Sue Lapierre
Details
Chief
Member
Keeping the bad guys out is only one piece of the strategy! In my role, IT Governance includes Information Security but goes beyond to include GRC, Vendor Management, IT Finance, Project Management and Agile Transformation. With all of these areas, it offers visibility to look at protections within the organization at various levels including our third party providers. Creativity and persistence are useful skills as training of staff and maintaining relationships are vital to success!
2014 :
Prologis
Vice President, IT Governance, Information Security Officer
Continuously evolve the information security and risk management programs at Intrawest to protect against the ever-changing threat landscape. Implemented a broad range of security tools [including Security Incident and Event Management system (SIEM), File Integrity Monitoring (FIM), Web Application firewalls, IDS/IPS' ] to ensure the foundation of security; Confidentiality, Integrity, Availability.
Responsible for the development of IT Audit, PCI, and SOX compliance; ongoing activities to review and ensure controls are being performed. PCI Compliance - Developed comprehensive program to achieve enterprise-wide compliance within 15 months. Ongoing collaboration with Qualified Security Assessor (QSA) and Merchant Acquirers to determine the appropriate solutions for the organization. Instituted 17 security and protection policies as part of IT general controls.
Positions held at Intrawest prior to current :
Director of IT Security and Compliance
* Managed $5M IT managed services provider
* Software licensing audit facilitation
* IT Operations escalation
* Developed, implemented, and now facilitate, and manage a consistent, enterprise-wide Change Advisory Board review and approval process.
2011 : 2014
Intrawest
VP, Info Sec, Risk & Compliance
Created and developed PSI’s Enterprise Security and Risk Management program and team. Developed strategic plan to ensure the confidentiality, integrity, availability, and protection of PSI’s strategic business resources. Areas of responsibility include information security, audit, privacy, security architecture, compliance, business continuity and disaster recovery planning, physical security, emergency preparedness, identity and access management, incidents and investigations, and education and awareness.
Promoted the importance of security-related concepts, to a broad range of technical and non-technical staff (including responsible use of information, information security, workplace violence, pandemic planning, business continuity/disaster recovery, et al). Successfully performed with communications and awareness training--comfortable presenting to groups of various sizes.
Positions held at PSI prior to current :
Director of Enterprise Security and Risk Management
Business Continuity and Disaster Recovery (BCDR) Director
Business Continuity and Disaster Recovery (BCDR) Manager
2005 : 2011
Policy Studies
VP, Enterprise Security and Risk Management
Created organization-wide Business Continuity policies and worked with key individuals to ensure understanding, consensus and local compliance
Developed AMVESCAP methodologies, guidelines, and toolsets for establishing consistent Business continuity programs at the local level
Organized and facilitated an internal, three-day Business Continuity conference with workshops, speakers, and vendors allowing face-to-face interaction to share in-house knowledge and experience, agreeing on standards
Assessed risks of natural and geographic hazards, workplace violence, terrorism, internal sabotage, et al.
Kept abreast of developing regulatory concerns affecting the business (i.e. NASD 3510/3520, SOX, Basel II)
Created corporate-wide testing including calling tree drills, IT instantiation, tabletops, and relocation.
2003 : 2005
AMVESCAP
Principal
Skills
Agile Methodologies, Analysis, Business Analysis, Business Continuity, Business Continuity Planning, business process improvement, Change Management, CISM, CISSP, Disaster Recovery, Emergency Management, Enterprise Architecture, Governance, Information Security, Information Technology, Integration, Internal Audit, IT Governance, IT Management, IT Security Policies, IT Service Management, IT Strategy, Leadership, Management, PCI DSS, PCI Standards, Penetration Testing, Physical Security, Privacy Law, Process Improvement, Program Management, Project Management, Public Speaking, Requirements Analysis, Risk Assessment, Risk Management, Sarbanes-Oxley Act, SDLC, Security, Security Architecture Design, Security Audits, Strategic Planning, Team Building, Team Leadership, Testing, Vendor Management, Security Architecture
About
Accomplished leader in Information Technology and Information Security. Known for relationship building and service delivery. Willing and eager to take on new endeavors. Highly skilled in handling a range of diverse and complex initiatives. Regarded as exceptional in managing enterprise-wide incident and crisis situations. Currently holds the following certifications: CDPSE, CISSP, CCSP, CIPP, CISA, CRISC, CISM, CBCP.
2023 CISOs Connect CISO Board
2022 Winner CISOs Connect Top 100 CISOs in North America
Finalist for the 2022 CTA APEX CISO of the Year Award
Graduate of the CBCA Leadership of the Arts program (2021-2022)
Recipient of Colorado=Security 2020 CISO Award - CISO to the Rescue
Profile Photo
