Tim is a security professional with 15 years’ experience across Protiviti and BigFour consulting firms, where he has partnered with clients to develop and assess innovative security solutions and values collaboration in problem solving to obtain maximum buy in. Tim helps clients identify, navigate and manage risks in enterprise security including compliance risks (HIPAA, PCI DSS, NY DFS, FTC Consent Orders, SOX) and benchmarking against leading practices (NIST CSF, ISO27001, FFIEC CAT) to design programs tailored to clients strategy, organization and risk appetite for protection of critical assets.
Tim is an active member in cybersecurity professional associations and sits on the Board of the ISACA NY Chapter. He maintains multiple certifications including CISSP, CISA, PCI DSS QSA and sector specific certifications such as HITRUST CSFP. Tim is also a Fellow of the Association of Chartered Certified Accountants. Tim can connect technology problems to business and strategic goals to help articulate the risks and benefits of security solutions. He also teams with internal audit to build high value cybersecurity assessments.
- Led a team conducting an enterprise wide security assessment of a retail and pharmacy benefits management organization. The assessment was driven from an external compliance requirement from an FTC Consent Order. Responsible for planning, scoping, and executing assessment leveraging ISO27001 to assess the administrative, technical, and physical safeguards for the protection of critical information resources. Developed a framework and approach to provide assurance required across multiple and unique business operations, including retail, distribution and corporate processes.
- Assessment of top fortune organization against the HIPAA security and privacy rule OCR work-programs to determine compliance level. Providing recommendations on remediation.
- PCI DSS compliance and readiness assessments for clients across wide sectors. These engagements included recommending policies, procedures, solutions and compliance management frameworks to support clients.
- Developed multiple PCI compliance strategies for compliance, looking at scope reduction techniques including tokenization and outsourcing. Conducted gap and cost benefit assessments against different target operating models and SAQ types.
- Developed an enterprise security architecture and security risk assessment aligned with ISO27001, NIST and CIS standards, recommending and redesigning security processes and compliance strategies including IT security governance frameworks.
- Developed Information Security policies and processes for a financial services company. Collaborated with process owners and teams to understand current processes, procedures, working practices, documentation and tools and created a policy set that was consistent, enforceable, auditable, and aligned to ISO27001.
- Developed and implemented a data privacy risk assessment procedure for a multi-national credit card firm to assess data protection and data leakage risks for their key suppliers. This involved developing a risk based assurance strategy for those suppliers and a data privacy audit program.
Areas of Expertise
- Technology Consulting Information Security & Privacy
- IS Governance & Strategy
- PCI DSS
- M.Eng – Aeronautical Engineering Bristol University
Professional Memberships and Certifications
- Certified Information Systems Auditor PRINCE2 Practitioner
- Fellowship of Chartered Certified Accountants
- Certified Information Systems Security Professional
- Payment Card Industry Qualified Security Assessor
- Visa Approved Security Assessor
- Certified in Risk Management Assurance
- Association of Chartered Certified Accountants
- Information Systems Audit and Control Association
- International Information Systems Security Certification Consortium (ISC)2