Biography

Orvin is an Information Security Consultant with extensive experience in Information Security, and over 17 years in the IT industry.  With a breadth of technology skills, including networks, operating systems, databases and application development, Orvin has provided services in various industry sectors such as credit unions, oil and gas, transportation, brokerage firms, provincial agencies, utilities, health care, and municipal government.

Professional Experience Summary

Orvin Consulting Inc., 2009 – Present

An independent information security consultant, providing consulting services on information security management, governance, business processes and compliance.

Projects that Orvin has worked on include:

  • Developing and implementing privacy and security programs for provincial health profession regulators, including the migration of systems to a cloud computing environment, deployment of mobile device management policies and systems, PCI compliance by eliminating cardholder data, and changing contracting processes for external contractors and vendors.
  • Developing a governance model for a cloud computing environment shared between organizations in the health care sector.
  • Representing a provincial health profession regulator on the British Columbia Ministry of Health Data Stewardship Committee. The Committee manages the disclosure of health information for planning or research purposes from provincial Health Information Banks and Ministry of Health databases.
  • Information security policy and standards redevelopment projects for a national transportation company, incorporating ISO 27002 (2005 version), PCI DSS 2.0 and 3.0, and OECD Privacy Guidelines.
  • Interac cryptographic key management for a Canadian financial institution.
  • PCI Data Security Standard implementation project for a financial institution, which included the tokenization of cardholder data, and aligning their policies to the PCI DSS and ISO 27002.
  • Development of a privacy policy and terms of use for the web portal of a university department processing health and patient data.
  • Web application risk assessment for a health care funding agency.

Senior Manager, Grant Thornton LLP, Vancouver BC office, 2004 – 2009

Worked as an information security manager and consultant in Grant Thornton′s Business Risk Services group, including managing client engagements as well as individually delivered services on projects.
  • Provided IT security and auditing services to clients in industries such as financial services, brokerage firms, health authorities, utility companies and municipal governments.  Managed project teams of up to 8 people as well as individually delivered services on projects.
  • Coordinated the national launch of Grant Thornton′s services as a Qualified Security Assessor (QSA) for the Payment Card Industry (PCI) Data Security Standard.
  • Chaired Grant Thornton′s national CICA Section 5970 / SAS 70 working group
  • Qualified as a Security Consultant on the BC Provincial Government′s List of Qualified Suppliers for Information Management/Information Technology (IM/IT) initiatives.

Co-founder & CTO, Navarik Corporation, Vancouver BC, 2000 – 2004

Co-founded this application service provider and systems development company for the marine bulk shipping industry, developing products for various parties in the marine shipping market, such as cargo shippers, vessel owners and shipping agencies.

  • Grew the company from its initial start to 17 people without any major external financing. Supervised a team of 7 web developers to develop web-based software systems.
  • Established the overall technical design and infrastructure for systems as Chief Technology Officer.  Negotiated technical requirements and legal contracts with vendors for production infrastructure (web hosting, firewalls and other security, network connectivity and DNS from various providers).  This infrastructure passed security vetting from the Shell International Trading and Shipping Company (STASCO).

Service Architect, Telus Advanced Communications, Burnaby BC, 1998 – 2000

Worked in the Strategic Services Development team to design, develop and document business-oriented and consumer-oriented services.

  • Designed components of the network infrastructure and built test networks for Telus′s first version of the ADSL network, and acted as a technical troubleshooter for integration issues.

Analyst, Accenture, Vancouver BC office, 1996 – 1998

Professional community activities

President, (ISC)² Vancouver Chapter and Vancouver Security Special Interest Group, September 2013-present

Member, British Columbia Ministry of Health Data Stewardship Committee, September 2013-present

Vice-President / Membership Chair, (ISC)² Vancouver Chapter and Vancouver Security Special Interest Group, September 2012-September 2013

Board Member, (ISC)² ISMS Users Group of British Columbia, April 2008-January 2013

Vice-President / Secretary, ISSA Vancouver Chapter, August 2004-September 2006

Education

Certified Information Systems Security Professional (CISSP®) designation, (ISC)², July 2004

Certified Information Security Manager (CISM®) certification, Information Systems Audit and Control Association (ISACA), May 2011

SABSA Chartered Architect at Foundation Level (SCF) certification, SABSA Institute, June 2012

Certified Payment Industry Security Manager (CPISM) certification, Society of Payment Security Professionals, December 2009

Certified in Risk and Information Systems Control (CRISC™) certification, Information Systems Audit and Control Association (ISACA), May 2011

Master of Science in Advanced Technology Management, University of B.C., May 1996  (Combination of Master of Computer Science and MBA degrees)

Honours Bachelor of Science in Computer Science, University of B.C., May 1994  (Networks and communications specialization)