Stefano Di Marco

Strategic Cybersecurity leader with 15+ years leading enterprise technology, Cybersecurity, and service delivery across regulated public and private sector environments. Demonstrated capacity to drive and scale Cybersecurity capabilities within SaaS and Cloud Native organizations enabling business objectives while managing risk.

Proven

Cybersecurity leader in building, owning and maturing enterprise security programs, aligning Cybersecurity risk to business strategy, and delivering measurable improvements in resilience, compliance, and operational integrity.

Vice President Cybersecurity Service Delivery and Client Success at ThreatIQ Inc (2021-12 – Present)

Previously Head of Global Service Delivery. Owned and scaled security compliance programs across SaaS and Cloud Native client environments. Accountable for developing and delivering Cybersecurity strategies and roadmaps for clients. Operated as a technology executive across client organizations providing strategic IT leadership.

• Owned and scaled security compliance programs across SaaS and Cloud Native client environments, identifying gaps, assissting with remediation strategies and ensuring continuous compliance to ISO, PCI, SOC2 frameworks
• Accountable for developing and delivering Cybersecurity strategies and roadmaps for clients to support compliance, cybersecurity and risk management objectives
• Operated as a technology executive across client organizations, providing strategic IT leadership across infrastructure, security, and service delivery functions — partnering with C-suite stakeholders to align technology capability with business strategy and operational objectives
• Partnered with Engineering and Product to implement a risk-based vulnerability management program, enabling prioritized remediation aligned to business impact, achieving SOC and PCI compliance objectives, and measurably reducing risk across the environment
• Provided cybersecurity leadership to clients undergoing organizational and technology transformation, driving changes to operating models, engineering practices, and secure architecture standards to enable scalable business growth within DevSecOps and startup environments
• Delivered vCISO advisory services for organizations across multiple industries, partnering with executive stakeholders to drive cybersecurity transformation initiatives, mature security programs, and improve overall security maturity by 35% within 18 months
• Responsible for board advisory and reporting on cybersecurity posture and risk and risk appetite for client organizations in highly regulated environments
• Established AI cybersecurity professional service, delivering AI risk assessments, AI readiness assessments and assisting clients with understanding and quantifying the risk of third party AI vendors
• Owned the P&L and operating budget for a global professional services division, driving financial performance, operational efficiency, and scalable service delivery across distributed teams

Head of Information Security and Manager Security and Identity at Ottawa Carleton District School Board (2020-10 – 2021-12)

• Owned the enterprise cybersecurity and IT risk function, aligning technology initiatives with organizational risk tolerance, promoting and influencing risk based decision making
• Championed the enterprise Third-Party Risk Management program integrated into procurement and vendor governance processes, improving oversight of external service providers
• Directed budget allocation and resource prioritization across key cybersecurity initiatives, prioritizing vulnerabilities through risk and threat modelling resulting in a reduction of 35%, strengthening student safety through risk-informed investment decisions
• Influenced organizational culture to embed security and operational accountability into daily practices for improving alignment between Architecture and Engineering teams

Senior Manager Cybersecurity Incident Response Team at TD Canada Trust (2020-04 – 2020-10)

• Deployed to drive transformation of global incident response to a Fusion Centre operating model, increasing executive visibility, reducing enterprise operational risk, and ensuring measurable value to the bank
• Owned the modernization of incident response capability, aligning detection and containment processes to the NIST incident handling framework, enhancing Fusion Centre coordination and achieving target-state maturity within the bank's incident management domain
• Accountable for the remediation of internal and regulatory audit findings relating to CSIRT, translating findings into actionable remediation plans, tracking progress against SLAs, and ensuring timely closure to meet regulatory expectations and sustain continuous compliance
• Facilitated a new operating model and organizational structure to assign accountability for key cybersecurity capabilities, driving enterprise transformation and mitigating risk across the bank

Manager Cybersecurity at Ontario Cannabis Store (2019-10 – 2020-04)

• Engaged to spearhead RFP processes to select key cybersecurity and technology partners, ensuring alignment with roadmap and operational objectives
• Developed and executed a cybersecurity roadmap aligned to NIST and CSA cloud security frameworks, guiding cloud-native adoption of enterprise security controls while reducing risk, enabling shopper experience, and streamlining operations across internal and third-party teams
• Partnered with the CIO to prioritize and sequence cybersecurity investments, aligning spend to risk management and enabling business outcomes
• Defined and implemented modern security architecture across cloud, identity, endpoint, and detection domains (Zero Trust, IAM, EDR/XDR, SIEM)

Manager IT Security Operations at Workplace Safety and Insurance Board (2016-10 – 2019-10)

• Standardized and matured security operations capabilities by formalizing an engagement model that clarified when and how peer teams and business stakeholders engaged cybersecurity, strengthening risk management practices and reinforcing a culture of shared security accountability
• Partnered with the Director of Cybersecurity to prioritize and manage investment in high-impact security initiatives, ensuring funding alignment with IT and business transformation objectives while balancing identified risk exposure
• Spearheaded initiatives to address identified risks, refining operational capabilities to provide executive visibility into emerging risk signals and enable more proactive decision-making
• Managed IT security operations within a large public sector organization, overseeing outsourced service delivery, vendor performance, and budget accountability across a complex multi-stakeholder environment

Senior Technology & Cybersecurity Specialist at Ontario Financing Authority (2008-12 – 2016-10)

• Advanced enterprise IT and cybersecurity controls aligned with business and operational objectives, contributing to reduced risk exposure and improved system reliability across enterprise platforms
• Acted as a senior security advisor across the organization, delivering risk-aligned, right-sized solutions that supported business objectives while managing operational and cost constraints
• Influenced enterprise IT and application development teams to embed security, governance, and operational standards into system design and delivery processes

Diploma in Telecommunications Technology – Sheridan College

Certificate in Project Management – University of Guelph