Steve K.

Experienced Cybersecurity Executive

Broomfield, CO, United States

Details

Education: Bachelor’s Degree

Finance and Marketing

Thomas More University

2006 : 2010

Experience: Full P&L responsibility for a 33 member team providing security services for over 2200 retail stores across the US.

2022 : Present

Tractor Supply Company

Director Information Security, Deputy CISO

2020 : 2022

North American Electric Reliability Corporation (NERC)

Director, Information Technology Cyber Security

Part of a new research team that explores emergent cybersecurity threats against new, innovative, early development technologies such as blockchain/AI, user behavioral analytics, deep learning, next-generation virtualized infrastructures, IOT, next generation cloud security, the Internet of Bio-Nano Things, and quantum encryption. Work with VC firms and partner with stealth start-ups in healthcare automation technologies.

• Provides consultation to senior leaders by providing forward looking research documents / models that marry emerging technologies to enterprise security threats while still supporting speed to market.

• Develops effective strategies that ensure KP achieves enterprise security in all business areas.

• Partners with risk teams and cross-functional leaders to identify opportunities, threats, and disruptive business models and devise responsive / mitigating and proactive plans given these threats.

• Supports transformation efforts to include changes in operating models, risk mitigation strategies, process improvement, process maturity and program effectiveness.

• Built a maturity and quantitative scoring model for NIST CSF assessments that can show current state maturity and future state based on identified, planned initiatives looking 3 to 5 years out. The maturity model replaces the NIST CSF tiers with a harmonized model using COBIT, C2M2 and CMMI.

• Manages a portfolio of strategic projects and initiatives; maintains responsibility and leadership for development of framework and approach, deliverables, timelines and management of stakeholder relationships and expectations.

• Acts as a thought leader, probing and challenging business units to productively debate strategies which are being developed.

2017 : 2020

Kaiser Permanente

Innovation & Transformation

Full directorship and P&L responsibility of staff members and contractors automating Technology Risk Office (TRO) systems for enterprise risk assessments. Facilitated risk intelligence through Big Data optimizations. Managed team of professionals providing risk management services across six states.

2015 : 2017

Kaiser Permanente

Risk Intelligence & Solutions

Lead a team of 5 who have responsibility for risk management over 5 states and 3 (Corporate) business information offices. Provided risk assessment services, risk decision making guidance and support for the development and implementation of risk reducing controls. Meetings focused on providing insightful and value-added risk management guidance often before projects begin or before production changes (tactical alignment). Strategic services focus on working closely with senior executives to drive risk treatment decisions, ensure technology risk is addressed in IT strategic planning and be a trusted adviser for their business partners.

2013 : 2015

Kaiser Permanente

Technology Risk Management / Advisory Services

Company: Tractor Supply Company

Years of Experience: 28

Spoken Language: German

Skills

Auditing, Big Data Analytics, Budgeting, Business Analysis, Business Process Improvement, Change Management, cisa, cissp, COBIT, Compliance, Consulting, Disaster Recovery, Enterprise Risk Management, Executive Management, Governance, Healthcare Information Technology (HIT), Incident Response, Information Security, Information Technology, Infrastructure, Internal Audit, Internal Controls, it audit, IT Disaster Recovery, IT Governance, IT Management, IT Operations, IT Project Management, IT Risk, IT Risk Management, IT Security, Leadership, Management, Management Consulting, Mobile Security, NIST, Organizational Development, PCI DSS, Penetration Testing, Process Improvement, Project Management, Public Speaking, Regulatory Compliance, Risk Analysis, Risk Assessment, Risk Management, Sarbanes-Oxley Act, Security Operations, Strategy, Vulnerability Management, Computer Security, Information Security Management, Strategic Planning, SDLC, Business Continuity, System Administration, IT Policy Writing, Team Building, Technical Training, Computer Hardware, Top Secret Security, Financial Risk, Enterprise Risk, Business Process, Top Secret Security Clearance (TS/SCI) - Inactive

About

With over 27 years of experience in information technology and cybersecurity, I am a seasoned executive who leads with vision, strategy, and innovation. I currently direct the information security function at Tractor Supply Company, where I have full P&L responsibility for a 23-member team that provides security services for over 2200 retail stores across the US.

My core competencies include cybersecurity management, audit, compliance, risk, policy, awareness, operations, and project management. I also have a proven track record of creating high-performance teams, designing effective security solutions, handling demanding regulatory environments, and cultivating internal and external business partnerships. I am a certified information systems security professional (CISSP) and a certified information systems auditor (CISA), as well as a US Air-Force veteran. I am passionate about integrating security into the culture of any business, enabling them to remain strategically focused yet secure.