Orson Lucas

Principal, Advisory, Cyber Security Services

KPMG in the U.S.

Orson Lucas has over 18 years of information technology and security experience spanning numerous disciplines, with a focus on regulatory and technical compliance and technology as an enabler of business efficiency. Significant areas of experience include: information governance and privacy assessments and strategy development; post-merger security integration; compliance assessments of regulatory standards and requirements; risk and controls consulting across numerous industries, systems and processes; information security policy development; and IT process design enhancement for application and system availability and performance.

Select Professional Experience

Orson has a demonstrated track record of selling, organizing and delivering a wide variety of services, individually and in collaboration with other leaders within and outside of his area of specialization. Representative engagement experience includes:
  • Sold and managed a multi-year international project portfolio of information governance and privacy projects for the world’s largest global retail organization. Led a team of over 60 individuals domestically across approximately 30 member firms across a wide variety of client functional areas including information security, internal audit, health & wellness, legal, food safety, and international compliance with total revenue of $20 million. Primary responsibilities included:
    • Executive relationship development and management;
    • Executive and technical management presentations and reporting;
    • Overall engagement planning and execution;
    • Budget development and tracking;
    • Project planning and tracking;
    • Resource management;
    • Technical lead management and reporting (domestically and international).
  • Led client pursuit and program delivery for the largest global privacy compliance support effort by the US firm in a highly political environment with an approach that brought together the chief security officer, general counsel, chief compliance officer, and global business line leads. Worked closely with UK counterparts to develop a solution, roadmap, business plan, and detailed budget for $28M of funding to support compliance efforts in a highly political environment. Presented and secured funding for the client to business and executive leadership.
  • Led a portfolio of cybersecurity projects including on-demand CISO services, GDPR readiness, cyber strategy, business resilience strategy, identity and access management strategy, and operational technology security strategy and execution for a global cruise line.
  • Led a large retail wholesaler client in performing a comprehensive, end to end review of security practices (including identity lifecycle management, role management, internal/external/web application/wireless penetration testing, PCI readiness, cloud security, third party security, brand protection, cyber maturity).
  • Led a technology-focused operational assessment and remediation planning program transformation effort for top 10 international Food and Beverage company to support GDPR compliance. Worked with KPMG European member firms to perform a down and bottom up assessment of operational control readiness within 700+ applications across the 23 European Union member countries and the U.S. for controls, processes, and resources to support GDPR compliance requirements. Assisted in development of a comprehensive roadmap to address identified deficiencies and enable compliance readiness and debriefed results to General Counsel and the Chief Information Security Officer.
  • M.S., Decision and Information Sciences, University of Florida, Gainesville, FL

  • B.S., Decision and Information Sciences, University of Florida, Gainesville, FL

  • Certified Information Systems Manager (CISM)

  • Certified Information Systems Auditor (CISA)

  • Certified in Risk and Information Systems Control (CRISC)

  • Aon

  • Disney

  • JM Family Enterprises

  • McDonalds

  • Microsoft