Boulton Fernando
Proven ability to lead Technology and Information Security programs in global financial services and media/entertainment organizations. Experience includes leading a secure, agile conversion of data center centric applications to multi-tenant hybrid cloud-based environment and ensuring regulatory compliance and cyber resiliency in a consumer lending organization supporting over 70 million customers across 41 countries. Recognized for creating a culture of early risk identification through threat modeling and rapid treatment of risks using DevSecOps framework.
Boulton was the Vice President and Chief Information Security Officer (CISO) at Toyota Motor Credit Corporation and managed all facets of Information Security, providing leadership and direction to Toyota Financial Services Group across the globe. He gained consistent Board support by simplifying complex security principles and by sharing business centric risks through effective storytelling. He spearheaded a global information security policies and standards consolidation initiative based on the ISO 27001 and NIST framework. He utilized the resulting deliverables as the foundation for creating a global “Security as a Service” program that offered revenue generating services in all continents adhering to GDPR, PCI and local data residency requirements. He chaired a team that developed and implemented a secure supply chain and open-source software programs to help ensure Toyota and corporate partners remained secure. He proactively mitigated security threats in applications through threat modeling, by educating developers to write secure code, by providing secure IDE plugins, scanning code and APIs for vulnerabilities, automating tests in the CI/CD pipeline, code signing, continuous monitoring, and threat hunting. Boulton mentored people centric technology and cyber security leaders from diverse backgrounds.
Prior to his tenure at Toyota, he was the Senior Vice President and Chief Security Officer (CSO) of OneWest Bank, he was accountable for leadership and direction of privacy, physical and information security activities in providing protection of people, property, and information assets. Boulton joined E&Y as an intern from business school and progressed while performing information system audit and information security consulting services for large financial services, healthcare, and media/entertainment organizations across the globe.
Boulton graduated from California State Polytechnic University, Pomona with a Master of Science in Business Administration with an emphasis in information systems audit. Boulton holds the CISSP, CISM and CFE information security and fraud examination related certifications.
