Stephen Dake Consulting | Affordable Cyber Security and GRC Solutions for SMB
Download Resume
Stephen D. Dake — Cybersecurity & GRC Leader (CISSP, CISM)

Stephen D. Dake

Cybersecurity & GRC Leader • CISSP, CISM

Phone 608-354-3036 Email stephen.dake@gmail.com LinkedIn Profile

Summary

Cybersecurity and GRC leader with deep experience building, scaling, and operating enterprise risk, compliance, security, and governance programs. Proven track record leading security and GRC strategy, third-party risk management, M&A integration, and audit readiness while remaining hands-on and execution-focused. Recognized for driving measurable risk reduction, control maturity, and executive-aligned governance programs across regulated industries.

GRC Leadership and Program Expertise

  • Designed and implemented enterprise GRC programs across financial services, insurance, and critical infrastructure sectors
  • Experience supporting healthcare and health-adjacent environments, including HIPAA/HITECH compliance, healthcare data protection, and regulated privacy programs
  • Extensive experience with NIST SP 800-53 Rev.5, NIST CSF, HIPAA/HITECH, PCI DSS, SOC 2, ISO 27001
  • Author of enterprise security, privacy, risk, and third-party governance policies and procedures
  • Creator and owner of enterprise risk registers, including risk scoring methodologies, treatment plans, and executive reporting
  • Executive-level communicator with experience briefing CISOs, CIOs, legal counsel, compliance, finance, and boards
  • Led implementation and operationalization of enterprise GRC tooling (e.g., ServiceNow GRC, OneTrust) including control mapping, workflow design, evidence management, and executive reporting
  • Proven ability to translate regulatory and framework requirements into actionable, sustainable control programs
  • Recognized thought leader and trusted advisor to executive leadership during M&A, regulatory scrutiny, and audit events
NIST 800-53 r5 NIST CSF HIPAA / HITECH SOC 2 ISO 27001 PCI DSS

Skills Snapshot

Security Program Management • Control Alignment & Testing • Corrective Action Plans • Third-Party Risk (TPRM) • Audit Readiness • Incident Response • Vulnerability Management • Threat Hunting • Security Automation • Executive Reporting • People & Vendor Management

ServiceNow OneTrust Microsoft Sentinel Azure CrowdStrike Qualys Tenable Microsoft Defender

Professional Experience

Stephen Dake Consulting — Security Program Manager

Remote
Jan 2025 – Present
  • Delivered strategic and technical security consulting and GRC with an emphasis on third-party vendor risk assessments and due diligence integration support.
  • Served in program-level roles to lead audit remediation and risk management projects, enhancing secure integration and control harmonization for acquired SMBs and tech startups.
  • Advised clients on security findings, GRC and compliance strategies, aligning to SOC 2 Type 2, ISO 27001, HIPAA, and NIST standards.

Frosch International Travel — Executive Director, GRC and Cyber Security

Remote
Apr 2022 – Jan 2025

Built and executed an enterprise Governance, Risk, Security and Compliance (GRC) program from the ground up during the acquisition of FROSCH International Travel by JP Morgan Chase. Led strategy, framework selection, policy development, risk management, audit readiness, and third-party risk programs to align a privately held SaaS organization with large-enterprise financial services control expectations.

  • Established foundational GRC strategy via enterprise security and compliance gap assessment against NIST, ISO 27001, SOC 2, HIPAA, and JP Morgan Chase control requirements.
  • Defined program scope, control objectives, and governance structure with ownership models across IT, Legal, Privacy, HR, Finance, and Engineering.
  • Designed and implemented a risk register (inherent/residual risk, treatment plans, executive acceptance workflows).
  • Defined and reported GRC metrics/KPIs for executive leadership (risk posture, control maturity, audit status, remediation progress).
  • Authored and operationalized enterprise security, privacy, and risk policies/standards/procedures for audit, regulatory, and contractual obligations.
  • Built a formal TPRM program (vendor tiering, assessments, remediation tracking, executive reporting).
  • Led SOC 2 Type II readiness and certification as executive owner for evidence collection, auditor engagement, and corrective action plans.
  • Established recurring GRC operations: control testing cadence, risk review cycles, audit response playbooks, executive reporting.
  • Served as primary liaison for internal audit, external auditors, regulators, and JP Morgan Chase oversight teams.

Madison Gas & Electric — Director, Risk Governance and Compliance

Remote
Sep 2018 – Apr 2022
  • Led enterprise cybersecurity risk management and governance for regulated critical infrastructure environments.
  • Owned compliance alignment with NERC-CIP, PCI DSS, and internal risk frameworks.
  • Directed risk assessments and control testing across IT and OT environments; built and maintained a risk register for gaps and remediation.
  • Improved audit readiness and incident response maturity through structured control improvements and governance processes.
  • Supported cloud-forward security governance initiatives in Microsoft Azure environments.

American Family Insurance — Sr. Manager, Security Architecture Engineering

Madison, WI
Jun 2015 – Aug 2017

Accountable for large security engineering and architecture teams; managed major security projects, implementations, incident response, vendor risk reviews, security testing, event monitoring, PKI environment, budgets, IAM/MFA, staffing, and reduction in outages from aging infrastructure.

QBE Insurance — VP Security, North America

Sun Prairie, WI
Oct 2013 – Jun 2015

Led engineering, architecture, operations, and risk teams; supported M&A and enterprise risk/vulnerability mitigation strategy; partnered with subsidiaries to meet security standards and GRC goals.

SSM Health Dean — Senior Security Consultant (contract)

Middleton, WI
May 2013 – Oct 2013

Partnered with CISO/CIO to prepare for ACA-related compliance for State Health Exchange aligned with MARS-E, HITECH, HIPAA, and NIST; managed security team, authored policies, guided remediation; assisted ServiceNow implementation for security/run books.

Wisconsin Association Trust — Director Security Officer (CISO)

Madison, WI
Apr 2007 – May 2013

Built a security program aligned with NIST/HIPAA; performed hands-on security work including pentesting, log analysis, SIEM implementation/management, vulnerability scanning, patching/remediation, project review, and incident response.

Blue Cross Noridian — Security Consultant (contract)

Fargo, ND
Nov 2005 – Apr 2007

Led vulnerability assessments, DISA compliance testing/remediation, database security, file integrity, encryption module compliance (FIPS 140-2) and NIST-aligned corrective action plans; worked across Linux/Windows and security tooling.

State Farm Insurance — Security Engineer

Bloomington, IL
Apr 2002 – Nov 2005

Worked across cryptography, web application security, pentesting, and threat hunting; contributed to enterprise projects at scale; supported testing and security tools and documentation; training from SANS.

Skills and Technologies

  • Core Competencies & Strategic Focus: Security Program Management, Vulnerability Management, Incident Response, Threat Hunting, Control Alignment & Testing, Corrective Action Plans, Strategic Planning, Project Management, People Management, Vendor Management, Due Diligence Integration Support, Security Automation, Cybersecurity Awareness Training
  • GRC: SOC 2, SOX, GDPR, MARS-E, HIPAA, HITECH, OWASP, ATT&CK, SANS, PCI Scanning, IAM, PAM, Control Uplift
  • M&A Alignment: Uplift controls and mature security/GRC programs for newly acquired subsidiaries; lead integration programs and audit/control parity efforts
  • SIEM & Monitoring: Microsoft Sentinel, Azure Cloud SIEM, Azure DevOps, Azure Key Vault, ServiceNow, OneTrust, WAF
  • EDR & Endpoint: CrowdStrike, Microsoft Defender, Qualys, Tenable.io, Nessus Pro, Avanan
  • Encryption & File Security: AES-256, BitLocker, Full Disk Encryption, TLS/SSL, HTTPS, FTPS, SSH/SCP/SFTP, EFS
  • Remote Access & MFA: Cisco AnyConnect, DUO MFA, VPN, Multi-Factor Authentication, Remote Access Protection
  • MDM & Cloud Apps: Intune, Autopilot, OneDrive, Box, Docusign, Microsoft 365, Microsoft Teams, Azure WAF
  • Identity Tools: SailPoint, Delinea, PAM Vault, Entra ID
  • Platforms: Linux (Ubuntu, Red Hat), Docker, Kali, Log Correlation, Security Event Monitoring, Penetration Testing
  • Emerging / Self-Study: LLM Security, Docker Security, AI Threat Modeling, Elastic Stack Logging, Secure Development Practices, Open Source Security Tooling
  • Interests: Guitar player, Electronics design, Tube Guitar Amplifier builder, Avid Reader, lifelong autodidact, Family, Cooking

Printable: use your browser’s Print dialog and select “Save as PDF” for a clean print-friendly copy.

Download Resume

 AES-256, antivirus, ATT&CK, Autopilot, Avanan, Azure Application Gateway, Azure Cloud SIEM, Azure DevOps, Azure Key Vault, behavioral analytics, BitLocker, blue team, Box, certificate management, Cisco AnyConnect, control alignment and testing, corrective action plans, CrowdStrike, cybersecurity awareness training, data at rest encryption, Delinea, DLP, Docker, Docusign, due diligence integration support, DUO MFA, email security, encrypted file transfer, endpoint detection and response, endpoint encryption, EFS, FTPS, full disk encryption, GDPR, HITECH, HTTPS, IAM, identity and access management, incident response, InTune, Kali, Linux, LLM security, log correlation, malware detection, MARS-E, Microsoft 365, Microsoft Sentinel, Microsoft Teams, mobile device management, multi-factor authentication, Nessus Pro, network access control, network security, OneDrive, OneTrust, Optiv, OWASP, PAM vault, penetration testing, people management, phishing protection, privileged access management, project management, PCI scanning, PCI vulnerability scanning, Qualys, Red Hat, remote access protection, SailPoint, SANS, SCP, security automation, security event monitoring, security program management, ServiceNow, SFTP, SOC2, SOX, strategic planning, SSH, system monitoring, Tenable.io, threat hunting, TLS, Ubuntu, vendor management, VPN, vulnerability management, WAF