Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Edward Yousfi

South Barrington

Summary

Results-driven leader with over 20 years of experience in IT and Cybersecurity, specializing in the oversight and execution of diverse disciplines within Information Security and IT Governance, Risk, and Compliance (GRC). His expertise spans security strategy, regulatory program management, vendor risk management, identity and access governance, and security policy management.

Overview

26
26
years of professional experience
1
1
Certification

Work History

BISO, Global Head of Third Party Risk Management

Gallagher
04.2018 - Current
  • Transformed the divisional security function by developing and enhancing capabilities in security architecture, policy development, and GRC (Governance, Risk, and Compliance).
  • Designed and implemented a global sourcing model for the cybersecurity function, optimizing resource allocation across offshore, nearshore, and onshore teams resulting in a $5MM annual savings.
  • Enhanced third-party risk management by redesigning the team and process to focus efforts on external data transfers.
  • Revamped compliance processes for SOX, SOC 1/SOC 2, GDPR, and CCPA, optimizing workflows to improve compliance visibility and drive operational efficiencies.
  • Instituted an IT risk assessment process based on the NIST 800-53 controls framework, strengthening the organization's overall risk posture.
  • Led a team of security professionals focused on security operations, GRC, and third-party risk management, improving team efficiency and security outcomes.

Director, IT Security and Governance

Walgreens Boots Alliance
01.2013 - 03.2018
  • Represented Global IT Governance, Risk, and Compliance as a key member of CIO leadership teams for both the Pharmaceutical Wholesale and International Retail business units, driving strategic initiatives.
  • Spearheaded an enterprise-wide GRC technology initiative, overseeing product selection and collaborating with cross-functional teams to evaluate use cases and successfully implement the solution.
  • Developed and implemented an Integrated Controls Framework to streamline IT compliance across multiple regulations and frameworks, ensuring consistent adherence to standards.
  • Led a comprehensive rewrite of the Global IT Policy and Standards, consolidating regional documents and creating a robust process to track and manage policy exceptions.
  • Established and led the SOX Compliance Program, incorporating automated continuous monitoring and detailed testing of key IT controls (General and Application) to ensure compliance and mitigate risks.
  • Drove the initial GDPR compliance response for the Global IT organization, collaborating with Privacy teams to develop and implement the overall compliance program.
  • Built and led a high-performing team of 16 professionals, including employees, contractors, and an offshore managed service provider, to drive IT Compliance and Security Governance functions.

Security Governance Manager

Allstate Insurance
06.1999 - 07.2012
  • Established and led initial Payment Card Industry Data Security Standards (PCI DSS) compliance program identifying potential compliance gaps, facilitating remediation efforts, and providing expert consulting for business and IT initiatives resulting in Allstate achieving early completion of Level 1 Merchant compliant status.
  • Managed the implementation of Allstate’s PCI Scope Reduction project, including the development of a secure payment gateway, as well as the introduction of network segmentation and tokenization to enhance security.
  • Directed the implementation and assessment of Sarbanes-Oxley (SOX) security controls, including security surveillance, user account management, operating system security, and SAP segregation of duties, ensuring compliance with regulatory requirements.
  • Established and led initial Vendor Risk Management program, evaluating the security risks associated with third-party suppliers (both on-shore and off-shore) handling sensitive data, and reviewing their security controls prior to contract acceptance.

Education

MBA - Marketing, Technology Industry Management

Northwestern University
Evanston, IL

Bachelor of Science - Accountancy

Northern Illinois University
Dekalb, IL

Skills

  • Enterprise risk management
  • IT governance
  • Security policy creation
  • Vendor risk management
  • Cybersecurity best practices
  • Strategic planning
  • Team leadership and development
  • Security assurance

Certification

  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Public Accountant (CPA)

Timeline

BISO, Global Head of Third Party Risk Management

Gallagher
04.2018 - Current

Director, IT Security and Governance

Walgreens Boots Alliance
01.2013 - 03.2018

Security Governance Manager

Allstate Insurance
06.1999 - 07.2012
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Public Accountant (CPA)

MBA - Marketing, Technology Industry Management

Northwestern University

Bachelor of Science - Accountancy

Northern Illinois University

Similar Profiles

  • Liza Davidson

    Liza DavidsonLiza Davidson

    Team Leader at GallagherTeam Leader at Gallagher

    View Profile
  • Elizabeth Stillwell

    Elizabeth StillwellElizabeth Stillwell

    Regional VP, HR and Compensation Consulting at GallagherRegional VP, HR and Compensation Consulting at Gallagher

    View Profile
  • Isaiah Montez

    Isaiah MontezIsaiah Montez

    Account Manager II at GallagherAccount Manager II at Gallagher

    View Profile
Edward Yousfi