Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

William Lisse

CINCINNATI,Ohio

Summary

Versatile cybersecurity consultant and former CISO with over 20 years of experience advising private, public, and not-for-profit organizations on enterprise, cloud, AI/LLM/ML, OT/IIoT, and application security. As a managing consultant, led engagement teams, assisted sales teams in documenting SoWs and successfully delivered services. Demonstrated success in leading risk-based security transformations, designing secure architectures, and guiding compliance across multiple frameworks including ISO 27001, SOC 2, HIPAA, GLBA, FFIEC, PCI DSS, and NIST. Experienced in delivering virtual CISO services, security assessments, threat modeling, application security (SecDevOps), and building governance programs that balance security, usability, and cost-efficiency. Trusted advisor to executive leadership and technical teams.

Experienced security professional with strong background in developing and implementing robust security architectures. Adept at identifying vulnerabilities and mitigating risks, ensuring protection of sensitive information. Highly collaborative team player who adapts to changing needs and consistently drives results. Well-versed in security frameworks, threat modeling, and policy creation.

Overview

26
26
years of professional experience
1
1
Certification

Work History

Sr. Security Architect

Pluralsight
05.2023 - 06.2025
  • Lead enterprise and product-integrated security architecture for ISO 27001 and SOC 2 alignment.
  • Developed security reference architecture and design patterns for AI/ML/LLM applications including risks against based on OWASP, NIST and EU Guidance.
  • Conducted security architecture and design reviews for AWS S3, EC2, Kubernetes, Google Workspace, AI, and Azure.
  • Enhanced "Secure by Design" initiatives using MITRE ATT&CK-driven architecture reviews.
  • Led design and implementation of security frameworks to protect organizational assets and data integrity.

VCISO | Security & Privacy Consulting Architect

Bridge Security Advisors LLC
01.2021 - 05.2023
  • Delivered virtual CISO and architecture consulting for small and start-up HR and legal tech firms. Architected a knowledge management platform SaaS security.
  • Led security assessments and roadmapping for multiple municipalities.
  • Security architecture and SDLC alignment for a large global law firm.
  • Led GRC assessments for IT, OT, IIOT under ISO 27001, NIST 800-82, ISA/IEC 62443.
  • Created security policies and standards for a specialty insurance company that provided guidance for cybersecurity compliance with NYS DFS Part 500 and insurance model security.
  • Directed security architecture programs and transformation projects for HIPAA, SOC 2, PCI and SEC compliance for a large geographically dispersed healthcare organization.
  • Designed secure architecture frameworks to enhance organizational cybersecurity posture.
  • Led cross-functional teams to implement risk assessment and mitigation strategies.
  • Executed security audits, identifying vulnerabilities and recommending actionable solutions.

Principal Security Consultant & Architect

Verizon (Contract via Bridge Security)
12.2021 - 04.2023
  • Delivered multi-entity security transformations, security assessments, and security audits for C-Suite Executives and Boards.
  • Led an ISO 27001 assessment for a state retirement system that identified vulnerabilities and cost-effective solutions.
  • Produced 17 threat models and data flow diagrams for an SEC-regulated enterprise that focused security controls and effective cost control.
  • Led integrated OT/IT risk architecture for critical infrastructure clients for compliance and risk management.
  • Developed security protocols to protect sensitive data and infrastructure.
  • Conducted comprehensive risk assessments to identify potential threats.
  • Implemented compliance strategies aligned with industry regulations and standards.
  • Prepared management reports detailing observations, comparisons to applicable standards, guidelines and industry best practices.

Principal Consultant | GRC Lead | AppSec Architect

QOMPLX, Inc.
08.2019 - 01.2022
  • Managed an ISO 27001 assessment for the world’s largest law firm that identified a roadmap for risk treatment.
  • Created internal security and privacy policies and standards that met customer requirements and set a foundation for Cybersecurity controls.
  • Created secure architecture for CI/CD, MDR, and data platforms using LLM and NLP for a ITDR MDR for a start-up company.
  • Embedded AppSec in DevOps and documented SAST, DAST, DPIA workflows.
  • Created the application security architecture for the World’s largest law firm and identified vulnerabilities and gaps for controls.
  • Led cross-functional teams to implement data-driven solutions, enhancing client operational efficiency.
  • Analyzed complex systems and processes, identifying areas for improvement and optimizing performance metrics.
  • Conducted workshops to educate clients on advanced analytics tools, promoting adoption of innovative strategies.
  • Served as a trusted advisor for clients navigating complex industry landscapes.

SVP, Senior Application Security Architect

Citi Group
07.2020 - 04.2021
  • Conducted security architecture and design review, including threat models for cyber risks to financial services.
  • Conducted 62 cloud security architecture assessments for third-party risk management and internal reviews.
  • Developed threat models for containerized trading platform architecture.
  • Identified opportunities to improve business process flows and productivity.

Associate Director, Digital Transformation | Cloud Security Consulting Architect

Cognizant
02.2018 - 05.2020
  • Led AppSec architecture for AWS and Azure-based transformation projects for Enterprise Data Platforms.
  • Designed and implemented a security strategy and controls for a cloud-first insurance company.
  • Aligned security design to NIST 800-171 and ISA/IEC 62443 requirements for a large IIoT producer.
  • Led cross-functional teams to align strategic initiatives with organizational goals.
  • Oversaw budget management, ensuring resource allocation met project demands.
  • Assisted senior leadership in managing all aspects of operations.
  • Managed cross-functional teams for multiple large-scale projects, successfully completing each on time and within budget constraints.
  • Mentored junior staff members, providing guidance on professional development opportunities and career progression paths within the company.
  • Maintained positive customer relations by addressing problems head-on and implementing successful corrective actions.

Managing Consultant | Cloud Security Architect

Forsythe Technology
10.2016 - 02.2018
  • Conducted security assessments for a global healthcare, tax, and financial SaaS provider that improved security maturity from a 1
  • Designed and implemented IoT platform security architecture and controls for Connected Car/Home systems.
  • Delivered security architecture for global eContent provider.
  • Led strategic initiatives to optimize client operations and enhance service delivery.
  • Developed comprehensive assessments to identify improvement opportunities in client processes.
  • Mentored junior consultants, fostering professional growth and enhancing team capabilities.
  • Implemented innovative approaches to problem-solving, leading to breakthrough solutions for clients.
  • Actively contributed to thought leadership initiatives through authoring articles and presenting at conferences, elevating the firm''s reputation in the industry.

Executive Director, Global Security (CISO)

OCLC
04.2014 - 10.2016
  • Implemented and managed ISO 27001, FedRAMP, and GDPR-aligned security and privacy programs for a global not-for-profit’s global SaaS platform.
  • Directed global ISMS, ISO 9001 Quality Management, and business continuity operations.
  • Developed and implemented performance metrics to assess team productivity and project outcomes.
  • Collaborated with cross-functional teams to align business objectives with operational strategies.
  • Collaborated with stakeholders to develop actionable strategies that aligned with corporate goals and objectives.
  • Identified trends and assessed opportunities to improve processes and execution.
  • Implemented company-wide security program, reducing customer data security and privacy concerns and achieving industry recognition.
  • Interacted well with customers to build connections and nurture relationships.
  • Developed innovative solutions to complex problems, resulting in improved organizational performance.

Deputy Chief Security Officer | Director, Security Architecture

Vantiv
01.2013 - 04.2014
  • Designed PCI-DSS-compliant architecture and reduced risk by $13M.
  • Integrated threat modeling and security into Agile software practices.
  • Led operational strategies to enhance team performance and service delivery.
  • Managed cross-functional teams to streamline processes and improve efficiency.
  • Collaborated with senior leadership to align departmental objectives with strategic initiatives.
  • Monitored performance metrics, ensuring alignment with best practices and operational standards.
  • Conducted security assessments to identify deficiencies and suggest corrective actions.
  • Analyzed incidents, graphs and statistics to develop prevention strategies.
  • Managed budgets, resources, and personnel to ensure optimal allocation of resources in alignment with organizational goals.

Director, Information Security Officer | Security Architect Architecture

OCLC
11.2009 - 01.2013
  • Managed a global security in a global not-for-profit organization with over 25 indirect reports across the enterprise which influenced organizational change through messaging of the security value proposition, customer focus, and a strong business case.
  • Created software assurance processes and procedures for web-based and embedded software applications that included developer secure coding guidelines, clear requirements, training for developers, and implementation for continuous integration. Reduction of security vulnerabilities of 62% and reduction of security incidents by over 70%.
  • Led the security and privacy design of controls for a global Cloud service product, Hadoop database, SAML identity management, and Open Social implementation that included security requirements for three overseas data centers in London, Sydney, and Toronto and met international privacy requirements for HIPAA for medical libraries, the EU Data Directive, and Canadian PIPEDA.

Director, Information Technology Audit

Battelle & Battelle LLP
07.2007 - 11.2009
  • Established the IT Audit practice and implement risk-based auditing procedures to improve the identification and analysis of security, operational, compliance, and financial risks.
  • Assisted clients in identifying and remediating IT general and application control risks, including SOX §404 and SAS 70 audits that identified multiple deficiencies.
  • Led internal and external audit engagement teams for over 600 information system control assessments which resulted in identification of validated control deficiencies and material weaknesses under Sarbanes- Oxley §404 (PCAOB AS 2/5), ISO/IEC 27001, HIPAA, PCI DSS, Financial Statement Audits, AICPA SSAE 16/ SAS 70 Types I and II, GLBA, FFIEC, NACHA ACH, FCRA/FACTA (including "Red Flag Rules"), including audit and security for healthcare ERPS, CMS Medicare and Medicaid EDI, and virtualized environments.
  • Leveraged professional networks and industry knowledge to strengthen client relationships.

Executive Director, Technical Risk

ManTech International
01.1999 - 07.2007
  • Directly supervised 66 security professionals at six locations supporting international enterprise information systems with no failed systems accreditations for un-remediated risks. Managed a $35M security contract portfolio.
  • Designed system security architectures; developed detailed security designs; developed system security requirements; and evaluated systems tests against documented requirements for a portfolio of 320 system and software acquisitions.
  • Interim Lead System Security Engineer and Architect for the F-35 Lightning II Joint Strike Fighter including embedded system software and an Autonomous Logistics Information System for 16 Nations using an encrypted Internet-enabled (SOA) enterprise.
  • Led and delivered tailored threat intelligence assessments for DoD acquisitions and operations, including production of System Threat Assessment Reports, Area Threat Intelligence, and Threat Environment Descriptions.
  • Executed a security accreditation project for a modeling & simulation center which resulted in alignment of business processes and security procedures, successful documentation of all security policies and procedures, and coordinated with external auditors.
  • Facilitated cross-departmental collaboration to streamline operations and improve service delivery.

Education

Master of Arts - Managerial Economics

University of Oklahoma
Norman, OK
12.1997

Bachelor of Science - Computer / Management Information Systems

Park University
Parkville, MO
12.2003

Bachelor of Arts - Management

University of Maryland Global Campus
Adelphi, MD
06.1992

Postgraduate (Bachelor) - Acquisition Program Management (Software and Systems)

Defense Acquisition University
Dayton, OH

A.A.S. - Criminal Justice

Community College of The Air Force
Montgomery, AL
06.1988

Certificate - Data Science Specialization ("R")

Johns Hopkins University
Baltimore, MD
05.2023

Certificate - Applied Data Science with Python

University of Michigan
Ann Arbor, MI
07.2023

Skills

  • Security Program Strategy & Transformation
  • Governance, Risk & Compliance (ISO 27001, NIST, SOC 2, HIPAA)
  • Multi-Cloud Security Architecture (AWS, Azure, GCP)
  • OT & IIoT Security (ISA/IEC 62443, NIST 800-82)
  • Virtual CISO Services
  • Governance of AI and ML
  • Third-Party & Supply Chain Risk
  • Executive and Board-Level Cybersecurity Advisory
  • Identity and Access management
  • Secure software development
  • Threat modeling
  • Security risk assessment
  • Application security

Certification

  • Certified Information Systems Security Professional (CISSP)
  • Information Systems Security Architecture Professional (ISSAP)
  • Certified Data Privacy Solutions Engineer (CDPSE)
  • CERT Applied Data Science for Cybersecurity Professional Certificate
  • Certified AI Security Practitioner (CAISP)
  • ISO 27001 Lead Auditor
  • ISO 27001 Lead Implementer
  • Certified Information Systems Auditor (CISA)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified SCADA Security Architect (CSSA)

Timeline

Sr. Security Architect

Pluralsight
05.2023 - 06.2025

Principal Security Consultant & Architect

Verizon (Contract via Bridge Security)
12.2021 - 04.2023

VCISO | Security & Privacy Consulting Architect

Bridge Security Advisors LLC
01.2021 - 05.2023

SVP, Senior Application Security Architect

Citi Group
07.2020 - 04.2021

Principal Consultant | GRC Lead | AppSec Architect

QOMPLX, Inc.
08.2019 - 01.2022

Associate Director, Digital Transformation | Cloud Security Consulting Architect

Cognizant
02.2018 - 05.2020

Managing Consultant | Cloud Security Architect

Forsythe Technology
10.2016 - 02.2018

Executive Director, Global Security (CISO)

OCLC
04.2014 - 10.2016

Deputy Chief Security Officer | Director, Security Architecture

Vantiv
01.2013 - 04.2014

Director, Information Security Officer | Security Architect Architecture

OCLC
11.2009 - 01.2013

Director, Information Technology Audit

Battelle & Battelle LLP
07.2007 - 11.2009

Executive Director, Technical Risk

ManTech International
01.1999 - 07.2007

Master of Arts - Managerial Economics

University of Oklahoma

Bachelor of Science - Computer / Management Information Systems

Park University

Bachelor of Arts - Management

University of Maryland Global Campus

Postgraduate (Bachelor) - Acquisition Program Management (Software and Systems)

Defense Acquisition University

A.A.S. - Criminal Justice

Community College of The Air Force

Certificate - Data Science Specialization ("R")

Johns Hopkins University

Certificate - Applied Data Science with Python

University of Michigan

Similar Profiles

CREATE PROFILE