Alistair Thompson

• Over 25 years of progressive management, audit, team leadership and systems integration experience encompassing Information Security, IT and business systems applications initiatives. Managed technical teams for mid-to-large-sized, full-lifecycle, application development projects in multinational/multi-tiered institutional, business-to-business and consumer service sectors. 

• An experienced Senior Information Security auditor and senior compliance manager, providing out of the box pragmatic thinking to develop security solutions and designs which comply with industry and government requirements. Possesses a skillset to meet the needs of satisfying business unit project teams and corporate governance in, among other areas, financial crime and the payment card industry(PCI). 

• Acted as a senior technical team lead providing first, second and third tier technical support (hardware/software). This encompassed the management of project plans, schedules, staffing, and security and audit provisions of bank-wide servers which met and/or exceeded the requirements of the Sarbanes-Oxley Act. 

• A skilled technical manager and troubleshooter who demonstrates proactive approaches to solving complex systems initiatives and applications. Has the ability to implement key performance measures, assess and deliver high quality standards and manage operational objectives and multidisciplinary technical teams while evaluating progress and productivity levels.

With over 25 years of pioneering leadership in Information Security, IT, and business systems integration, I excel in developing robust security solutions that blend compliance with creativity. My expertise lies in managing full-lifecycle application development projects, steering technical teams across multinational sectors, and delivering high-impact solutions in financial crime prevention and PCI compliance.

Professional Highlights

Strategic Innovator: Spearheaded security architectures and policies that exceed regulatory requirements while supporting business agility. Recognized for devising pragmatic, out-of-the-box security designs that align with both industry standards and unique business needs.

Technical Maestro: As a Senior Manager at MNP Digital, I led comprehensive IT risk assessments and PCI-DSS compliance projects. I translated complex security findings into actionable insights, making security accessible to all client stakeholders.

Compliance Champion: At Rogers Communications, I orchestrated a company-wide PCI compliance strategy, ensuring adherence to the latest PCI-DSS standards. I initiated mock breach exercises and vendor compliance checks, solidifying the company's defense mechanisms.

Consulting Virtuoso: Delivered tailored security consulting services at Trustwave and NCI, including threat and risk assessments, penetration testing, and security architecture reviews. My client-centric approach ensured deliverables were insightful, clear, and practical.

Leadership Excellence: Directed technical teams at the Bank of Montreal, driving projects that navigated the complexities of Sarbanes-Oxley compliance. Developed innovative training programs to elevate security awareness and capabilities across the organization.

Continuous Improver: Committed to ongoing professional development, with certifications in CISSP, CISA, and QSA, alongside advanced skills in cloud technologies (AWS, GCP, Azure) and virtualization (VMWare, HyperV).

Noteworthy Projects

PCI Compliance Transformation: At Rogers Communications, led a cross-functional team to achieve PCI-DSS Version 3.2 compliance, integrating a control library and executing comprehensive incident response simulations.

Risk Mitigation Strategies: At the Bank of Montreal, implemented an enterprise-wide risk assessment framework, integrating GLBA, SOX, and PCI standards to fortify the bank's security posture during acquisitions and vendor engagements.

Cutting-edge Cloud Security: At MNP Digital, conducted advanced IT security audits and developed robust security architectures, leveraging the latest in cloud computing and containerization technologies to optimize client environments.

Technical Proficiencies

• Cloud Platforms: AWS, Google GCP, Azure
• Virtualization: VMWare, HyperV
• Networking: TCP/IP, IPX/SPX, LAN/WAN
• Programming: C#, HTML, JavaScript, C++, Oracle PL/SQL
• Operating Systems: Windows Server 2008-2022, AIX, Sun Sparc/Intel
• Security Tools: Penetration Testing, Secure Code Review, Vulnerability Assessments
• Methodologies: SSADM, RAD, CASE, Project Management

• Bachelor of Science in Computing, The Robert Gordon University, Aberdeen
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Qualified Security Assessor (QSA)
• Microsoft Certified Systems Engineer (MCSE)
• Certified Ethical Hacker (CEH)