Eric Fisch
Details
Computer Science
Texas A&M University
1992 : 1996
BS
Computer Science
The University of Texas at Austin
1987 : 1992
• Partner with Business Leaders, Audit, Compliance, and IT Risk teams to evaluate and reduce risk.
2020 : Present
USAA
AVP, Information Security - Governance, Risk, and Compliance
Established enterprise-wide information security, information privacy, IT risk, and business continuity & disaster recovery programs. Led 22 full time employees and 5-15 contractors, with an annual $10M budget.
• Presented quarterly to the Board of Directors, CEO, and executive management.
• Established and oversaw the IT Risk Management organization responsible for governance of the IT, Cybersecurity, Privacy, and Disaster Recovery programs.
• Developed cloud cybersecurity roadmap and framework to align with NIST and the CCM.
• Designed, published, and promoted a streamlined process for the remediation of security issues. In the first year, the time to remediate was reduced 87%.
• Partnered with the leadership in Enterprise Risk, Third-Party Risk Management, and Disaster Recovery to resolve regulatory findings improving the Bank’s overall supervisory rating.
• Enabled secure Agile development for on-line and mobile systems.
• Oversaw the evaluation and introduction of Cisco, McAfee, and Palo Alto technologies to create a unified security environment that increased team efficiency and reduced annual tool spend by $1M annually.
• Created accountability for the Cybersecurity and Privacy programs through a metric and reporting program to measure effectiveness.
• Improved the Bank’s Cybersecurity and Privacy capabilities by recruiting and mentoring a team with a diverse skill set, and developing a targeted internship program.
2017 : 2020
Texas Capital Bank
EVP, Head of Cybersecurity and Privacy (CISO)
2011 : 2017
Texas Capital Bank
Senior Vice President, Information Security Officer
2006 : 2011
Texas Capital Bank
Vice President, Information Security Officer (ISO)
Information Security and IT Audit Consultant responsible for managing concurrent engagements, typically totaling between 5 and 20 people, at various clients including an automotive manufacturer, multiple major retailers, and an international food and beverage company.
• Maintained a sales portfolio of $1.6M in consulting work, focusing on security risk, and IT Sarbanes- Oxley assessments and remediation efforts.
• Created/consolidated the policies, standards, and procedures for $1.85B technology outsourcing organization, reducing inefficiencies and enabling them to reallocate 20% of their staff.
• Orchestrated the development, implementation, and support of a global information security consulting program for 800+ individuals.
• Trained 200+ global consultants on newly developed information security consulting program methodology.
1998 : 2006
KPMG US
Senior Manager
Skills
Board Leadership, Board of Directors Reporting, Board Presentations, Cloud Computing, Computer Security, Control Environment, Cybersecurity, Data Privacy, Enterprise Software, Executive Leadership, External Audits, Framework Development, Identity & Access Management (IAM), Information Risk, Information Security, Information Security Management, Information Technology, IT Audit, IT Management, IT Risk Management, IT Strategy, Leadership, Metrics, Program Development, Program Management, Regulatory Compliance, Risk Frameworks, Risk Management, Security, Security Audits, Security Controls, Strategy, Vendor Management, Certified Information, ITIL v3 Foundations, Sarbanes-Oxley Act, Certified Information Privacy Professional, ITIL v3 Foundations Certified
About
As head of the Information Security Risk and Compliance team, Eric is responsible for ensuring that the information security program appropriately protects USAA member’s information, corporate information, and computing environment. He leads multiple groups including Risk Assessment and Management, Security Supply Chain, Business Information Security Officer Services, Security Awareness, and Internal Risk and Fraud. He has developed processes for assessing and mitigating information security risk in the environment, facilitated an information security governance structure, and delivered a program for identifying security risks within each line of business.
Eric is a thought leader in his space, building consensus and bridges between information security and the business. He recognizes the critical role of information security and risk, but understands they are truly components to a larger organizational mission and vision. By educating business leaders on the importance of information security and risk, Eric seeks to empower them to better understand their own program and identify opportunities to reduce risk where appropriate.
Prior to USAA, Eric was an Executive Vice President and Head of Cyber Security and Privacy (CISO) at Texas Capital Bank, responsible for architecting and implementing the Information Security, Information Privacy, Business Continuity, and IT Risk programs. As a strategic director and leader in these areas, he was able to protect the Bank and reduce its risk profile. He focused on aligning the programs with IT and business operations, anticipating the tools they need to be successful and improving their time to market. By combining this knowledge with his enthusiasm and ability to engage others, Eric was able to educate and inform people from the break room to the board room.
Eric obtained his B.S. in computer science from the University of Texas at Austin and his Ph.D. in computer science from Texas A&M University. He co-authored two books on information security and has spoken at multiple information security conferences and events. He currently holds his Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified Information Privacy Professional (CIPP) certifications.
Profile Photo
