Alignment of information security and data privacy programs with
business plans, IT plans, product and service roadmaps,
enterprise risks, and legal and standards requirements.
Development of information security and data privacy strategic plans including vision, mission, multi-year objectives, and current year goals.
Preparation of information security, data privacy, IT audit, and
compliance guidance documents - including policies, standards,
procedures, work instructions, and process maps
Preparation of the business case for information security and data privacy investments and projects (justification and prioritization)
Optimization of information security, data privacy, IT audit, and compliance organizational structures and their linkage to the rest of the organization
Development and delivery of security and privacy awareness and training materials
Development of strategies and plans for effectively managing
compliance with requirements from multiple sources (e.g., laws,
regulations, and industry standards such as HIPAA/HITECH,
GLBA/FFIEC, 201 CMR 17.00, Payment Card Industry Data Security
Assistance with practical risk-based adherence to various security and privacy frameworks standards (e.g., ISO 27001/27002/27005, NIST 800 series, CObIT, SOC 1 / SOC 2 readiness, OpenSAMM, BSIMM, Privacy Shield, GDPR, Generally Accepted Privacy Principles, etc.)
Assessment of product development and security operations, program, and
Implementation or integration of security practices into development operations.
Evaluation of planned products and services (review of features vs. market needs, compliance risk evaluation, and threat modeling.)
Interim or fractional Chief Information Security
Officer (CISO) or Chief Privacy Officer (CPO) roles
Development, customization, and delivery of security awareness training, ranging from general security awareness for non-technical staff, to secure design and development practices for software product teams.
2311 N. 45th Street #212
Seattle, WA 98103