James W. Sample
Details
Harvard University
2017 : 2017
Bachelor of Science - BS
Business Management
Western Governors University
2009 : 2010
Associate of Science
Business Management
Hawaii Pacific University
1995 : 1998
Navy NEC CT-9190 Special Security Assistant
Navy Special Security Officer (SSO)
1994 : 1995
Military Education
National Security
USN “A” School - 9190 - SCI Administration and Physical Security
1993 : 1993
2020 : Present
Xcel Energy
Vice President and Chief Security Officer / Chief Information Security Officer
Global Resilience Federation (GRF) is a non-profit hub and integrator for support, analysis, and cross-sector intelligence exchange among information sharing and analysis centers (ISACs), organizations (ISAOs), and computer emergency readiness/response teams (CERTs). GRF’s mission is to help assure the resilience of critical and vital infrastructure against threats that could significantly impact the orderly functioning of the global economy and general safety of the public. GRF members include Financial Services ISAC, Retail ISAO, Legal Services ISAO, Energy Analytic Security Exchange, Health ISAC, Professional Services Information Exchange, Oil and Natural Gas ISAC, Downstream Natural Gas ISAC, and Operational Technology ISAC.
2020 :
Global Resilience Federation (GRF)
Member Board Of Directors
The ARC is a non-profit, cross-sector organization designed to mitigate systemic risk to the nation’s most critical infrastructure from existing and emerging threats. We facilitate operational collaboration between our critical infrastructure members from the financial and energy sectors, the U.S. Government, and other key sector partners in a secure environment to assess, prioritize, and mitigate risk to critical systems, assets, and functions.
The ARC was jointly established by leaders from the financial and energy sectors to build upon the frameworks and models for addressing systemic risk originally developed by the Financial Systemic Analysis and Resilience Center (FSARC). The ARC’s members are owners and operators responsible for the systems and assets that underpin national critical functions.
2020 : 2023
Energy Analysis & Resilience Center (ARC)
Executive Committee Member
Served as the OT and Energy Sector Cybersecurity Leader at Ernst & Young LLP (EY), focusing on internal audit, cybersecurity, managed risk services, risk transformation, internal controls and risk assurance for regulated and non-regulated critical infrastructure. We focus on assisting organizations in navigating the Transformative Age as a digitally confident and trusted enterprise by :
1. Balancing upside, downside and outside risks to achieve competitive advantage;
2. Instilling a risk mind-set and culture across the organization (e.g. harnessing digital labor, embracing new digital thinking.);
3. Embedding risk in product and service design and operations to accelerate speed to market while sustaining trust; and
4. Digitizing risk intelligence, monitoring and reporting to enable dynamic decision making aligned with strategic priorities.
As the Energy Sector Cybersecurity Leader, I had the honor to work with a team of highly specialized sector focused experts accountable for driving practice development and delivering integrated security solutions across the enterprise and industrial control system (ICS) environments, both IT and OT. Together we manage a business pipeline in excess of $100 million with a 54% CAGR between FY15-18 while projecting a sustainable annual CAGR of 25%+ over the next three years.
We pride ourselves on purposeful interactions with executive leaders, operational leadership teams, and operational performers. This allows us to stay connected to strategic objectives, but grounded in the day-to-day activities for the business that provide safe, reliable, affordable, customer focused, and employee engaged results for the organization.
2015 : 2020
EY
Partner/Principal, Americas Energy and OT Cybersecurity Leader
Accountable for the governance, oversight, and support of PG&E's enterprise security and critical infrastructure protection program. Responsible for overall achievement and compliance with regulatory requirements and PG&E’s mission by ensuring controls are in place and managed to protect cyber and information based assets, employee privacy, IT/OT continuity of operations, and incident management enterprise-wide. This includes establishing vision; rules, principles, policies and practices; and setting the standard of performance for PG&E. Monitors efforts across the enterprise to assure that financial, risk management, and functional outcomes are met. Develops communication campaigns to foster a culture of awareness. Acts as senior manager and leadership role for PG&E’s NERC Critical Infrastructure Program as outlined in NERC CIP Standards, NRC Title 10, and other security regulations and standards governing PG&E. Provides subject matter expertise and performs activities, such as awareness and training, to help others to complete or conduct their execution responsibilities while maintaining a proper level of independence.
2011 : 2015
Pacific Gas & Electric
Chief Information Security Officer
Skills
Application Security, Artificial Intelligence (AI), Auditing, Business Process Improvement, Business Relationship Management, Communication, Compliance Management, Computer Security, Critical Infrastructure Protection, Cyber Defense, Cybersecurity, Data Privacy, Emergency Management, Enterprise Risk Management, Enterprise Security, Financial Risk, Incident Management, Incident Response, Information Security, Information Security Management, Information Technology, Insider Threat Detection, Integration, IT Risk Management, Leadership, Management, National Security, Network Security, Operational Risk Management, Organizational Development, Penetration Testing, Personnel Management, Physical Security, Portfolio Management, Process Improvement, Program Management, Project Management, Relationship Building, Risk Management, Robotic Process Automation (RPA), Security, Security Management, Security Operations, Servant Leadership, Strategy, Teaching, Threat & Vulnerability Management, U.S. Federal Information Security Management Act (FISMA), Vulnerability Assessment, Vulnerability Management, CISSP, Business Operations, NRC, FISMA
About
Visionary Fortune 500 senior executive with Big 4 Partner/Principal and U.S. Government experience specializing in organizational turnaround and revenue growth. Experienced in driving enterprise transformation, complex programs, mergers and acquisitions, and using innovation to deliver disruptive solutions to promote growth. Deep knowledge and experience in privacy, supply chain/3rd party risk management, security risk management (cybersecurity (information technology (IT), operational technology (OT), internet of thing (IoT), and physical and personnel security), continuity of operations, enterprise resiliency and emergency management.
- 25 years of safeguarding some of the country’s most critical assets. This includes developing and formalizing best-in-class enterprise governance, architecture, engineering, threat intel, security risk management, data loss and fraud prevention, identity and access management, and security operations that includes real-time monitoring, incident response, investigations, hunting, big data analytic, artificial intelligence, robotics, and attack and pen teams.
- Global experience including management of relationships with business partners in Europe, Israel, Australia, and Japan.
- Board experience from performing Board advisory services to serving as a Board member.
An entrepreneur/builder at heart with a passion for collaborating and working together with peer business leaders to understand business needs, security risk, and risk treatment strategies to enable the business to safely take the necessary risk in order thrive and create a competitive advantage...know vs no. I subscribe to purpose is power and servant leadership.
Profile Photo
