Steve Gibbons

• Served as the primary resource for corporate InfoSec requirements, providing guidance and thought leadership.

• Assisted clients with decision-making, risk treatment strategies, and mitigating controls for cybersecurity needs.

• Managed a portfolio of 50+ security plans, conducting annual risk assessments for business applications and IT assets.

• Key member of the Independent Risk Assessment team within the Information Security and IT Oversight program.

• Conducted independent assessments, provided effective challenges, and collaborated with the CISO and IS directors.

• Led the creation and maintenance of enterprise management policies, including drafting the Information Security Program (ISP) document.

• Consulted with and advised project teams, partners, and vendors to ensure compliance with Information Security (IS) policies and standards.

• Led a team of external consultants in managing the IS component of the Solution Architecture Review process.

• Key contributions included managing services via strategic outsourcing providers, educating and mentoring staff, and playing a pivotal role in high-profile projects like Jawbone UP4, Apple Passbook, Apple Pay, and Bluebird.

• Drove transformational changes in IS assessment processes and managed enterprise IS policies across various domains.

• Designed and executed a risk-based approach to managing deviations from standards and oversaw the development of a new Exceptions Management system.

• Provided comprehensive security guidance and oversight during the critical spin-off of Ameriprise Financial from American Express.

• Interfaced with the Ameriprise CISO and IBM executives, building and mentoring a dedicated security team.

• Ensured adherence to IBM security policies and processes, managed security operations, and participated in transition and transformation projects.

• Conducted risk assessments, evaluated security postures of third-party suppliers, and researched emerging security issues and technologies.