Information Security ConsultantProfessional Engineer - Client Service Focus - Proven Track Record
Private Sector Engagements
TMX Group Limited (TMX)
American International Group (AIG)
TC Energy (Formerly TransCanada Pipelines)
Telus Health (Formerly BCE Emergis)
Firelytics Network Analyzer
Public Sector Engagements
Bank of Canada
Payments Canada (Canadian Payments Association)
Office of the Superintendent for Financial Institutions (OSFI)
Natural Resources Canada (NRCan)
Environment and Climate Change Canada (ECCC)
Global Affairs Canada (Formerly DFAIT)
Public Services and Procurement Canada (PWGSC)
Canadian Blood Services
Ontario Clean Water Association (OCWA)
Managing your organization’s overall enterprise risk and compliance with industry recognized security regulations, controls, and best practices.
Aligning security recommendations and practices with business objectives, ensuring an appropriate level of engagement with stakeholders and contributors.
Developing a solid GRC framework including all related processes and procedures to manage security risk and meet compliance requirements.
IT Security Standards
Customizing industry recognized IT Security Standards, including NIST and ISO, for specific applicability to your organization’s IT environment.
Developing and maintaining a comprehensive set of IT security policies, directives, and guidelines to support and help implement standards.
Aligning polices with objectives for the IT security program and broader IT roadmap and strategy to build a foundation that will withstand evolving threats.
Ensuring that security is adequately considered and built into each phase of every system development lifecycle (SDLC), particularly from initial phases.
Enabling and managing security assurance activities such as penetration testing, code review, and architecture analysis as an integral part of the development effort.
Writing security requirements and merging them with functional requirements, or performing an threat modelling and risk analysis during design phases.
Effectively engaging executive sponsorship and formal backing for security considerations in project management, scope, objectives, and strategy.
Executing responsible oversight for application design, development, and integration and transitioning to operational management.
Completing projects by coordinating resources and timetables with stakeholders, departments, operations, and data center.
Developing operational procedures and standards for enterprise information security monitoring, detection, analysis, response.
Defining plans for incident response to manage malware threats, malicious attacks, network disruptions such as DDoS, and post-incident investigation and forensics.
Assessing, designing, and operationalizing complex and distributed delivery models of security operations, including cloud, SaaS, and SOC-as-a-service.
Identifying and assessing your organization’s critical information technology assets, data, and processes, that if compromised would have a major impact on business operations.
Identifying threats that would affect the ability of business functions to operate, cause damage to business reputation, or incur legal liability due to regulatory non-compliance.
Conducting internally managed security audits on your organization’s compliance programs to reduce the challenge of formal audits, and identify issues within existing policies and governance.
Developing cloud migration strategy, addressing technical, functional, legal, procurement, security, and operational needs of the organization.
Assessing technical environments for cloud security compliance and attestation, including controls assurance for defined sets of service provider’s systems.
Integrating patterns and reference architectures with security standards, disaster recovery, continuity, DevOps, and application management.