Christopher Chock

With deep expertise in cybersecurity, I deliver comprehensive advisory services to strengthen operational resilience and align security strategies with organizational goals. Serving as a Virtual Chief Information Security Officer (vCISO), I have designed and implemented tailored security programs that comply with rigorous standards such as SOC2, ISO 27001, and NIST CSF 2.0. I leveraged Governance, Risk, and Compliance (GRC) tools to simplify the company’s efforts for managing regulatory and compliance audits. My work includes driving strategic initiatives like managing incident response programs, embedding security checkpoints into development lifecycles, and providing actionable cyber risk insights to executive leaders to support informed decision-making.

Beyond strategic oversight, I excel in addressing technical challenges that hinder security operations. My experience also spans leading vulnerability management and penetration testing programs, optimizing corporate security architectures, and developing effective data classification and information management strategies. I also conduct in-depth assessments of vendor products and services, identifying third-party risks and vulnerabilities. Collaboration is central to my methodology, fostering alignment between cybersecurity, IT operations, and business functions to achieve cohesive and impactful security outcomes.

Certainly! Here's the updated version with the specified projects included:

At Planet Home Lending, I developed and implemented strategies to enhance organizational security. I created a multi-year cybersecurity roadmap, aligning initiatives with business objectives to achieve compliance with SOC2 and ISO 27001 standards. My work included delivering key security projects such as deploying Data Loss Prevention (DLP) solutions, establishing third-party risk management processes, implementing Endpoint Detection and Response (EDR) tools, and enhancing the Security Operations Center (SOC) for improved threat detection and response. I also secured executive management support for critical security programs and managed their successful execution.

I led and developed a team of security engineers and analysts, enhancing their performance through targeted technical training and professional development initiatives. To address human-related risks, I implemented a dynamic security awareness program featuring interactive training, phishing simulations, and regular communications to reinforce best practices. Additionally, I deployed enterprise-class logging, event management, and threat detection systems, which significantly improved the company’s ability to identify and respond to threats.

As Director of Information Security at Ambry, I developed and executed comprehensive security programs tailored to meet stringent regulatory and operational requirements. I implemented an ISO 27001 and NIST CSF-based security framework that ensured compliance with HIPAA, CAP, CLIA, and JSOX. Additionally, I created a 5-year risk-based security roadmap aligned with organizational priorities and budgets, re-architected the corporate security infrastructure, and designed a zero-trust network to enhance resiliency, reduce data loss, and simplify endpoint management. My efforts in implementing security assessment processes and achieving SOC2 Type II compliance further strengthened the organization’s risk management capabilities.

Beyond technical expertise, I brought strong leadership and strategic vision to the role. I managed and coached teams of security engineers and operational staff, fostering high performance and professional growth while building productive relationships with stakeholders. My ability to anticipate future trends through strategic planning enabled me to balance risk with innovation, ensuring the security program evolved alongside the organization’s needs. I also led third-party and partner security assessments and created engaging presentations and articles that translated complex security concepts into actionable insights for diverse audiences.