Steve Weltman

Chief Information Security Officer | Cybersecurity & GRC Executive | Strategic Board Advisor | Torrance, CA | 

US Navy Veteran | ISC2LA VP Finance | Thought Leader & Compliance Strategist

Executive Summary

Strategic and business-first-aligned Chief Information Security Officer with over 20 years of progressive leadership in cybersecurity, global governance, risk, and compliance (GRC), and enterprise security program design. Known for developing and executing board-level cybersecurity strategies that drive regulatory readiness, business resilience, and customer trust. Proven success in embedding security-by-design into digital transformation initiatives across healthcare, financial services, SaaS, and global cloud infrastructures. Published thought leader on EU product liability and security governance, ISC2 podcast contributor, and executive advisor on emerging threats and regulatory frameworks.

Core Competencies

• Cybersecurity Programs Strategy & Governance
• Global Risk & Compliance (GRC) Leadership
• Security Culture & Cross-Functional Enablement
• Board & Executive Leadership Development
• HIPAA, GDPR, SOX, NIST CSF, ISO 27001, PCI DSS, CCPA
• Trust Services, Security by Design & Secure SDLC
• Enterprise Risk Management (ERM)
• Vendor Risk Management & Third-Party Governance
• Cloud & Multi-Cloud Security (AWS, Azure)
• Threat Intelligence & Incident Response

Professional Experiences

Aletheia Security Consulting – CISO Advisor to KARL STORZ Americas
Global Strategic CISO Advisory
Nov 2022 – Present | Remote – Los Angeles Based – Directed global rebuild of ISO 27001-conforming Information Security Management System (ISMS), empowering executive risk ownership and embedding security into product and operational lifecycles. – Partnered with PwC and cross-functional leaders to align governance, risk, and compliance (GRC) functions with evolving regulatory requirements (HIPAA, GDPR, NIS 2). – Delivered executive-facing risk reporting and risk registers, supporting Board awareness of emerging threats, third-party risk exposure, and cybersecurity program effectiveness.

Imperva – Global Lead, Security Compliance Strategy
Office of the CISO
Nov 2021 – Oct 2022 | Los Angeles, CA – Re-architected global compliance strategy to align with business risk priorities, successfully achieving PCI recertification and maintaining SOC 2 and ISO 27001 credentials. – Built operational playbooks and automated controls for audit readiness, enhancing resilience against internal and external threat vectors. – Engaged senior leadership to recast security compliance as a continuous improvement engine, strengthening organizational accountability and trust.

Verizon Media / Edgecast / VDMS – Global Security Compliance Program Owner
ISMS Function Lead
Mar 2017 – Oct 2021 | Los Angeles, CA – Directed global certification efforts supporting $50M+ in recurring revenue, integrating NIST CSF, PCI DSS, and ISO 27001 into product and infrastructure lifecycle. – Co-led incident response tabletop exercises and breach simulations across business units, ensuring global preparedness. – Championed security awareness initiatives that elevated risk visibility among engineering and product teams.

Toyota Financial Services – Enterprise Security Architect
Global Retail Transformation Initiative
Jun 2016 – Mar 2017 | Torrance, CA – Led the development of a next-generation C-IAM platform, supporting secure access for partners and consumers. – Advised executive and legal teams on observed risks, compliance implications, and remediation plans within the cloud and infrastructure modernization project.

Key CISO Achievements

• Founded and operationalized global ISMS functions at three multinational firms, achieving multiple ISO 27001 and SOC 2 certifications.
• Delivered MedTech and SaaS security strategy advising, focusing on security by design, regulatory alignment, and vendor due diligence.
• Co-hosted ISC2 podcast episode on early-career cybersecurity leadership development.
• Presented at industry forums and published commentary on the security implications of the EU Product Liability Directives and Zero Trust Architectures.

Certifications & Professional Development

• CISSP (Certified Information Systems Security Professional), #348794 
• ISO 27001 Lead Auditor Training
• Kubernetes and MicroK8s 
• AWS Security 
• MITRE ATT&CK
• Continuous learning through conferences and leadership development programs

Affiliations

• ISC2 LA Chapter – VP Finance, Board Member
• Cloud Security Alliance, Los Angeles – Former Board Director of Communications
• ISSA-SoCal, CSA, ISC2 – Active Member

Languages

• Fluent in English
• Limited comprehension: Mandarin, Japanese, German, Spanish, Hebrew

Security that empowers. Governance that enables. Leadership that equips.