Andrew Heighington
Details
Key Security Accomplishments :
- Built security program from the ground up, achieved SOC2 Type II readiness in 3 months, and received a clean audit opinion with no noted exceptions.
- Accelerated sales cycle and customer due diligence process by reducing mean time to respond by 90%
- Led the secure migration to AWS
- Rolled out corporate managed laptop program, MDM solution, and EDR in 90 days
- Designed and Implemented Corporate AI Strategy and Governance
Key IT Accomplishments :
- Brought help desk in-house and reduced mean time to resolve employee IT issues by 80%
- Achieved 20% annualized savings in Corporate IT spend
- Manage suite of SaaS applications to enable employees to work productively and securely
- Oversee employee onboarding, offboarding, and IT/security training
Key Privacy Accomplishments :
- Implemented Data Processing Addendum + SCCs for customers
- Updated Privacy Policy and notified customers of revisions
- Revamped Cookie Policy and Implementation
Visit.org is a for-profit B2B SaaS company providing industry leading software to help enterprises discover, book, manage, and report on hundreds of carefully curated social impact team experiences available around the globe.
2022 : Present
Visit.org
Chief Information Security Officer and Head of IT & Privacy
Providing cybersecurity advising through OneGuide, an expertise platform that connects high-growth companies with experienced functional advisors.
2022 :
OneGuide
Advisor
- Led a team in delivering scalable, sustainable, and best-in-class information security solutions for a global bank that serves 68 million customers and 95% of the Fortune 1000
- Executed complex and high-profile risk reduction initiatives across a range of domains, including asset management, identity and access management, cloud security, security monitoring, endpoint detection and response, data protection, incident management, and third party management.
2020 : 2022
Bank of America
Senior Vice President, Sr. Business Information Security Officer
- Work closely with the line of business Chief Information Officers, Chief Technology Officers, and business partners to drive the right risk reduction activity across all information security domains.
- Manage line of business cloud security governance process.
- Advise line of business management on risk issues related to information security and recommend remediation actions
- Monitor information security trends internal and external to the bank and keeps line of business leadership informed about information security-related developments
- Drive process enhancements to improve operational efficiency
2019 : 2020
Bank of America Merrill Lynch
Senior Vice President, Sr. Business Information Security Officer
Played a leading role in architecting and implementing a new enterprise-wide data control function to integrate data protection, data governance, and data privacy controls across the firm
2018 : 2019
JPMorgan Chase & Co.
Vice President, Global Data Control Officer
About
I have 15 years of experience as an information security leader at the Department of Defense, JPMorgan Chase, Bank of America, and a fast-growing technology company. I have a track record of solving enterprise-scale security challenges for highly regulated and heavily targeted Fortune 25 companies while rolling up my sleeves building security, IT, and privacy programs from scratch.
I am also the creator of the Shadow AI Newsletter, a free weekly newsletter to arm current and future security and IT leaders with the strategies and tools they need to safeguard digital assets, enhance employee productivity, and enable business growth in an AI world.
Expertise includes:
- Translating information security risk to the business
- Architecting and implementing comprehensive and global enterprise and product security programs that enable business growth and employee productivity
- Securing cloud and SaaS platforms
- Briefing executive leadership and boards
- Building and leading high-performing teams
- Strategically integrating privacy, IT, security, and data governance controls
Profile Photo
