Stephen D. Dake
Cambridge, WI • stephen.dake@gmail.com • (608) 354-3036 • stephendake.us
linkedin.com/in/stephendake • CISSP, CISM
linkedin.com/in/stephendake • CISSP, CISM
Summary
Cybersecurity and Risk Executive with over 22 years of hands-on and leadership experience helping SMBs, startups, and enterprises protect critical assets, meet compliance goals, and mature their security posture. Proven expertise in audit remediation, control uplift projects, security program development, vulnerability management, and aligning with frameworks such as ISO 27001, SOC 2, HIPAA, NIST, and GDPR. Trusted consultant and former CISO with deep experience in regulated industries including finance, healthcare, energy, and SaaS.
Core Skills
- Security Control Uplift & Implementation
- Risk Assessment & Gap Analysis
- Audit Readiness (SOC 2, ISO, HIPAA)
- Governance, Risk & Compliance (GRC)
- Remote Team Leadership
- Vendor Risk Management
- Policy & Program Development
- Security Architecture
- Due Diligence & Integration Support
- Incident Response & Vulnerability Management
- Red & Blue Team Strategy
- Fractional CISO Services
Professional Experience
Stephen Dake Consulting, LLC – Remote
Principal Security Consultant (2014–Present)- Delivering strategic and technical security consulting to small and mid-sized businesses.
- Engage in fractional CISO roles, lead audit remediation and risk management projects, and provide hands-on support for maturing security programs.
- Partnered with clients to address security audit findings and prepare for compliance with SOC 2, ISO 27001, HIPAA, and NIST CSF.
- Led multiple control uplift and policy development projects, streamlining compliance readiness and improving resilience.
- Advised on secure integration and post-acquisition control harmonization for acquired SMBs and tech startups.
JP Morgan Chase (FROSCH International Travel) – Remote
Executive Director, Cybersecurity Risk & Compliance (2022–2025)- Built and led the entire security, privacy, governance, and risk program during the transition from privately held SaaS travel company to a JPMorgan-acquired enterprise.
- Oversaw SOC 2 Type 2 certification, control uplift initiatives, and risk strategy alignment with ISO, NIST, and Chase standards.
- Directed control assessment, red team, vulnerability management, incident response, and vendor risk teams.
- Delivered due diligence, audit response, and post-merger integration of cybersecurity operations.
Madison Gas & Electric – Remote
Director of Information Security & Risk (2018–2022)- Led cybersecurity strategy and compliance across critical infrastructure.
- Maintained alignment with NERC-CIP and PCI.
- Strengthened security posture with new control sets and enhanced monitoring, vulnerability management, and incident response maturity.
American Family Insurance – Sun Prairie, WI
Director of Cybersecurity Engineering & Architecture (2015–2017)- Managed a 27-person engineering team.
- Implemented technical improvements, reduced outages, enhanced vulnerability management, and led security strategy for infrastructure and services.
QBE – Sun Prairie, WI
VP of Information Security (2013–2015)- Led engineering, architecture, operations, and risk teams.
- Supported M&A and risk and vulnerability mitigation strategy at the enterprise level.