Orvin is an Information Security Consultant with extensive experience in Information Security, and over 17 years in the IT industry. With a breadth of technology skills, including networks, operating systems, databases and application development, Orvin has provided services in various industry sectors such as credit unions, oil and gas, transportation, brokerage firms, provincial agencies, utilities, health care, and municipal government.
Professional Experience Summary
Orvin Consulting Inc., 2009 – Present
An independent information security consultant, providing consulting services on information security management, governance, business processes and compliance.
Projects that Orvin has worked on include:
- Developing and implementing privacy and security programs for provincial health profession regulators, including the migration of systems to a cloud computing environment, deployment of mobile device management policies and systems, PCI compliance by eliminating cardholder data, and changing contracting processes for external contractors and vendors.
- Developing a governance model for a cloud computing environment shared between organizations in the health care sector.
- Representing a provincial health profession regulator on the British Columbia Ministry of Health Data Stewardship Committee. The Committee manages the disclosure of health information for planning or research purposes from provincial Health Information Banks and Ministry of Health databases.
- Information security policy and standards redevelopment projects for a national transportation company, incorporating ISO 27002 (2005 version), PCI DSS 2.0 and 3.0, and OECD Privacy Guidelines.
- Interac cryptographic key management for a Canadian financial institution.
- PCI Data Security Standard implementation project for a financial institution, which included the tokenization of cardholder data, and aligning their policies to the PCI DSS and ISO 27002.
- Web application risk assessment for a health care funding agency.
Senior Manager, Grant Thornton LLP, Vancouver BC office, 2004 – 2009Worked as an information security manager and consultant in Grant Thornton′s Business Risk Services group, including managing client engagements as well as individually delivered services on projects.
- Provided IT security and auditing services to clients in industries such as financial services, brokerage firms, health authorities, utility companies and municipal governments. Managed project teams of up to 8 people as well as individually delivered services on projects.
- Coordinated the national launch of Grant Thornton′s services as a Qualified Security Assessor (QSA) for the Payment Card Industry (PCI) Data Security Standard.
- Chaired Grant Thornton′s national CICA Section 5970 / SAS 70 working group
- Qualified as a Security Consultant on the BC Provincial Government′s List of Qualified Suppliers for Information Management/Information Technology (IM/IT) initiatives.
Co-founder & CTO, Navarik Corporation, Vancouver BC, 2000 – 2004
Co-founded this application service provider and systems development company for the marine bulk shipping industry, developing products for various parties in the marine shipping market, such as cargo shippers, vessel owners and shipping agencies.
- Grew the company from its initial start to 17 people without any major external financing. Supervised a team of 7 web developers to develop web-based software systems.
- Established the overall technical design and infrastructure for systems as Chief Technology Officer. Negotiated technical requirements and legal contracts with vendors for production infrastructure (web hosting, firewalls and other security, network connectivity and DNS from various providers). This infrastructure passed security vetting from the Shell International Trading and Shipping Company (STASCO).
Service Architect, Telus Advanced Communications, Burnaby BC, 1998 – 2000
Worked in the Strategic Services Development team to design, develop and document business-oriented and consumer-oriented services.
- Designed components of the network infrastructure and built test networks for Telus′s first version of the ADSL network, and acted as a technical troubleshooter for integration issues.
Analyst, Accenture, Vancouver BC office, 1996 – 1998
Certified Information Systems Security Professional (CISSP®) designation, (ISC)², July 2004
Certified Information Security Manager (CISM®) certification, Information Systems Audit and Control Association (ISACA), May 2011
SABSA Chartered Architect at Foundation Level (SCF) certification, SABSA Institute, June 2012
Certified Payment Industry Security Manager (CPISM) certification, Society of Payment Security Professionals, December 2009
Certified in Risk and Information Systems Control (CRISC™) certification, Information Systems Audit and Control Association (ISACA), May 2011
Master of Science in Advanced Technology Management, University of B.C., May 1996 (Combination of Master of Computer Science and MBA degrees)
Honours Bachelor of Science in Computer Science, University of B.C., May 1994 (Networks and communications specialization)