Paul S.

Director of Engineering

United States11 yrs 11 mos experience

Highly StableAI Enabled

Key Highlights

Over 13 years of cybersecurity leadership experience.
Expert in aligning security strategy with business outcomes.
Proven track record in risk management and governance.

Stackforce AI infers this person is a Cybersecurity Leader with expertise in enterprise risk management and compliance.

Contact

Skills

Core Skills

Governance, Risk Management, And Compliance (grc)It Risk ManagementCybersecurity Training & AwarenessIt GovernanceThreat AnalysisIt Security AssessmentsBusiness Continuity Management (bcm)Threat & Vulnerability ManagementIdentity And Access Management (iam)Network SecuritySecure Network Architecture

Other Skills

Security Policy DevelopmentIT StrategyRisk InsightsData ProtectionISO 27001Payment Card Industry Data Security Standard (PCI DSS)Mitigation StrategiesControl TestingThreat ModelingProgram MaturityPolicy ManagementTalent DevelopmentTechnology RiskIssue ManagementMetrics Reporting

About

I am a cybersecurity leader focused on aligning security strategy to business outcomes and enabling organizations to make confident, risk-informed decisions. Over the past 13+ years, I’ve led teams and built programs that strengthen enterprise resilience, reduce risk exposure, and support business growth. My focus is on translating complex cybersecurity challenges into clear, actionable insights for executive stakeholders while ensuring security is understood not just as a technical function, rather as a critical business enabler. I have deep experience across risk management, governance, and security strategy, with a track record of designing and operationalizing programs that scale with the organization. Whether guiding strategic roadmaps or advising on risk tradeoffs, I operate at the intersection of technology, business, and leadership. My leadership style emphasizes clarity, accountability, and empowerment to build high-performing teams while fostering strong cross-functional partnerships. As I continue to grow, I am focused on stepping into a CISO role with an emphasis on enterprise risk leadership, executive engagement, and shaping security as a driver of business value.

Experience

11 yrs 11 mos

Total Experience

2 yrs 7 mos

Average Tenure

1 yr 2 mos

Current Experience

Ians

IANS Faculty

Mar 2025 – Present · 1 yr 2 mos

Serve as a trusted advisor to CISOs and security leaders, providing expert guidance across cybersecurity, risk, and privacy domains
Deliver strategic consulting and executive briefings on emerging threats, governance frameworks, and program maturity
Conduct deep-dive research and develop actionable insights on security trends, technologies, and best practices
Advise clients on building and optimizing GRC, risk management, metric reporting and security awareness programs aligned with business goals
Author and review white papers, guidance documents, and toolkits to advance IANS’ knowledge base and client value
Collaborate with peers and IANS Research to develop new educational content and strategic advisory material
Represent IANS at conferences and industry events as a subject matter expert on cybersecurity and risk management

Edwards lifesciences

Director, Information Security GRC

Nov 2024 – Present · 1 yr 6 mos · Hybrid

Lead and mentor a global GRC team fostering high performance, talent development and professional growth
Build and drive the evolution of Edwards Lifesciences’ GRC program to enable secure, compliant global operations
Integrate risk management into business and IT processes to enhance operational efficiency and ensure risk-informed decision-making
Streamline and automate GRC operations using data-driven insights to improve efficiency and visibility
Establish enterprise-wide metrics and dashboards to measure performance and demonstrate value
Oversee core GRC services including Policies and Standards, Operational Risk Management, TPRM and Training & Awareness
Manage corporate security communications and customer security reviews to ensure transparency and responsiveness
Govern GRC resources, platforms, and workflows to ensure consistent, high-quality service delivery at scale
Maintain policy and control frameworks aligned with regulatory and industry best practices
Lead continuous risk monitoring to identify, prioritize, and mitigate enterprise and third-party risks
Partner with cross-functional leaders to align cybersecurity and compliance initiatives with business objectives
Present GRC insights and risk posture updates to senior leadership and key stakeholders
Drive the Security Awareness Program to promote a culture of accountability and cyber resilience
Implement GRC and risk monitoring platforms to enhance automation and reporting accuracy
Champion innovation and continuous improvement to support Edwards’ global security transformation

IT Risk ManagementGovernance, Risk Management, and Compliance (GRC)Security Policy DevelopmentIT StrategyRisk InsightsData Protection

Pacific life

2 roles

Director of Information Security, Deputy CISO

Promoted

Feb 2021 – Oct 2024 · 3 yrs 8 mos

Strategic Initiatives:
Lead, mentor and manage a team of cybersecurity engineers and risk professionals while fostering a culture of continuous learning and growth
Built and managed Cybersecurity, TPRM, and IT risk programs through a 3-lens view to assess maturity and control effectiveness against regulatory requirements and best practices
Developed and automated a robust metric & reporting program with automated dashboards to report the security posture of the organizational and demonstrate alignment with the organizational risk appetite
Governance, Risk & Compliance (GRC)
Evaluated the security posture of third parties to validate appropriate security measures are in place to protect shared assets and drive a bias for action through reporting risk-based metrics
Lead and manage the training and awareness program for technical and non-technical stakeholders to educate employees on cybersecurity best practices
Created an indexable Controls, Policy and Procedures library with auditable mappings to authoritative sources and regulatory requirements
Lead and manage the Business Continuity Program, driving the first line of defense to establish Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)
Cybersecurity Engineering
Developed and managed the cybersecurity R&D program to identify and research emerging technologies and determine the potential impact on the organization
Developed detection and notification rules in AWS Connect to monitor for adversaries attempting to Smish multiple help desk teams
Developed and analyzed Data Loss Prevention (DLP) Policies, XSOAR Playbooks, and Insider Threat detection rules to protect company data

Cybersecurity Training & AwarenessISO 27001IT Risk ManagementPayment Card Industry Data Security Standard (PCI DSS)IT GovernanceThreat Analysis+30

Information Protection & Risk Service Lead

Oct 2018 – Feb 2021 · 2 yrs 4 mos

Design & maintain security architecture diagrams partnering with cross-functional IT teams
Partner with compliance and privacy to ingest business requirements for defining DLP policies. Use these requirements to configure the DLP console and write DLP policies
Work with stakeholders across the enterprise to maintain and grow core aspects of the Information Security Program including Governance, Control design, Risk Management, and Training/Awareness services
Lead the annual security program roadmap and status reporting on initiatives and KRIs. Create presentation materials and lead discussion for key stakeholder meetings.
Build the cybersecurity Policy and Procedure library aligned to regulatory requirements and conduct analysis of new regulations that may impact the cybersecurity program requiring updates to the control model, Policy and Procedures
Coordinate and lead external reviews and assessments from regulators, audit firms, assessors, and client due diligence requests
Own the security risk register and the ongoing management of inherent and residual risks. Prepare heat maps and analytics of risks

Payment Card Industry Data Security Standard (PCI DSS)Endpoint SecurityIT GovernanceThreat AnalysisMitigation StrategiesNetwork Security+27

Cbi | cyber security solutions

2 roles

Cybersecurity Advisory Services Manager

Promoted

Jan 2017 – Oct 2018 · 1 yr 9 mos

Work with clients on developing effective risk mitigation plans to address cyber security risks
Lead controls assessments for our clients to assess and identify risks based on industry standards such as PCI-DSS, HIPAA, CSC top 20, ISO 27001, NIST, GDPR, NYDFS, etc.
Lead risk assessments for our clients to assess and identify risks based on industry best practices surrounding encryption, data loss prevention, business continuity and disaster recovery, etc.
Conduct technical interviews with business functions to identify compliance gaps and security risk
Work with business leaders and senior management to identify and build key risk indicators and key performance indicators
Consulted over 100 organization including large Fortune 500 companies
Manage a team of 6 analysts
Leading the organizations relationship with a strategic vendor, I am responsible for managing, delegating, and delivering on consulting engagements, achieving growth goals, and training co-workers on technical implementations.

ISO 27001Payment Card Industry Data Security Standard (PCI DSS)Mitigation StrategiesThreat ModelingIT Security AssessmentsData Management+13

Cybersecurity Consultant

Jan 2016 – Jan 2017 · 1 yr

ISO 27001Threat & Vulnerability ManagementPayment Card Industry Data Security Standard (PCI DSS)Endpoint SecurityThreat AnalysisTenable Nessus+16

Ibm

IT Cybersecurity Specialist

Jun 2015 – Jan 2016 · 7 mos · East Lansing

Client facing consultation
Information security projects focused on ISO 27001, NIST CSF, and PCI-DSS compliance
Administration of the user life-cycle with IAM
Review and investigate security incidents with QRadar SIEM

Threat AnalysisMitigation StrategiesCloud SecurityPKINetwork EngineeringInformation Security Analysis+5