I’m looking to lead enterprise security governance that links cyber risk and privacy to business outcomes, building high-performing teams. I want to drive cyber resilience, executive-grade reporting, and safe AI governance with pragmatic, measurable controls.
Looking for a job
Carl-John Pyne
@carl-johnpyne
Collaborative security executive architecting cybersecurity and data protection strategies aligned with business objectives and high-performing teams.
CanadaWhat I'm looking for
I’m a security and privacy leader with an accomplished career in enterprise GRC, cyber risk management, and multi-jurisdictional privacy compliance. I build and modernize security programs that translate risk into clear, executive-ready actions aligned to business objectives.
Most recently, I served as Data Protection Officer & Director, Cybersecurity Governance at TC Transcontinental, reporting directly to the CIO. I designed executive cyber crisis management frameworks and contingency communications, transformed a GRC team into a peak-performing function, and reduced phishing susceptibility for 5,000+ employees by 90%+.
I also strengthen secure adoption of emerging technology, especially AI, by conducting security architecture reviews and embedding controls for production-bound AI/ML models and platforms. I’ve supported privacy governance aligned to PIPEDA, GDPR, and Law 25, and partnered with Legal to redline cybersecurity and data protection provisions to reduce regulatory and operational risk.
Earlier roles include Senior Information Security Advisor work driving NIST CSF/ISO 27001-aligned security and privacy risk frameworks, management of PCI DSS and ISO-aligned governance, and leadership of provincial-scale information security governance from the ground up. I’m trusted by executive, legal, and compliance stakeholders as a pragmatic advisor for cyber resilience and responsible data stewardship.
Experience
Work history, roles, and key accomplishments
Drove enterprise cybersecurity governance and privacy strategy across a multinational organization, aligning security and data protection programs to business and regulatory priorities as a direct CIO report.
ON
Senior Information Security Advisor
OneSpan
Oct 2019 - Nov 2021 (2 years 1 month)
Led enterprise GRC and cyber risk strategy for a global cybersecurity solutions provider serving major financial institutions. Built business impact analysis using Gartner frameworks and established an integrated cybersecurity and privacy risk management framework aligned to NIST CSF and ISO 27001.
AC
Senior Specialist Cyber Security
Air Canada
Apr 2019 - Oct 2019 (6 months)
Provided enterprise cybersecurity and data protection leadership, serving as the primary IT security advisor for Air Canada's global privacy (GDPR, PIPEDA) and incident response programs. Performed cybersecurity framework due diligence and gap analyses to support corporate mergers and acquisitions.
AI
Security Governance Manager
Aimia Inc
Mar 2018 - Mar 2019 (1 year)
Governed enterprise information security frameworks aligned to NIST CSF, ISO 27001, and PCI DSS for a major Canadian customer loyalty program. Implemented security awareness and incident response readiness, initiated data protection strategy with Microsoft Information Protection, and reduced risk through policy-aligned end-user training.
Managed privacy and security compliance for a medical imaging platform handling sensitive patient data across 300+ U.S. and Canadian healthcare organizations under HIPAA and PIPEDA. Oversaw ISO 27001 and ISO 27018 certification and helped implement SecDevOps in Agile workflows, partnering with AWS to establish secure cloud and SaaS controls.
Built provincial-scale information security governance from the ground up for the New Brunswick Department of Education (~40,000 users). Established a province-wide security program aligned to ISO 27001, COBIT, and ITIL, and governed protection of sensitive personal data for minors across public sector entities and third-party programs.
Education
Degrees, certifications, and relevant coursework
Carl-John hasn't added their education
Don't worry, there are 90k+ talented remote workers on Himalayas
Tech stack
Software and tools used professionally
Availability
Looking for a job
Location
CanadaAuthorized to work in
Social media
Job categories
Skills
RemoteCybersecurity Strategy & TransformationsData ProtectionGovernance Risk and Compliance (GRC)Cyber Risk ManagementBoard ReportingRegulatory ComplianceTalent DevelopmentGovernance (Responsible AIEmerging RisksExecutive Cyber Crisis ManagementIncident ResponseCyber ResilienceNIST CSFISO 27001COBITITILPCI DSSPIPEDAGDPRLaw 25Business Impact Analysis (BIA)SecDevOpsAgile WorkflowsAWSSaaS SecuritySecurity Design ReviewsPhishingChatGptEnhanceGmailGuardRails
Interested in hiring Carl-John?
You can contact Carl-John and 90k+ other talented remote workers on Himalayas.
Message Carl-JohnFind your dream job
Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!
