Robert Vaile

Chief Information Security Officer (CISO) at SUBSCRIBE

SUBSCRIBE

Apr 2024 – Present(2 yrs 1 mo)

SUBSCRIBE is enabling the digital transformation of alternative investments with the leading operating system for alternative product transactions. I provide cyber security leadership and coordinate continual improvement of the security posture for the organization.

Fractional CISO

Sensical Cyber ltd · United States

Oct 2022 – Present(3 yrs 7 mos)

Leveraging over 30 years of cyber security experience, I provide fractional CISO services and related consulting to organizations seeking to mature their cyber security defenses, and build cyber security strategy.

Board Member

OhioGuidestone

Jun 2021 – Present(4 yrs 11 mos)

I serve as a member of the Board of Directors for OhioGuidestone, a leading nonprofit organization committed to providing pathways to growth, achievement, and lifelong success for individuals and families across Ohio. In this role, I actively contribute to the organization's strategic direction and operational excellence, and actively participate on board committees in support of OhioGuidestone's mission.

Chief Information Security Officer (CISO)

Grange Insurance · Columbus, Ohio Metropolitan Area

May 2020 – Oct 2022(2 yrs 6 mos)

• As Grange’s first Chief Information Security Officer, matured Cyber Security Engineering and Operations and expanded the breadth of the information security function to include Cyber Security Governance, IT Risk and Compliance (GRC) functions, and migrated vision to customer service focus • Developed comprehensive Cyber Security Strategy based on key cyber risks to the organization, and sponsored strategic initiatives to remediate those risks • Built relationships with senior business leaders, the audit committee, and Board members to coordinate with business units on enterprise cyber security topics • Coordinated response to state and federal cyber security mandates, compliance reporting requirements, and active cyber security incidents.

CISO/Regional Director

GuidePoint Security · Herndon, Virginia, United States

Aug 2017 – Jul 2019(2 yrs)

Performed key roles within GuidePoint in preparation for spin-out of and capital infusion into GuidePoint's managed security services into the separate entity deepwatch, LLC. • As managed services CISO, provided advocacy and sought feedback from customers and prospective customers on industry needs and technology stack • As Director of Product Development, brought together key partners to integrate advanced technologies into comprehensive managed services offerings • As Regional Director for deepwatch, sold nearly 100 new customers on managed services solution to increase managed services industry valuation nearly $50M in 18 months

Leadership Partner, Security & Risk Management

Gartner · Stamford, CT

Jan 2016 – Jul 2017(1 yr 7 mos)

Advised enterprise security and risk management leaders across North America on new research and leading practices on cybersecurity strategy and enterprise technologies. • Assisted CISOs with development of enterprise security strategies and the ability to communicate those strategies to senior management and boards of directors • Consulted security leaders on overcoming challenges based on organizational characteristics and capability context, and customized the application of Gartner research to achieve individualized efficiencies and successful implementations.

Chief Information Security Officer

Kansas State University · Manhattan, Kansas

Oct 2012 – Sep 2015(3 yrs)

As University's Chief Information Security Officer, rebuilt core enterprise security functions. Took on additional role to direct data center infrastructure based on extensive enterprise information technology experience. • Participated on State Security Council and key member of State Security Policy Working Group which wrote new security policy for entire State • Overhauled data center infrastructure with converged technology infrastructure, streamlined operations, data center security and monitoring, and network architecture • Led effort to build new data classification and security architecture for the University in order to protect confidential data and protect against attacks

Director of Information Risk & Compliance

Consumers Energy · Jackson, Michigan Area

2011 – 2012(1 yr)

Built new Risk & Compliance program within Information Technology organization. - Implemented Risk Management Council and supporting processes to share, assess, and recommend appropriate mitigations of IT Risks facing enterprise. - Overhauled IT operational processes in order to enable international outsourcing relationship, move organization toward CMMI Level 3 objectives and address regulatory compliance trouble areas for IT organization. - Overtook leadership of troubled Project Management Office - Implemented new project management methodology together with project governance and demand management processes to ensure transparency and accountability to internal business partners for $79M project portfolio.

Manager, Security & Privacy Services

Deloitte & Touche, LLP · San Francisco, CA and Dallas, TX

2008 – 2011(3 yrs)

Assisted Deloitte clients in critical industries to achieve compliance with security, privacy and risk objectives. Representative activities included the following: - Assisted federal and investor owned utilities to build secure architectures and corporate risk management processes in support of critical infrastructure initiatives, to achieve federal regulatory compliance. - For large financial services company, conducted IT risk process investigations against COSO framework (used for SAS-70 and SOX audits) and security compliance audits against legal and regulatory requirements such as PCI-DSS, GLBA, and FFIEC standards.

Corporate Information Security Manager

Idacorp/Idaho Power · Boise, Idaho

2002 – 2004(2 yrs)

Reporting to CEO, built and managed first Corporate Information Security and Compliance organization for the regulated power utility to bring organization into compliance with security, privacy, and risk mandates including NERC standards, Sarbanes-Oxley Act, SB 1386, HIPAA, etc. - Created and implemented comprehensive security policies and compliance standards based on international guidelines (ISO/IEC 17799), regulatory standards (FERC and NERC security) and federal best practices (NIST/ FIPS) in diverse enterprise infrastructure. - Designed and instituted risk analysis processes, business continuity/disaster recovery planning, corporate incident management, vulnerability monitoring, security architecture and engineering, and training/awareness programs.

Information Security Consultant

Information Security Consultant · Dallas, Texas area

2000 – 2002(2 yrs)

- Provided information security, privacy, risk and compliance consulting including policy & business process recommendations and organizational design. - Conducted corporate security audits, electronic asset identification, policy review, and network perimeter assessment for large national media corporation.

Information Security Domain Expert

UBS Warburg Dillon Read · New York, London, Zurich

1996 – 2000(4 yrs)

- Managed new regional information protection organization in Switzerland which provided information security operations and internal consulting. - Provided internal security consulting to business units offering services and protecting client data - Led global system implementation of innovative remote security system enabling secure global roaming and support of worldwide IT infrastructure.

Information Security Engineer

SAIC - Global Integrity · McLean, Virgina

1996 – 1998(2 yrs)