new GRC system, improving operational efficiency, transparency, and stakeholder engagement in risk and compliance management.
•Developed and enforced governance policies for AI, third-party risk, and information classification, enhancing security governance and aligning with industry best practices.
•Built and led a global team of Technology Risk/Control Managers, improving risk visibility, accelerating remediation, and driving a culture of continuous improvement in cybersecurity.
•Budget leadership including Statement of Work, RFI/RFPs, and business cases, ensuring alignment with cross functional teams.
•Mentored my team and stakeholders to advocate for ethical and strong transparent security practices.
•Committed myself and my teams to innovation and automation.
PROFESSIONAL EXPERIENCE
Motiva Enterprises LLC 03/2023 – 02/2025
Digital Security Manager Head of Governance, Risk & Compliance
Transformed an underdeveloped IT GRC team into a first-class organization that led initiatives, aligning cybersecurity strategies with business strategies, regulatory, and industry frameworks. Built and scaled a high-performing governance team, enhancing enterprise risk management. Designed and implemented policies for third-party risk, AI, and information classification, strengthening security governance. Spearheaded the transition to modern GRC system, improving transparency and operational efficiency. Fostered culture of security awareness and professional development, driving risk mitigation efforts across the organization.
Expanded the IT GRC team from 1 to 9 members, enhancing cybersecurity risk management capabilities which allowed for risk reduction to the firm which will continue to have significant cost, time, and project savings to the firm for multiple years by:
Fully cataloging all applications and third-party relationships.
Complete assessment of all applications and third-party relationships along with reassessment schedule.
Automation of control Testing.
Creation of audience specific actionable metrics including KPIs and KRIs.
Development of new Training and Awareness for new and material changes to Policies and Standards.
Established IT Risk Management Framework and GRC Charter, improving risk transparency and decision-making.
Elevated cybersecurity maturity posture in under six months, strengthening risk management and compliance across the organization.
Eliminated eight-month backlog of risk assessments by implementing structured SLAs for both submitters and reviewers, enhancing efficiency and accountability.
Led a successful migration to new GRC system, improving operational efficiency and stakeholder engagement.
Developed and enforced governance policies for AI, third-party risk, and information classification.
American International Group (AIG) 11/2020 – 11/2022
Vice President of Technology Risk & Control Governance
Led global IT risk and security governance, integrating automation and transparency into risk management. Cultivated strategic partnerships with executive leadership to align risk strategies with corporate goals. Developed and implemented technology risk management strategies, aligning with regulatory requirements, industry frameworks, and business objectives to strengthen the organization’s security posture. Led enterprise-wide IT risk management and governance initiatives, aligning cybersecurity strategies with regulatory requirements, industry frameworks, and business objectives to strengthen the organization’s security posture.
Built and led a global team of Technology Risk/Control Managers, improving risk visibility and remediation.
Established real-time risk dashboards, enabling data-driven decision-making. Drove DevSecOps automation to streamline cloud security governance.
Strengthened IT governance by complying with NIST, ISO 27001, COBIT, GDPR, and other frameworks.
Developed and governed automated CI/CD cloud pipeline, enabling 2K automated deployments daily, streamlining software delivery, and enhancing operational efficiency.
Designed and implemented KRI and KPI metrics for leadership, leading to significant cost avoidance and improved data-driven decision-making in risk management.
AIG Consumer Business 02/2016 – 11/2020
Vice President Global Personal Insurance Technology Risk & Controls Lead
Led external vulnerability management efforts, optimizing remediation processes. Provided strategic oversight on IT risk, vendor assessments, and compliance initiatives, adhering to industry standards. Led the development and execution of a global technology risk and control framework, complying with industry standards and regulatory requirements. Oversaw risk assessments, vendor security evaluations, and control testing, collaborating with business leaders to enhance cybersecurity governance and mitigate emerging threats. Collaborated with executive leadership and cross-functional teams to embed risk-aware culture, improve third-party risk management, and drive security governance across global business operations.
Led risk governance across 66 countries, enhancing security posture for global insurance operations.
Developed risk management framework, aligning IT controls with NIST, GDPR, HIPAA, PCI DSS, and ISO 27001.
Designed external vulnerability management program, strengthening risk mitigation strategies.
Enhanced security governance by integrating best practices from COBIT, ITIL, and other regulatory frameworks.
Improved vendor and application risk assessments, strengthening compliance and remediation efforts.
AIG Consumer Business 03/2014 – 02/2016
Director Group Business Information Security Officer
Led global information security strategies, aligning risk management with regulatory and business requirements. Strengthened governance frameworks to mitigate enterprise risk. Advised senior leadership on security initiatives, complying with industry standards and regulatory mandates. Developed and enforced cybersecurity policies and frameworks, aligning with ISO 27001, COBIT, NIST, and ITIL best practices to protect financial services operations. Partnered with executive leadership to integrate security strategies into business objectives, enhancing data protection, regulatory compliance, and enterprise risk management.
Managed security programs across 100+ countries, protecting diverse financial services operations.
Strengthened risk governance for the largest financial distribution network, supporting 300K+ professionals.
Developed cybersecurity initiatives to protect high-net-worth clients and critical financial systems.
AIG Life & Retirement 01/2012 – 03/2014
Manager Information Security
Led initiatives to align cybersecurity strategies with regulatory mandates and industry best practices. Oversaw vulnerability assessments, threat management, and incident response operations. Partnered with cross-functional teams to embed security awareness into business processes. Managed security governance, risk, and compliance (GRC) programs, aligning cybersecurity initiatives with business and regulatory requirements. Led threat management, vulnerability assessments, and incident response efforts to enhance the organization's overall security posture.
AIG American General 12/2006 – 12/2011
Senior Information Security Analyst
Led enterprise-wide security initiatives, aligning IT governance with regulatory requirements. Strengthened risk management and compliance frameworks to protect critical business systems. Managed cybersecurity operations, including threat intelligence, vulnerability assessments, and incident response. Advised senior leadership on security strategies, enhancing business-aligned security programs. Provided technical leadership on vulnerability management, focusing on security response capabilities. Fostered security awareness programs, in line with organizational understanding of cybersecurity risks.
Designed and implemented security frameworks, complying with ISO 27001, NIST, and COBIT.
Managed enterprise risk assessments, strengthening security posture across business operations.
Developed cybersecurity programs, integrating threat management with strategic business initiatives.
Aegis Mortgage Corporation 08/2005 – 12/2006
Sarbanes-Oxley Compliance Analyst
Led Sarbanes-Oxley (SOX) compliance initiatives, aligning with regulatory requirements. Conducted internal control assessments, identifying risks and remediation strategies. Developed IT and financial risk management frameworks, strengthening governance across business functions. Provided compliance advisory to leadership, enhancing regulatory adherence and operational efficiency. Conducted risk analysis and control evaluations focusing on governance and regulatory adherence. Advised leadership on IT governance in line with regulatory compliance initiatives.
Led SOX compliance assessments, strengthening IT and financial control frameworks.
Developed and implemented internal audit strategies, driving risk mitigation efforts.
Collaborated with cross-functional teams to integrate SOX requirements into business operations.
ADDITIONAL EXPERIENCE
Infrastructure Security Engineer (IT Officer) – Amegy Bank of Texas
Technical Services Manager (IT Officer) – Amegy Bank of Texas
CRM/eBusiness Design Lead (Senior) – Arthur Andersen LLP
Advanced Desktop Support Lead (Senior) – Arthur Andersen LLP
EDUCATION
Master of Business Administration (MBA), Baylor University, Waco, TX
Bachelor of Science in Accounting, University of Houston, Clear Lake, Clear Lake, TX
CERTIFICATIONS
CISSP – Certified Information Systems Security Professional (Current)
CCSP – Certified Cloud Security Professional (Current)
CRISC – Certified in Risk and Information Systems Controls (Current)
CGEIT – Certified in the Governance of Enterprise IT (Current)
CDPSE – Certified Data Privacy Solutions Engineer (Current)
CISM – Certified Information Security Manager (Current)
CISA – Certified Information System Auditor (Current)
C EH – Certified Ethical Hacker (Current)
CC – Certified in Cyber (Current)
SP – Certified SAFe 4 Practitioner (Current)
ALMI with Honors – Associate Life Management Institute (Current)
ACS – Associate Customer Service (Current)
Contact this candidate