Chief Information Security Officer
Auckland, New Zealand
Established a new cyber executive role within a IT shared service organisation delivering security to New Zealand's largest healthcare network including nine data-centers, 350 locations, 30K users accessing 40K interconnected devices. Be an "ambassador for cyber" and create a "culture of security". Broker security strategy and policy in a challenging, complex and poorly defined governance structure of four equal shareholders operating against differing Key Performance Indicators.
- Established a security baseline through cyber audit and assessment
- Developed security program and published cyber remediation plan
- Aligned security spend with risk elevating funding from 0.5 to 5% of operating budget.
- Created security monitoring and security operations strategy
- Chair of Regional Security Forum driving strategic policy and initiatives in a highly complex governance structure under competing initiatives
- Elevated the Risk Management discussion from IT risk focus into business risk focus
- Established mature security review process for product release
- Advanced key security policy development
- Established executive security reporting system