Jason Grimbeek

With over 20 years of information security experience across many industry sectors and countries. I understand cyber risk from a unique perspective, one that looks at risk and vulnerability yet never loses sight of the realities of business and the capability to address or mitigate real risk versus paper-based risk. Solid experience in security consulting and a strong background in IT and OT auditing, I am known for my ability to translate security vulnerability into risk at the business level, to NIST maturity assessment, IT and OT audits through to reporting cyber program health to the board. The combination of an engineering background with technical IT and control experience has led me to assist many companies in understanding and securing their industrial control systems, from electric utilities, oil & gas to mining, transportation and chemical manufacturing. I am well-known in the industry for building industry-aligned frameworks to manage these unique industrial environments. Key expertise includes: • Industry standards such as NIST 800-53/80/171, ISA 99, NERC CIP, ISO 27000, PCI, CobIT • Cybersecurity program development using industry Frameworks • Cybersecurity health and maturity assessments for both corporate and industrial controls systems • Governance implementation as well as ongoing security program measurement and metrics • Risk and impact assessments • Internal audit cybersecurity assistance • Ability to quickly provide the executive insight into the health of security within their organisation