Post Job Free
Sign in

Cyber Security Information

Location:
Toronto, ON, Canada
Posted:
June 07, 2025

Contact this candidate

Resume:

Leadership in Information Security Governance, Risk And Compliance

IT security professional with 14+ years of experience directing and delivering a variety of corporate IT / cyber security risk and compliance and remediation initiatives. A proficient ability to articulate business impacts to executive management. Hands - on experience managing, delivering and supporting cyber security risk remediation programs across all three lines of defense. Driven to educate and develop enterprise teams in identifying and managing Information Security risk and appropriate Information Security controls to mitigate them.

Professional

Experience

Project Manager Senior Information Security Specialist (contract), Canadian Tire Corporation, Toronto Mar’19 – present

Revamp, manage and deliver CTC’s Cyber Security Risk, Control and Compliance management program.

•Developed an IT Security Risk and Compliance program by centralizing all IT security risk and compliance activities within ServiceNow.

•Established an IT Security Risk and Control Library aligned with industry best practices NIST CSF / ISO 27001 Annex A / NIST SP 800:53 (version 4 and 5).

•Established risk and control issue management program for ensuring the treatment and/or mitigation of risk and control gaps or issues.

•Established metrics and reporting mechanisms for providing visibility into CTC’s cyber security risk and control posture.

•Manage CISO’s CEO / CFO Certification and IT General Control Attestation Program within ServiceNow

•Led the remediation of all backlog of 1500+ penetration test findings from 2018 to 2019. This includes working with internal application and support teams to address and remediate external, internal and web application security penetration test findings.

•Manage Risk and Control Assessment Program for CTC’s Digital Crown Jewels.

Senior Business Technology Specialist (contract), Bank of Montreal, Toronto Jul’17 – Mar’19

A trusted advisor and IT risk lead for the CIO of BMO’s Digital Channels Technology solution delivery unit.

Selected accomplishment:

•Managed the Technology unit’s, IT / Cyber Security key performance and risk indicators and their continuous adherence to enterprise thresholds.

•Executive level reporting to highlight key IT / Cyber security risks and/or gaps and support decision making on appropriate remediation plan (risk acceptance / risk avoidance / risk mitigation) to undertake.

•Led the strengthening of technology unit’s risks and control posture by leveraging key enterprise operational reports and self-assessments to

•Led and directed technology unit’s IT / Cyber security risk remediation programs. These included managing the technology unit’s remediation of backlog of high risk internal / external vulnerabilities. Notably working with enterprise support teams to implement Meltdown/Spectre patches / fixes.

•Advised senior leadership teams on Technology Unit’s risk posture including top line and emerging risk.

•Supported the development and maintenance of Regulatory Alignment program (E.g., SOX, PCI, GLBA) for the unit that ensures existing and emerging regulatory requirements are understood, communicated and addressed to the management team.

Senior IT Advisor (Contract) - Canadian Tire Corporation, Toronto May’15 – Dec’17

A trusted advisor to Canadian Tire Corporation (CTC)’s Enterprise Risk Management (ERM) team.

Selected accomplishments:

·Performed a third-party risk assessment and provided recommendations for improving third party risk management to support enterprise’s digital transformation objectives.

·Utilized a risk-based approach (i.e., cost and complexity of services provided) to identify and recommend to the Assistant Vice President (AVP) of ERM, vendors / third party providers to include as part of the third-party management assessment.

·Developed framework for identifying risks related to the adoption and sustaining of fourth industrial risk technologies (Bitcoin, Artificial Intelligence, Robotic Process Automation, Internet of things)

·Interviewed Senior IT stakeholders across CTC business units namely; Mark’s and FGL; CT Bank, CT Retail and enterprise Dev/Ops teams to gain understanding of services delivered, identify gaps and threats posed by selected vendors.

·Assessed risks from a people (knowledge transfer and retention, capacity and capability), innovation, key business relationship (governance), cyber security (10 OWASP risk, cyber threats), information management, operational & regulatory adherence & compliance perspective.

·Utilized RCMP’s Harmonized Threat and Risk assessment in identifying threats and gaps. This also included tactical and strategic recommendations for remediating them.

Senior IT Project Manager (Contract), TD Bank Financial Group, Toronto Apr’15 – Nov’16

Engaged by Cyber Security and Technology Risk Remediation team to manage the delivery of key strategic initiatives in support of its cyber security roadmap. As a Senior IT Delivery Project manager, led the delivery of cyber security risk mitigation initiatives within the TD’s Unix / Linux server ($5M initiative) and database system environments ($2M initiative).

Selected accomplishments:

·Delivered $5M enterprise Unix and Linux Identity and Access Management (IAM) solution: Successfully led the delivery of solution to centrally manage user access and authentication of TDBFG’s globally distributed Unix and Linux (7,000+) server environment

·Delivered $2M enterprise vulnerability and activity monitoring solution: Successfully led and completed the delivery of IBM’s Security Guardium’s Vulnerability assessment and Data Activity Monitor solutions to TDBFG’s distributed database (MSSQL, DB2, ORACLE and MongoDB) server environment.

·Led and facilitated technical resource-based workshop sessions in identifying business requirements, design specifications, development / build plans and deployment / implementation plans.

·Led and managed all phases of the project from Initiation (PoC of solutions) to transition of implemented solution to production support stages.

·Led and facilitated discussions with key business sponsors and enterprise IT functional teams in defining functional and non - functional capability matrix to support key software (solution) selection criteria for a centralized enterprise Unix/Linux authentication and account management solution. This resulted in an 80% clarity of choice among the top six (6) contenders and narrowing down the vendor choices to two (2) providers (Centrify and Redhat’s Secure System Services Daemon - SSSD).

·Managed a phased approach for the deployment of solution to critical and non - critical systems

·Managed 3 solution (security) architecture teams during the definition of data, infrastructure including security architecture design plans in line with enterprise architecture.

·Identified servers with gaps that prevent completion of objectives and provided value add remediation recommendations.

Previous

Experience

IT Audit Portfolio Manager, Canadian Tire Corporation, Toronto May’13 – Mar’15

IT Advisory and Audit Manager, Ernst & Young (EY), Toronto Apr’ 08 – Apr’13

Business Analyst / Configuration Analyst, XWAVE, Saint John, NB. Apr’07 – Apr’08

Education &

Certification

·

·Certified Information Systems Security Professional 2023 - now

·Certified Information Systems Auditor - ISACA 2011 – now

·Bachelor of Science, Computer Science (Honors): Spec. Network Engineering

-University of New Brunswick, Saint John, NB, Canada 2003 – 2007

Technologies

&

frameworks

·Enterprise Distributed server environments - Unix, Linux and Windows

·Microsoft Azure

·Database server systems - Oracle, DB2 and SQL

·Jira, Atlassian, Confluence

·ServiceNow GRC Module, RSA Archer

·Programming languages - JAVA and PYTHON

·Secure System Development Practices (OWASP)

·Microsoft Office Suite+

·CA PPM (Clarity)

·IBM’s Guardium Database Vulnerability

·IBM’s Guardium Database Activity Monitoring

·Redhat’s Secure System Services Daemon

·Centrify Server Suite

·CSAE3416 / SSAE16 Audits

·SOC Control Report Development & Review

·PCI DSS (v2 & v3)

·COBIT, ITIL and PCI Maturity Programs

·ISO 27001 Information Security Management

·RCMP Harmonized Threat and Risk Assessment

·NIST Cyber Security Framework and Special Publication (SP) 800-53



Contact this candidate