1. CHRIS MULLANEY
San Francisco Metro Area 206-962-9669 mullaney.c29@gmail.com
VP / DIRECTOR – RISK MANAGEMENT / INFOSEC / COMPLIANCE
Global Risk Management / Regulatory Compliance / Governance / Program Management /
Government Relations / Data Security / Audits / Best Practices / Legal & Regulatory Affairs /
Licensing / Antitrust Compliance / Strategic Roadmaps / Team Building / Data Privacy / ISO /
Cloud / Release Management / Strategic Alliances / Product Launches / Product Management
Contingency Planning & Disaster Recovery / Data Protection / Process Improvements / SOX /
Contracts / Negotiations / Interoperability / Threat Modeling / HIPAA / FedRAMP / PCI / SOC /
Global Readiness / SSAE / SAS 70 / ISAE / ISMS / RACI & OARP / EU Model Clauses / Testing /
Vendor Relations / Client Relations / Planning / Release Management / Staff Development
As a multi-talented executive who rose through the ranks at Microsoft Corporation, I have an
outstanding record of contributions spanning a wide array of roles in global information security,
regulatory compliance, risk management, antitrust compliance, program management, licensing and
business development, among other areas. Directing a broad spectrum of mission-critical programs
around the world, I have ensured compliance with a multitude of government regulations, international
standards, corporate guidelines, contractual requirements and client expectations.
Driving go-to-market compliance and certification programs, I have been instrumental in readying new
products, services and software releases for launch. I have obtained crucial certifications and regulatory
approval for platforms that include Microsoft’s Azure Cloud Services, Intune, Online Backup, Site
Recovery, OMS, Windows, Windows Server, System Center, SQL Server, Office and Exchange. I
have led close collaborations among in-house and outside legal counsel; engineering, developer and
other technical professionals; marketing and sales leadership; vendors, OEM and channel partners; and
customers.
Leading programs to ensure compliance with antitrust regulations, orders and consent decrees, I have
extensive experience coordinating closely with government agencies around the world, including the
Department of Justice, European Commission and Korea Fair Trade Commission. Known for
special expertise in privacy, data security, business continuity and disaster recovery planning, antitrust
and other compliance standards around the world, I have been relied on as a trusted advisor by board
members, senior corporate executives and top business unit leadership as well as clients and strategic
partners.
At your organization, I could make an immediate strong impact and lasting contributions by:
Developing & implementing enterprise-wide InfoSec strategies
Ensuring global compliance with complex standards & regulations
Planning & executing nimble strategic change management roadmaps
Driving synergistic collaborations among disparate stakeholder groups
Directing complex projects & programs to on time, on budget completion
Forging cooperative relations with international regulatory & standards bodies
2. CHRIS MULLANEY
PAGE 2
206-962-9669 mullaney.c29@gmail.com
Building highly effective risk management, compliance and security organizations
Creating flexible, scalable solutions to address constantly evolving security threats
Assembling, training mentoring & motivating high performance multidisciplinary teams
Known as an astute analyst, persuasive communicator and trusted advisor with long-range strategic
vision, others have described me as a natural leader, tireless innovator, strong motivator. I studied
business management at the Leonard N. Stern School of Business at New York University and at the
Rutgers University Business School. Certified as an ISO27001 Lead Auditor, I am currently completing
CIPM and CISA certifications.
CAREER HISTORY & SELECTED HIGHLIGHTS
Microsoft, a $93B worldwide leader in software, services, devices and solutions. Steadily promoted,
roles include:
Sr. Director, Azure Blueprint - Cloud Health & Security Engineering, 2016-Present. Selected in April
2016 to direct the Blueprint security program for Azure, addressing certification of client solutions hosted
on Azure IaaS, PaaS and SaaS Cloud platforms. Responsible for defining partner ecosystem support
requirements, customer deliverables and sales engagement models and driving cross divisional program
implementation.
Sr. Director, Security Compliance, 2015-2016. Directed information security, privacy,
regulatory compliance and Cloud health implementation for Azure Cloud Services. Managed
ISO, SOC, PCI and FedRAMP audit and certification engineering engagement. Worked
closely with engineering, service and support teams, providing guidance on compliance
requirements. Notable achievements include: Won an award for fast-tracking InfoSec
compliance for Azure cloud services. Microsoft needed to ensure information security
compliance of dozens of new and re-architected services for its Azure Cloud platform,
including networking, computing, storage and the Internet of Things (IoT). Led all phases of
an accelerated program in close concert with engineering and project management to
evaluate risks and prepare remedial processes in advance of audits of 50 existing and 10
new services. Honored with Microsoft’s Outstanding Achievement Award for guiding
the successful program to on-time completion.
Sr. Director, Compliance & Risk Management, 2011-2015. Promoted to develop a comprehensive
compliance program for multiple Cloud-based services and software products. Ensured conformance with
global regulatory, information security, business continuity and risk management standards. Key
contributions include:
Created a robust, scalable Cloud security control framework. Migration to the Cloud of
MS’s Enterprise Open Source and Enterprise / Mobile Client om-premises software
created potential security and compliance gaps. Led a team to develop rigorous
processes, systems and controls to ensure compliance with ISO 270XX, SOC, PCI, EU
Model Clauses, HIPAA, UK G-Cloud, FedRAMP and other standards. Created a continuous
monitoring model, streamlining support and accelerating release of new services.
Dramatically improved audit preparation efficiency while reducing deficiencies.
Optimized resources to keep pace with growth of Cloud services. Accelerating release
of new services/upgrades severely strained a small core team of security/privacy/compliance
professionals. Revamped the team, adding new talent. Refocused training and certification
3. CHRIS MULLANEY
PAGE 3
206-962-9669 mullaney.c29@gmail.com
on mission critical security and data protection skills, added specialists for BCDR and SDL.
Eliminated or shifted non-essential tasks to other teams. Doubled capacity while increasing
satisfaction of engineering with the new levels of support.
Secured ISO, HIPAA & other crucial certifications. MS needed to obtain critical
compliance certifications to protect its status as a market leader in Cloud services.
Developed a platform for managing all phases of the certification process, from controls and
documentation to training and audits. Secured ISO27001 & 27018, HIPAA, EU, and SOC
credentials ahead of schedule and under budget. Completed multiple FedRAMP gap
assessments.
Led a comprehensive ISMS Cloud governance program. Rising demand for Cloud
services required MS to develop a scalable corporate and client-level Enterprise Risk
Management (ERM) strategy. Designed a governance, controls and compliance program.
Built a risk assessment methodology and tooling at the individual Cloud service level with
real time continuous monitoring assessment enabled for use by all MS Cloud engineers.
Created tracking and reporting to provide visibility to senior leadership and board members.
Principal Business Manager, Cloud & Enterprise Engineering Group, 2011. Played a key role in
developing a strategic roadmap for a newly formed operating unit. Accomplishments include:
Built a SharePoint-based strategic roadmap management tool. A newly formed
Enterprise & Mobile Client group at MS needed strategic direction and tools to support it.
Working closely with the group’s leadership team, drove development of a web-based
SharePoint site to define the operation’s mission charter, goals, milestones, organizational
model and branding. Created a content plan, combining data on 30+ software engineering
products and services. Provided a flexible, shared platform to support communication and
collaboration among all members of the group.
Principal Program Manager, Antitrust Compliance, 2007-2011. Directed engineering collaborations for
enterprise-wide global antitrust compliance. Managed programs across Windows, Office, Exchange and
SQL ensuring adherence to requirements in the US, EU and S. Korea. Collaborated closely with legal,
engineering and marketing, as well as with regulators. Achievements include:
Ensured global regulatory compliance for new Windows releases. MS needed to meet
a tight release schedule for Windows 7 while complying with European Commission and
Korea Fair Trade Commission antitrust regulation orders to remove specific functionalities.
Working closely with antitrust counsel and engineering teams, overcame technical and legal
obstacles. Drove definition of packaging for all distribution channels. Met all regulatory
requirements for both markets while facilitating an on-time rollout.
Spearheaded US & EU interoperability compliance for multiple product lines. MS
needed to fulfill orders by the US Department of Justice and European Commission to
provide interoperability documentation for all major products, including Windows/Windows
Server, Exchange, Office and SQL Server. Directed publication of required content via the
MS Developer Network library. Coordinated closely with legal counsel and regulatory
authorities of both agencies and AGs from 9 states. Met all requirements, avoiding fines and
sanctions.
Program Manager, Platform Business Management Team, 2006-2007. Directed all global regulatory
compliance for the Windows OS. Worked closely with engineering, product, packaging and legal teams,
ensuring adherence to orders by European Commission and Korea Fair Trade Commission. Contributions
include:
4. CHRIS MULLANEY
PAGE 4
206-962-9669 mullaney.c29@gmail.com
Fast-tracked Windows KFTC antitrust compliance. MS faced a short schedule for
complying with Korea Fair Trade Commission (KFTC) orders to remove certain functions
from the latest Windows XP release. Due to XP’s legacy status, the project needed to be
completed with limited resources. Assembled a virtual ad hoc team to tackle the project,
coordinating legal, engineering packaging professionals. Reconfigured the product to meet
all regulatory requirements, enabling on-time release, including worldwide volume licensing,
retail distribution and OEM resale/distribution.
Earlier: Group Manager, Windows Licensing Programs; Business Manager, Windows Client Licensing
Programs; Group Manager, Revenue Planning; Product Planner, Revenue Planning; Program Manager,
Enterprise Agreement Program; and Licensing Executive. Began career at Microsoft as an Account
Executive serving Fortune 500 clients. Notable achievements in these roles include:
Pioneered Enterprise Agreement licensing, driving $260M in revenue. Following its split
from AT&T, Lucent asked MS to devise a cost-effective solution for utilizing MS software on
all its PCs. Developed an innovative enterprise licensing model, allowing Lucent to install
latest software versions on all existing devices and any new PCs acquired during the three-
year license term. Enabled Lucent to overcome financial constraints by making structured
payments and spreading costs over time. Utilizing the new model, negotiated 15 additional
deals with other major clients worth hundreds of millions.
Instrumental in more than doubling EA annuity revenue to $3B. Based on the success
of an initial Enterprise Agreement licensing program, MS faced steeply rising demand for the
program from a wide range of B2B customers. Relocated to corporate HQ and directed a
project to expand and enhance the program. Created processes and tooling to structure,
price and negotiate deals with clients of all sizes. Rolled out the program globally, generating
more than $1.5B in new annual annuity revenues.
Grew regional category sales 18-fold in only four years. Tasked with driving MS sales to
Fortune 500 accounts. Focusing on securing enterprise-wide commitments for standardizing
on MS products, developed the pharmaceutical vertical in the Northeast. Drawing a virtual
multidisciplinary team of technology specialists, drove sales from $500K to $9M, consistently
beating all revenue targets.
TECHNOLOGY TOOLBOX
Skills include strong product knowledge on a broad variety of platforms, including Microsoft Azure,
Microsoft Intune, Microsoft Windows Client / Server, Office / O365, SQL Server / SQL Azure, System
Center, MS Security Compliance Manager, StorSimple, Azure Backup, Site Recovery, Automation,
Operations Management Suite, RemoteApp, Visual Studio Application Insights and other cloud services.
EDUCATION, TRAINING & CERTIFICATIONS
Studied business management at New York University’s Leonard N. Stern School of Business and
Rutgers University’s Business School.
Certified as an ISO27001 Lead Auditor.
Currently completing CIPM certification from International Association of Privacy Professionals (IAPP)
and Certified Information Systems Auditor (CISA).
5. CHRIS MULLANEY
PAGE 5
206-962-9669 mullaney.c29@gmail.com
AWARDS & RECOGNITION
Awards and honors from Microsoft include:
Top HQ Enterprise Customer Unit Contributor Award
Three-time winner of the “Hooked the Big One” Awards.
OEM Policy Team Outstanding Contributor Award
Outstanding Collaboration Award IBM/Lenovo.
Gold Star Award – Legal and Corporate Affairs.
Gold Star Award – Windows Product Team.
Gold Star Award – Interoperability Group.
Outstanding Achievement Award.
PROFESSIONAL AFFILIATIONS
Member: ISACA and International Association of Privacy Professionals.
PERSONAL
An avid distance runner, I completed the Seattle, Dublin and Victoria Marathons and the Bellevue Half
Marathon. In my spare time, I enjoy downhill skiing, reading and cross-stitch projects.
6. CHRIS MULLANEY
PAGE 5
206-962-9669 mullaney.c29@gmail.com
AWARDS & RECOGNITION
Awards and honors from Microsoft include:
Top HQ Enterprise Customer Unit Contributor Award
Three-time winner of the “Hooked the Big One” Awards.
OEM Policy Team Outstanding Contributor Award
Outstanding Collaboration Award IBM/Lenovo.
Gold Star Award – Legal and Corporate Affairs.
Gold Star Award – Windows Product Team.
Gold Star Award – Interoperability Group.
Outstanding Achievement Award.
PROFESSIONAL AFFILIATIONS
Member: ISACA and International Association of Privacy Professionals.
PERSONAL
An avid distance runner, I completed the Seattle, Dublin and Victoria Marathons and the Bellevue Half
Marathon. In my spare time, I enjoy downhill skiing, reading and cross-stitch projects.