Profiles search

Chris Dalton

Chief Information Security Officer | Cyber Security Risk Management | Industrial Control System Security
Seattle, WA, United States

Details

Education: Master of Business Administration (MBA)

Computer/Information Technology Administration and Management

University of Phoenix



B.A.

Management Information Systems

Florida Atlantic University
Experience: 2019 : Present

Weyerhaeuser

VP & Chief Information Security Officer

A community comprised of cybersecurity leaders and experts, with exposure to early-stage (Seed/ Series A) start-ups and innovation, access to private investment opportunities, leveraging domain expertise and connections to assess and contribute to the success of early stage cybersecurity ventures.

2022 :

CCL

Member and Investor

Global leadership responsibility for cyber security GRC with a $24 billion rental car company.

-Introduced quantitative metrics to leverage statistical models to reduce subjectivity in risk analysis.

-Successfully led effort to build enterprise wide governance framework. Also led GDPR & CCPA efforts.

-Rebuilt vendor risk management, customer assurance, and technical risk analysis functions resulting in holistic risk posture.

-Senior contributor and champion of enterprise security strategy

2017 : 2019

Enterprise Holdings

Director - Information Security Governance, Risk & Compliance

Responsible for the Information Security Practice at Base2 Solutions. Trusted advisor to clients, reducing their risk profile by implementing the appropriate technology and making process improvements. Leverage healthcare background and the HITRUST CSF framework to help reduce risk for HIPAA covered clients and business associates. Supplement growing SaaS providers by aiding in their security implementations, allowing them to focus on core feature development.

Help government contractors navigate the complex requirements of NIST800-171, DFAR and identification of Controlled Unclassified Information (CUI). Perform gap analysis, documentation and remediation planning and execution services.

2016 : 2017

Base2 Solutions

Director - Information Security Practice

Lead efforts to manage enterprise information security risk. Efforts include FedRAMP certification process via JAB, NIST 800-53, ISO 27001, SOC2, BCP/DR and annual risk assessment process & remediation tracking. Support Life Science verticals by packaging repeatable quality practices for 21 CFR Part 820 and electronic signatures, 21 CFR Part 11. Improve resource utilization by better understanding cost to serve using metrics.

Manage global team responsible for all Governance, Risk and Compliance efforts.

2013 : 2016

ServiceNow - The Enterprise IT Cloud Company

Senior Director - Governance Risk & Compliance (w/ Top Secret Clearance)
Company: Weyerhaeuser
Years of Experience: 18

Skills

Application Security, Business Continuity, Business Continuity Planning, CISM, CISSP, Cloud Computing, Cloud Security, Computer Security, Cyber-security, Data Privacy, Data Security, Disaster Recovery, Enterprise Risk Management, Enterprise Software, FedRAMP, Global Management, Governance, HIPAA, HITRUST, Identity Management, Incident Management, Information Security, Information Security Management, Information Technology, Infrastructure, Integration, ISO 27001, IT Audit, ITIL, IT Service Management, IT Strategy, Leadership, Network Security, NIST 800-53, NIST 800-171, PCI DSS, Penetration Testing, Process Improvement, Program Management, Sarbanes-Oxley Act, Security, Security as a Service, Security Audits, Security Awareness, Security Management, Strategy, Vendor Management, VMware, Vulnerability Assessment, Vulnerability Management, CISA, ITIL Service Strategy, Enterprise Risk, IT Management

About

Selfless leader with background in healthcare, manufacturing, retail, financial, and high tech cloud industries. Passionate about providing a balanced approach to cyber security & risk management. Experienced at measuring and communicating cyber security in business terms, embracing industry frameworks, such as the NIST Cloud Security Framework and NIST 27001 controls. Skilled at collaborating to reach prioritized roadmaps for control improvements.



Specialties: Leadership, Industrial Control / OT Security, Cyber Security, Cloud Security, Compliance, Security Operations, Quantitative Risk Management, IT Business Continuity, Program Management