Resume

Michael B. Housch

CISM · CISSP

VP-Level Technology & Operational Risk Leader · Global Cybersecurity Executive · Board Member

📍 St. Augustine, FL 32080

📞 386-867-5300

houschmike@gmail.com

linkedin.com/in/michaelhousch

25+

Years Experience

$21M

Budget Managed

150+

Team Size Led

40+

SOC 2 Audits/yr

Summary

Strategic technology and operational risk executive with 25+ years of experience leading risk advisory functions across large, regulated financial institutions. Deep expertise embedding fit-for-purpose risk governance across digital product platforms, cloud environments, AI/ML-driven capabilities, and API ecosystems. Proven ability to influence senior technology and business executives, build high-performing risk advisory teams, and drive measurable risk reduction while enabling business agility.

Executive-level communicator with a track record of translating complex technical risk into clear business implications for C-suite, boards, and large-bank regulators (OCC, FDIC, FRB, VA).
Demonstrated success managing global risk and security teams of 150+ professionals and budgets exceeding $21M; recognized on CISOs Connect™ Top 100 CISOs in North America 2024.
Deep fluency in modern digital delivery models — Agile, DevOps, CI/CD, cloud-native architectures (AWS, Azure, GCP) with hands-on experience governing risk across platform-based engineering environments.
Published thought leader in Forbes on encryption and cybersecurity; member of the Forbes Technology Council.

Core Competencies

Technology & Operational Risk Advisory Digital Risk Governance AI/ML Risk Management Cloud Risk (AWS, Azure, GCP) Digital Product Platform Risk API & Application Security Agile / DevOps / CI/CD Risk Controls Platform Resilience OCC · FDIC · FRB · GDPR · CCPA NIST SP 800-53 / NIST RMF ISO 27001 PCI DSS · FISMA IAM / RBAC Third-Party Risk / Supply Chain SOC Leadership Issue Management & Governance

Professional Experience

Dark Matter Technologies (DMT)

Chief Risk and Information Security Officer (CRISO)

Jacksonville, FL
October 2023 – Present

Senior technology and operational risk leader for a leading mortgage technology platform, owning the full risk advisory function across digital products, engineering, and cloud environments.

Embedded fit-for-purpose risk governance across Agile delivery and cloud-native engineering teams, ensuring risk controls kept pace with digital product development and platform deployments.
Implemented an AI-driven security solution across user endpoints, reducing privacy incidents and accidental data exposure by 85%, demonstrating hands-on oversight of AI/ML risk within production digital environments.
Led design and deployment of a comprehensive IAM framework with least-privilege principles, RBAC, and automated provisioning; directly governing digital identity risk across the enterprise.
Developed and deployed a Data Loss Prevention (DLP) solution across endpoints, email, and cloud environments, significantly reducing sensitive data exfiltration risk across digital channels.
Enhanced third-party and supply chain risk governance by integrating vendor monitoring into SOC operations, reducing risk exposure across the digital vendor ecosystem.
Launched enterprise security awareness program achieving a 92% reduction in phishing attempts; enforced NIST RMF standards reinforcing regulatory compliance with federal agency partners.

Q2 Digital Banking Solutions

Chief Information Security Officer (CISO)

Austin, TX
January 2023 – September 2023

Technology risk advisory leader for a digital banking platform, embedding risk practices across digital product delivery, application security, and third-party ecosystems.

Conducted comprehensive technology risk assessments across all digital business units, identifying and driving remediation of critical risk exposures across platform and product portfolios.
Transitioned application security to a risk-driven remediation model within an Agile delivery environment, aligning risk controls with digital product development timelines and priorities.
Matured third-party risk governance program, integrating it with SOC operations to provide real-time oversight of vendor risk within the digital banking ecosystem.

Black Knight Inc. (Acquired by ICE)

Chief Information Security Officer (CISO)

Jacksonville, FL
2012 – January 2023

Led technology risk and information security for a publicly traded fintech company operating large-scale SaaS and digital platforms in the mortgage and financial services industry. Reported to board risk committee and advised senior technology and business executives across a matrixed, global organization.

Governed technology risk across digital customer journeys, cloud infrastructure, and API ecosystems during a full enterprise migration to AWS — achieving zero data breaches while following AWS Well-Architected risk principles.
Built and led a global team of 150+ risk and security professionals with a $21M budget, developing high-performing risk advisory capabilities aligned to digital products and platform portfolios.
Directed cross-functional risk advisory teams in achieving and maintaining NIST SP 800-53, FISMA, and PCI DSS compliance for SaaS and digital platforms serving the VA and major financial institutions.
Led 40+ successful SOC 2 Type II and PCI DSS audits annually, working directly with regulators, auditors, and second/third line assurance teams.
Developed a vulnerability management program reducing Severity 4 and 5 vulnerabilities past SLA by 95% month-over-month through risk-prioritized remediation aligned with business impact.
Implemented a comprehensive incident response and issue management framework, reducing mean time to detect and respond to technology risk events by 60%.
Delivered regular technology risk briefings to the Board Risk Committee on Key Risk Indicators (KRIs), providing forward-looking, decision-oriented risk insights to senior leadership.

First Federal Bank

Chief Information Officer (CIO)

Lake City, FL
2000 – 2012

Led technology risk, information security, IT infrastructure, and business continuity for one of the Southeast's leading private banks. Provided strategic risk governance to the Board of Directors and maintained strong relationships with banking regulators.

Established enterprise-wide technology risk policies, standards, and access controls governing digital systems across all banking platforms and business lines.
Developed and executed a comprehensive information security and privacy risk assessment program to proactively identify, assess, and mitigate threats to critical digital banking systems.
Maintained strong relationships with banking examiners (OCC, FDIC, FRB), ensuring transparent regulatory communication and successful examination outcomes.
Delivered executive-level technology risk reporting to the Board of Directors, translating complex risk concepts into clear business implications for non-technical stakeholders.

Education

Master of Business Administration (MBA)

Accounting and Finance · Jacksonville University · May 2022

Bachelor of Science, Computer Science

Southern Texas University · 1989–1993

Executive Education Program

Wharton University of Pennsylvania · 2018–2019

Certifications

CISM — Certified Information Security Manager CISSP — Certified Information Systems Security Professional

Awards & Publications

CISOs Connect™ Top 100 CISOs in North America (2024)
HousingWire 2024 Vanguard
Member, Forbes Technology Council
Forbes: "Rethinking Phishing Tests: A Call for Trust and Control in Cybersecurity"
Forbes: "The Current Encryption Landscape: The Need for 3072-Bit Keys"