• Questions to Ask
• Information Security Services
• About Orvin Consulting   
  • Experience
  • Biography
  • Credentials
• Contact

Biography

Orvin is an Information Security Consultant with extensive experience in Information Security, and over 15 years in the IT industry.  With a breadth of technology skills, including networks, operating systems, databases and application development, Orvin has provided services in various industry sectors such as credit unions, oil and gas, transportation, brokerage firms, provincial agencies, utilities, health care, and municipal government.

Professional Experience Summary

Orvin Consulting Inc., 2009 – Present

An independent information security consultant, providing consulting services on information security management, governance, business processes and compliance.

Projects that Orvin has worked on include:

• Interac cryptographic key management for a Canadian financial institution.
• Information security policy and standards redevelopment project for a national transportation company, incorporating ISO 27002, PCI DSS 2.0 and OECD Privacy Guidelines.
• PCI Data Security Standard implementation project for a financial institution, which included the tokenization of cardholder data, and aligning their policies to the PCI DSS and ISO 27002.
• Development of a privacy policy and terms of use for the web portal of a university department processing health and patient data.
• Web application risk assessment for a health care funding agency.

Senior Manager, Grant Thornton LLP, Vancouver BC office, 2004 – 2009

Worked as an information security manager and consultant in Grant Thornton′s Business Risk Services group, including managing client engagements as well as individually delivered services on projects.

• Provided IT security and auditing services to clients in industries such as financial services, brokerage firms, health authorities, utility companies and municipal governments.  Managed project teams of up to 8 people as well as individually delivered services on projects.
• Coordinated the national launch of Grant Thornton′s services as a Qualified Security Assessor (QSA) for the Payment Card Industry (PCI) Data Security Standard.
• Chaired Grant Thornton′s national CICA Section 5970 / SAS 70 working group
• Qualified as a Security Consultant on the BC Provincial Government′s List of Qualified Suppliers for Information Management/Information Technology (IM/IT) initiatives.

Co-founder & CTO, Navarik Corporation, Vancouver BC, 2000 – 2004

Co-founded this application service provider and systems development company for the marine bulk shipping industry, developing products for various parties in the marine shipping market, such as cargo shippers, vessel owners and shipping agencies.

• Grew the company from its initial start to 17 people without any major external financing. Supervised a team of 7 web developers to develop web-based software systems.
• Established the overall technical design and infrastructure for systems as Chief Technology Officer.  Negotiated technical requirements and legal contracts with vendors for production infrastructure (web hosting, firewalls and other security, network connectivity and DNS from various providers).  This infrastructure passed security vetting from the Shell International Trading and Shipping Company (STASCO).

Service Architect, Telus Advanced Communications, Burnaby BC, 1998 – 2000

Worked in the Strategic Services Development team to design, develop and document business-oriented and consumer-oriented services.

• Designed components of the network infrastructure and built test networks for Telus′s first version of the ADSL network, and acted as a technical troubleshooter for integration issues.

Analyst, Accenture, Vancouver BC office, 1996 – 1998

Education

Certified Information Systems Security Professional (CISSP®) designation, (ISC)², July 2004

Certified Information Security Manager (CISM®) certification, Information Systems Audit and Control Association (ISACA), May 2011

SABSA Chartered Architect at Foundation Level (SCF) certification, SABSA Institute, June 2012

Certified Payment Industry Security Manager (CPISM) certification, Society of Payment Security Professionals, December 2009

Certified in Risk and Information Systems Control (CRISC™) certification, Information Systems Audit and Control Association (ISACA), May 2011

Master of Science in Advanced Technology Management, University of B.C., May 1996  (Combination of Master of Computer Science and MBA degrees)

Honours Bachelor of Science in Computer Science, University of B.C., May 1994  (Networks and communications specialization)