Name: Selim Aissi
Title: Chief Information Security Officer
Company: Ellie Mae
Why Nominated: As a business leader, Aissi understands two things very well: business and people. In managing his security organization, his focus is on the business and risk traits rather than the flurry of security-related policies, controls and programs that the business is implementing.
Profile: In July 2015, Aissi took over as the leader of a very small, understaffed, misaligned, and under-skilled security organization at Ellie Mae. Security was perceived as something that blocked the business's ability to operate so the company wasn't capable of consistently meeting regulatory requirements. Security was largely perceived as a very complex necessity, and its implementation was largely unplanned.
Equipped with an extensive experience in the financial and technology security as well as an established thought-leadership acumen, Aissi embarked in developing security and risk management programs, bridging the gap between Ellie Mae board members, executives and engineers. While building his security organization, a key objective was to build trust. In turn, executives and boards have to trust that he will be an accurate vessel through which their concerns will be communicated and executed. As Ellie Mae's CISO, one of Aissi's key attributes is being honest and transparent in reporting the true security posture of the organization. Another aspect of Selim's leadership style is strategic thinking and being an ally to the business. He is able to embrace the greater good, generate solid ideas and implement them.
Through his leadership, Aissi re-built the organization from the ground up by hiring a very experienced leadership team, building trust with all Ellie Mae leadership teams, and then driving security as a core Ellie Mae value.
Aissi started establishing an advanced information security program from his first day on the job. One that is based on a clear vision and a three-year plan, established a strong GRC organization, created a business continuity and disaster program that meets regulatory requirements for financial institutions, built security engineering and operations processes, automated security incident management, created a 24/7 security operations center, developed a state-of-the-art data protection program, created a testing program for processes and procedures, established scheduled anti-phishing and awareness programs, and rebuilt the entire compliance program and automated its workflow.
What colleagues say: "Just wanted to drop you a quick note letting you know how helpful Aissi has been in providing guidance and mentorship as we continue to develop our internal security programs and team. I appreciate the partnership very much and he is a great representation of your company's commitment to your customers."
- AJ Franchi