Aug 2023 – Present · 2 yrs 7 mos · Melbourne, Victoria, Australia

Aug 2023 – Oct 2025 · 2 yrs 2 mos

• I developed the strategy for our game-changing Cloud Security and Continuous Assurance Product—encompassing 3 sub-products—Secure by Design, Continuous Assurance, and Blueprint.
• Throughout the process, I've provided transparency to leadership on our security posture—and a clear view to engineers, 1st / 2nd line of risk, and internal auditors on sign-off for business application go-live / key controlled risk indicators. I've also created a clear responsibility model and built / led a cross-functional on- and offshore team. Eliminated significant managed services cost for both product development and product support.
• Secure by Design: Led development of subproduct providing threat modeling, assessment, and threat mitigation for every cloud service consumed by the bank. Defined responsibility and governance structure.
• Continuous Assurance: Spearheaded the creation of a comprehensive security assurance product—encompassing build-time preventative assurance, runtime detective assurance, continuous assurance advisory consultative service, continuous assurance metrics, and reporting solution / data lake. Developed strategy, defined tech stack, and streamlined controls.
• Blueprint: Performed cost consumption analysis for Blueprint IaC modules.

Feb 2023 – Aug 2023 · 6 mos

• I worked closely with our CISO to define security strategy and current / future cybersecurity states and translated those ideas into industry-aligned, agile, stable, and secure processes.
• I created a robust cybersecurity design architecture, documented all security and technical components, and designed clear technical documents. I conceptualized and led a security design council overseeing, reviewing, and endorsing business and security initiatives. I also led the design of 6-, 12-, and 24-month delivery roadmaps.
• Delivered comprehensive cybersecurity reference architecture, cybersecurity framework, and security assurance program.
• Provided a strengthened data protection strategy to respond to increasing data breach threats across the industry.
• Worked with a partner vendor to develop cybersecurity threat, control, and risk libraries, security standards, and security guardrails—optimising operational security.
• Ensured consistent technical vision across all technical teams.

Aug 2021 – Jan 2023 · 1 yr 5 mos

• I created and led an enterprise-wide cloud security governance and assurance strategy and built and led a team of on- and offshore engineers delivering continuous cloud security across the AWS and Google platforms. I designed the product delivery roadmap, led technology and business engagement, and managed integration with broader business delivery. I also created and presented business cases and secured funding for new security initiatives.
• I spearheaded the creation of the initial Blueprint product following handover from external Big 4 development team and developed our pattern as a code practice.
• Delivered significant cost savings by challenging existing cloud security service attestations and designing an alternative solution.
• Grew blueprint coverage.

Nov 2020 – Aug 2021 · 9 mos

• I drove strategy to uplift security architecture and engineering capability and redesign the service and created secure by design, secure by build, and secure by run service frameworks.
• Redesigned the threat and risk assessment framework to simplify security controls design—slashing time for architects to secure business application.

Mar 2019 – Oct 2020 · 1 yr 7 mos

• I created a cybersecurity strategy to build a multi-cloud and integration platform supporting a multimillion-dollar business.
• Piloted pivot from traditional security approaches and designed innovative new controls to address emerging threats.

Jul 2018 – Feb 2019 · 7 mos

Jan 2008 – Jan 2018 · 10 yrs

• Previous professional experience includes Security & Risk Solution Manager with ANZ, Information Security Manager with Dimension Data, and Senior Security Consultant with RMIT University.