Andrew is a globally-experienced certified Information Security executive and Board Advisor with a track record of success in complex, multi-stakeholder environments across Europe, North America, and the Middle East. His experience ranges from building information security teams from the ground up, enabling sales as a customer-facing CISO, maturing systems to reduce risk, and developing streamlined reporting to provide executive insight into data risks. Andrew transitions reactive information security environments into a culture where proactive prevention of information security risk is the norm.
Andrew holds over 22 years of experience in the banking, financial services, startups, and healthcare industries. He is experienced in all facets of IT/IS Security & Risk Management, including acquisitions and disaffiliations, and has a track record of developing and implementing security strategies from inception through execution. In addition to his corporate experience, Andrew has also served on the executive boards for international conferences and advised government agencies on information security subjects.
Andrew's skill set includes Security Risk Management, Security Program Development, Risk Assessment Methodologies, Application and Infrastructure reviews, Business Continuity (BC) and Disaster Recovery (DR), Security Training and Awareness, Data Loss Prevention (DLP), Audit and Regulatory Compliance, Mainframe, New Technology Research and Implementation, Application Security, Project Management (PM), Change Management (CM), Cloud Adoption Frameworks, and Cloud Security. Additionally, he comes from an IT background, which allows him to understand business requirements outside of the security environment and collaboratively create solutions that work for the business.
Andrew’s regulatory compliance and privacy experience include FSA, NIST, PRA, FDIC, ISO 27K, COBIT, HIPAA, PCI-DSS, GLBA, Mass 201 CMR 17.00, SOX 404.SAMA, GDPR, CCPA, and NYDFS.