Cody
Murphy

Global leader for digital trust, identity, data, device, AI security, and Zero Trust security architecture across a multinational enterprise. Direct cybersecurity strategy, security governance, and execution of critical security programs supporting business objectives and protecting customer and corporate assets.

• Identity & Access Management (IAM): Designed and executed a transformational multi-year IAM program roadmap (People, Process, Governance, Technology), improving security posture and streamlining identity lifecycle management and Joiner-Mover-Leaver (JML) processes for onboarding and offboarding, while strengthening privileged accounts/service accounts management and entitlement management across the environment.
• Zero Trust Architecture: Integrated identity, device, network, data, and application controls into a unified Zero Trust framework, strengthening access control, enforcing least privilege, reducing attack surface, and securing corporate crown jewels; led ongoing Zero Trust assessment/maturity efforts to drive an identity-first security model across the enterprise.
• Data Security: Oversaw enterprise DLP, encryption, key management (KMS), data discovery, data classification and labeling, data security posture management (DSPM), and secure data lifecycle programs, ensuring regulatory compliance with SOC 2, ISO 27001, PCI DSS, and GDPR.
• Cloud Security: Managed AWS, Azure, and Microsoft Entra ID cloud computing security initiatives, deploying automated compliance checks, cloud security posture management (CSPM) capabilities, secure configurations, RBAC-based controls, and Zero Trust-based controls, including CASB, SASE, and ZTNA implementations.
• Incident Readiness: Created enterprise-level risk registers, led risk assessments, remediation planning, and executive crisis response coordination during high-pressure security events, supported by documented security playbooks and runbooks.
• Security Operations: Collaborated with internal and third-party Security Operations Center (SOC) teams to strengthen security monitoring, streamline escalation workflows, and improve response SLAs.
• Mergers & Acquisitions: Directed transformational cybersecurity integrations for acquisitions, aligning IAM, Zero Trust, data security, and compliance controls across new entities. Ensured secure onboarding of systems, users, and data with minimal disruption while maintaining adherence to governance and compliance regulations.
• Cybersecurity Leadership: Championed servant leadership principles, built high-performing teams, and partnered with executives to translate complex security topics into business language, strengthening security awareness and culture and driving organization-wide engagement and board-level reporting on cybersecurity posture and risk mitigation KPIs.
• Vendor & Budget Management: Managed vendor relationships and contracts and multi-million-dollar IT budgets to align with strategic goals, including vendor and third-party risk management.

Directed global IT operations for a 35-member team across North America, Europe, Asia, and APAC, delivering secure, reliable, and compliant enterprise technology services. Oversaw infrastructure, endpoint security, service delivery, budget forecasting, and global technology integration projects.

• Endpoint Security: Implemented Intune Endpoint Manager policies (patching, EDR, encryption) across thousands of devices, achieving 99% compliance adherence.
• Cloud Services: Managed Azure and AWS cloud technologies (VMs, VNets, storage, load balancing, BDR, DNS, Entra ID / Azure AD SSO, enterprise applications), achieving 99.99% uptime.
• VDI & DaaS: Designed and delivered Windows Virtual Desktop and AWS Workspaces solutions, enhancing productivity for remote and hybrid teams.
• Mergers & Acquisitions: Led technology integration for six acquired companies, including the largest with 1,500 employees, unifying systems, policies, and security standards.
• Team Expansion: Scaled IT End User Services across North America, Europe, and APAC; engineered and deployed macOS MDM solutions; oversaw VoIP migrations.
• Operational Excellence: Built an agile service desk with documented policies, escalation procedures, SLA/OLA metrics, and key performance indicator (KPI) reporting standards. Reduced ticket backlog from 457 to mid-20s and improved SLA compliance from 78% to 98%.
• Vendor & Budget Management: Relationship management and negotiations with vendor contracts and managing multi-million-dollar IT budgets to align with strategic goals. Vendor and 3rd-party risk management.
• Governance & Compliance: Enforced ITIL standards, disaster recovery plans, and change management processes; maintained familiarity with OWASP Top 10 to guide secure practices.

Led cloud security, Identity & Access Management (IAM), Business Continuity and Disaster Recovery (BC/DR), and reliability engineering for ConnectWise's global SaaS infrastructure, ensuring high availability, compliance, and operational excellence.

• Site Reliability Engineering (SRE): Established and led the SRE function to enhance reliability, optimize performance, and improve scalability of mission-critical cloud services. Leveraged root cause analysis practices to improve reliability.
• Reliability Framework: Designed and implemented a comprehensive Reliability Framework to evaluate, benchmark, and maintain compliance standards for global SaaS infrastructure.
• Cloud Security: Directed cloud computing IAM, monitoring, logging, vulnerability management, and exposure management programs to safeguard customer and corporate data.
• Compliance & Governance: Managed SOC 2 compliance activities, audit readiness, and ongoing adherence to industry regulations and standards, including security policy development and maintenance.
• Incident Response: Led coordinated response efforts during major cloud outages, reducing recovery times by 50% through improved automation and process refinement.
• Continuous Improvement: Drove a culture of operational excellence by identifying efficiency gains, optimizing alerting and monitoring strategies (Dynatrace), and implementing preventative measures.
• Cross-Functional Collaboration: Partnered with security teams, engineering leaders, and third-party service providers to align performance and security objectives with business goals through proactive stakeholder management.

Oversaw enterprise IT operations and engineering teams, leveraging expertise in cloud infrastructure, networking, security, and enterprise systems to deliver modernization initiatives and post-acquisition integrations. Migrated our corporate on-prem data center entirely to the cloud, moving hundreds of VMs and storage workloads to AWS and Azure with minimal downtime.

• Mergers & Acquisitions: Managed IT integration projects for six acquisitions, coordinating cross-functional teams to migrate users, applications, and infrastructure into enterprise standards, standardizing infrastructure and security practices, and minimizing downtime during technical cutovers.
• Designed and executed global VoIP phone system migrations.

Led enterprise IT engineering and infrastructure operations with hands-on expertise in endpoint management, Active Directory, enterprise application deployment, and system hardening. Managed enterprise hardware and software lifecycle, ensuring standardized configurations and secure deployments. Directed large-scale application packaging, patching, and rollout, maintaining compliance with corporate security requirements. Implemented endpoint encryption and device hardening measures in coordination with security teams. Negotiated vendor contracts and oversaw IT procurement to align with budget and strategic goals.

Provided enterprise-level desktop engineering leadership with expertise in Windows and macOS endpoint management, Active Directory, Microsoft Exchange, Group Policy, MDM, and enterprise application deployment. Engineered and enforced global Group Policy and MDM standards, ensuring consistent configurations and compliance across thousands of endpoints. Packaged, tested, and deployed enterprise applications and patches, maintaining security and operational stability. Integrated encryption, endpoint protection, and device hardening measures to meet evolving security requirements.

Delivered advanced desktop engineering and systems support, specializing in endpoint configuration, security enforcement, and application lifecycle management. Administered Active Directory and Group Policy to control enterprise configurations. Managed enterprise application deployments, updates, and patching to maintain a secure and stable environment. Provided escalation-level troubleshooting to resolve high-priority technical issues.