Information Security Run as a 'Service' Internally
8:30am - 9:15am
Description: Why does Information Security always need to be seen as a business inhibitor, producing toll gate after toll gate? Do you find your team is constantly caught in a fight with your business regarding ongoing rule changes, limited responsiveness, and mis-understandings? This session will look at how Information Security can be run as a ‘service’ with defined service level agreements, and repeatable process, all focused on strengthening the value add of information security to business.
John Graham is the Vice President of Global Information Assurance and Risk, with the First Data Corporation and represents First Data on the Payment Card Industry (PCI) Standard Council Board as a member of the board of Advisors. John has an extensive background as an Information Assurance executive with experience in strategy, design and implementation of solutions, which provide governance in Enterprise Risk Management, IT Risk Management, Security, Privacy, Compliance, and Business Continuity. Prior to joining First Data, he has provided technology transformation consulting, executed global programs for a fortune 50 technology enterprise, as well as, several global service providers, large scale acquisitions, and business partners in technology, communications, healthcare, and financial industries. This is to include oversight and implementation of the Payment Card Industry Standard (PCI), ISO 27001 certification and governance of companies in the US, European Union, India, and South America. He has a complex technical background including Enterprise Architecture, Cloud Computing, Networking, IPS, relational database, and Unix. He prides himself on balancing business need with control, through understanding both business & technology constructs.