Knowledgeable, diligent, personable.
Ray Vankrimpen genuinely enjoys delivering his boutique brand of consulting, implementation and audit expertise in the areas of cybersecurity, privacy, IT risk management and data quality.
With nearly 20 years’ worth of proven knowledge and experience, Ray advises his clients on the implementation of cybersecurity solutions. He is able to scale solutions for large, complex organizations and at the same time bring practical, value-oriented solutions to smaller sized organizations.
Ray has helped many organizations develop their cybersecurity strategy and programs. His technical solution expertise includes Security Information Event Management (SIEM), Data Loss Prevention (DLP), Cyber Threat Intelligence and Data Classification. He has considerable knowledge and experience implementing the NIST Cyber security framework (NIST CSF) and is able to leverage informative resources such as ISO27001, COBIT and other NIST standards.
Ray has many years of experience delivering IT audits of complex information technology architectures that typically include cloud, application, database, network, server and virtual infrastructures. He delivers controls solutions and audits against statutory and compliance standards such as ISO 27001, CPA Canada’s Trust Services Criteria (SOC1, SOC2, CSAE3416, SSAE16 and WebTrust for CA).
Ray excels in helping organizations in the selection and preparation for the sustainable use of information security technologies with a focus on people and processes to support the technology.
Fields of expertise
- Cyber Security solutions
- Cyber Threat Intelligence solutions
- Cloud Security solutions
- Privileged Access Management solutions
- Security Information Event Monitoring solutions
- Information security, privacy and threat risk assessments
- Readiness assessments and service auditor reports under AICPA/CPA Canada guidelines (SOC 1, SOC 2 and SOC 3)
- Public Key Infrastructure audits (WebTrust for CA, Certipath)
- PCI Readiness Assessments and Audits
- ISO 27001 Readiness Assessments and Audits
- Implementation and audit against statutory and compliance standards and frameworks
- Financial institutions,
- Public sector including healthcare, government ministries and agencies
- Technology, media and telecommunications
- Payment Card Industry – Qualified Security Assessor, PCI-QSA, 2016
- Certified in Risk and Information Systems Control, CRISC, 2010
- Certified Information Security Manager, CISM, 2009
- Certified Information Systems Security Professional, CISSP, 2004
- Certified Information Systems Auditor, CISA, 2003
- Diploma in Computer Science, Niagara College, 2000
- BBA, Brock University, 1999
Professional and community involvement
- International Information Systems Security Certification Consortium (ISC2) – Member, since 2004
- Information Systems Audit and Control Association (ISACA) – Platinum member, since 2000
- Quoted. “Taking aim at workplace tech” CPA magazine, July 2017
- Lead presenter. “Data Classification and Data Governance,” ISACA Toronto Annual Summer Conference, June 2016
- Lead presenter. “Implementing Cyber Security aligned with the NIST framework,” ISACA Fall Conference, November 2015
- Provided comment to The Globe and Mail on the Ministry of Education website security issues, March 2015
- Provided comment to The Globe and Mail on the Home Depot breach, September 2014
- Provided comment to various print and broadcast media on the “Heartbleed Vulnerability,” including The Globe and Mail, Toronto Star, CBC, BNN and 680 News, April 2014
- Presenter. “Privacy and Security Monitoring Solutions for Health Care,” Hospital CIO/CPO Symposium on ePHIPA, Toronto, January 2013
- Lead presenter. Cyber Security, various executive boards, since 2010
- Lecturer. “Electronic Data Processing Auditing,” Laurentian University, 2010-2013
- Lead presenter. “Managing Outsource Vendors,” ISACA IT Audit Day, Toronto, since 2009
- Lecturer. “Management Information Systems,” University of Toronto, since 2008