As Chief Information Security Officer (CISO), reporting directly to the CIO, I worked closely with leadership teams across functions, divisions, and locations to lead and implement a comprehensive Corporate Information Security program. Our primary objective was to address and remediate a critical credit card data breach while ensuring the ongoing protection of the company’s information assets across all business units.
My responsibilities included establishing and maintaining an organization-wide information risk management program, along with the creation of a robust framework to manage and mitigate security threats. I took a proactive role in identifying, assessing, and protecting against global information security risks, all while ensuring strict adherence to compliance and regulatory standards, including GDPR, PCI DSS, and other industry-specific mandates.
I played a key role in building the organizational structure necessary for managing information security across the enterprise, including defining roles, responsibilities, and workflows that ensured effective risk mitigation and governance. My team and I worked diligently to strengthen the company’s security posture by implementing advanced security protocols, conducting risk assessments, and continuously monitoring systems for vulnerabilities.
In addition to risk mitigation, I was responsible for reporting on the security posture to the Board of Directors and senior management, providing transparent updates on progress, incidents, and ongoing risks. The strategic approach I led was designed to not only meet compliance standards but also to embed security best practices into the company’s culture, thereby safeguarding sensitive information and reinforcing trust with customers, stakeholders, and regulatory bodies.