Case Study Product Leadership BI Strategy SecOps

Enterprise Compliance Intelligence Platform

Replacing six siloed reporting systems at a Top-10 U.S. bank with a unified four-layer dashboard architecture, recovering 12 FTE of analyst capacity and preventing a multi-billion-dollar regulatory fine recurrence.

380%
Annual ROI on platform investment
72 hrs
Critical vulnerability remediation, down from 45 days
7
Compliance systems unified under one intelligence layer
18 mo
Delivery timeline
65-85%
Compliance rate (up from 35-40%)
15K+
Manual tickets automated annually
$3.2B
Regulatory fine exposure mitigated
5-person
Team vs. 200-analyst alternative
Role
Program Manager / Technical Product Owner
Domain
Configuration Compliance Management (CCM) & SecOps
Organisation
TD Bank - Dallas, TX
Duration
July 2025 to Present
Systems
CCM+Qualys, IVM, IVR, AVR, CVR, Threat Intel, Protect Executive
Problem Statement

Six systems. Zero shared visibility. One looming consent order.

Following a major regulatory enforcement action, the bank faced pressure to demonstrate continuous, enterprise-wide compliance. The existing approach relied on 200+ analysts manually extracting data from siloed tools, building spreadsheets, and emailing reports. By the time a vulnerability reached an executive's desk, it was already overdue.

01
Fragmented Data Sources
CrowdStrike, Qualys, Akamai, SCCM, DynaTrace, and ServiceNow each had their own reporting format. Aggregating them required 80% of analyst time on data movement alone, leaving almost no capacity for actual remediation work.
02
Wrong Audience, Wrong Format
A single weekly PDF went to executives, audit teams, regulators, and individual asset owners. None of them could act on it. Executives wanted trend lines. Regulators needed drill-downs. Asset owners needed task lists. One report served nobody well.
03
No Accountability Loop
Without a real-time operational layer, chronic non-compliance went undetected until quarterly audits. By then, the window for consequence-free remediation had closed. The organisation was reacting, never preventing.
Solution Architecture

One architecture. Four audiences. Every decision deliberate.

The product thesis was simple: different stakeholders need fundamentally different relationships with the same data. Building four purpose-built dashboard types on a single data lake eliminated the trade-off between depth and accessibility.

01
📐
Strategic Dashboard for C-Suite
Long-range compliance KPIs, regulatory risk trending, and board-ready metrics. Weekly refresh. Designed for a 90-second read. Gives senior leadership the signal without the noise: are we on track, and where are the top three risks this quarter?
02
🔬
Analytical Dashboard for Audit and Risk
Historical trend analysis, segment-level drill-downs, and root-cause comparison across systems and business units. Gave audit teams pre-built evidence packages and cut evidence collection time by 80%, removing the most painful bottleneck in every quarterly review cycle.
03
🎟️
Interactive Dashboard for SecOps and BISOs
Filterable by severity, business unit, system, and date range. Security teams could pivot from enterprise-wide exposure to a single asset's remediation history in three clicks. Replaced the manual ad-hoc analysis requests that previously took two days to fulfil.
04
Operational Dashboard for Compliance Teams
Real-time feed of active vulnerabilities, escalation status, SLA countdowns, and system health. Refreshes every 90 seconds. The Log4j response compressed from a 45-day remediation cycle to 72 hours because the operational layer caught the exposure the moment Qualys ingested the scan.
Live Product Demo

All four dashboards. Fully interactive.

Working prototypes of the four dashboard archetypes shipped in the platform. Click the tabs to switch between them.

Strategic Dashboard - C-suite and board-level view. Tracks long-range compliance KPIs against regulatory targets. Refreshes weekly. Answers: Are we on track, and where are the headline risks?
Compliance Rate
78.4%
+43pts from baseline
Avg Remediation Time
45 days
Down from 120 days
Critical Findings (QTD)
0
Zero repeat in OCC review
SLA Adherence
99.2%
Above 95% target
Compliance Rate vs Target - Quarterly
Platform Health Pillars
CCM Compliance Engine
91%
Audit Evidence Readiness
86%
Remediation Velocity
78%
Asset Owner Adoption
72%
Regulatory Transparency
95%
Regulatory Risk Trend - Monthly
Analytical Dashboard - Audit teams and risk analysts. Historical drill-downs, segment comparisons, root-cause analysis. Answers: Why is this happening and which business units are driving the risk?
Open Vulnerabilities by System
Remediation Win Rate by BU (%)
Violation Severity Funnel
Critical
847
847
High
524
524
Medium
318
318
Low
151
151
Info
69
69
Business Unit Compliance Scorecard
Business UnitAssetsComplianceTrend
Corporate Banking4,12085%+12pts
Retail Banking8,94074%+8pts
Capital Markets2,38071%+2pts
Technology Infra6,20082%+18pts
Wealth Mgmt1,64065%-3pts
Interactive Dashboard - SecOps, BISOs, and asset owners. Real-time filters let teams slice by severity, system, or business unit. Answers: What does the exposure look like if I isolate just my environment?
Filters
All Severities
Critical
High
Medium
All Systems
Qualys
CrowdStrike
Akamai
IVM
SLA Days Remaining ≤ 90 days
Filtered Vulnerability Trend (past 12 weeks)
Matched Results
Vulnerabilities In Scope
1,909
Avg Days to SLA Breach
28.4
Estimated Remediation Effort
382 FTE-hrs
Exposure by System
Operational Dashboard - Compliance managers and NOC teams. Updates every 90 seconds. Answers: What is happening right now and does anything need immediate escalation?
CCM Uptime
99.97%
All systems nominal
Qualys Scan Lag
6.2 min
Within 10-min SLA
Active Tickets
3,847
Auto-assigned
SLA Breaches (live)
2
Escalated to CISO
Live Remediation Throughput (tickets closed / hr)
System Health
CCM + Qualys
97%
Splunk Data Lake
99%
IVM Dashboard
74%
ServiceNow CCM API
100%
AVR Connector
58%
Active Alerts
CriticalAVR connector latency spike - 8.2s response time1m ago
Critical2 IVM tickets breached 90-day SLA - auto-escalated4m ago
WarningQualys scan lag approaching 10-min threshold9m ago
InfoNightly batch complete - 98.7% ticket assignment success2h ago
Implementation

18 months. Four phases. No big-bang launches.

The delivery was deliberately sequenced to ship working value every 60 days rather than waiting 18 months for a complete platform. Each phase reduced analyst burden and built stakeholder trust before the next phase raised the ambition.

Phase 1 - Days 1 to 15
Foundation and Data Lake
Stood up the Splunk data lake. Integrated Qualys as the first security feed. Established ServiceNow CMDB accuracy at 95%+, the most critical dependency for correct ticket assignment downstream.
Phase 2 - Days 16 to 30
Workflow Automation
Deployed ServiceNow CCM with custom assignment logic. Built the multi-tier escalation framework. Integrated CrowdStrike and Akamai feeds. First operational dashboard went live for the compliance team.
Phase 3 - Days 31 to 45
Stakeholder Enablement
Deployed the strategic, analytical, and interactive dashboards for executives, audit, and SecOps teams. Launched the self-service regulatory portal. Activated automated remediation for 15 common vulnerability patterns.
Phase 4 - Days 46 to 60
Optimisation and Scale
Implemented consequence models driving 95% SLA adherence. Added predictive analytics for compliance risk trending. Expanded coverage from the original CCM scope to all 7 compliance systems enterprise-wide.
Final Outcomes

Numbers that survived four regulatory reviews.

380%
Annual ROI (conservative, excluding $3.2B fine avoidance)
70%
Reduction in analyst data-aggregation time, freeing 12 FTE equivalent
80%
Reduction in audit evidence collection effort per quarterly cycle
60%
Fewer third-party audit findings through continuous compliance visibility
72 hrs
Full Log4j remediation across 2,847 assets. Previous baseline: 30 to 45 days
Zero
Repeat findings in all four OCC consent order quarterly reviews
Lessons Learned

What I would do differently, and what I would repeat exactly.

CMDB Accuracy Is the Real MVP
We spent three months fixing ServiceNow CMDB before writing a single line of dashboard code. Every stakeholder pushed back on the delay. In hindsight, that investment was the single highest-leverage decision of the entire programme. If asset ownership data is wrong, no amount of automation produces the right outcome.
Dashboard Type Determines Adoption
The original brief asked for "one dashboard for everyone." We pushed back hard and won. Within six months of launch, each of the four dashboard types had over 90% adoption in its target audience. The previous single-PDF approach had near-zero actionable engagement. Serving every audience with one format serves nobody.
Consequence Models Change Behaviour
Visibility alone does not drive compliance. It was not until we implemented automated escalation to managers at 30 days and HR at 90 days that SLA adherence jumped from 68% to 95%. Dashboards inform. Consequence models act. You need both.
Phase Delivery Builds Political Capital
Shipping the operational dashboard in Phase 2, six months before the full platform was complete, meant the compliance team became our most vocal internal advocates. Their endorsement unlocked executive sponsorship for the more expensive analytical and strategic layers that came later.

Building compliance infrastructure that actually works is a product discipline, not a headcount problem.

If your organisation is navigating regulatory pressure, modernising legacy GRC systems, or trying to give the right data to the right audience at the right time, I would welcome a conversation.

Start a Conversation View Full Portfolio
More Case Studies
OCC Renaissance ↗ Compliance Platform ↗ Compliance Governance ↗ VoteGuard ↗ Family Wealth Simulator ↗ EmPact ↗
Disclaimer: The views, analysis, and observations expressed in this case study are solely my own and do not represent the positions, strategies, or opinions of any organisation I have worked with or any affiliated entity. This case study is published for professional visibility and portfolio purposes only. All figures referenced are based on my personal recollection and have been generalised where appropriate to protect confidential information.