Information Security Risk Management
Resume:
JOHN WESTBROOK
***** ******** **** *****, *******, Texas 77077
615-***-**** ************@*****.***
CHIEF INFORMATION SECURITY OFFICER
Q U A L I F I C A T I O N S P R O F I L E
Accomplished, multifaceted, and top-performing professional with extensive experience in information security and risk management in diverse industries. Armed with solid background in developing policies and programs for the mitigation and/or reduction of compliance, operational, and reputational security risks relating to the protection of data, systems, and technology. Adept at implementing tactical technology and security roadmaps with business alignment to deliver exceptional security and privacy solutions. Equipped with strong communication and interpersonal aptitudes in building positive relationships with cross-disciplinary and multicultural executives, decision makers, and key stakeholders. A R E A S OF E X P E R T I S E
Cybersecurity IT Governance Identity and Access Management Program Administration Security Architecture Threat, Incident, and Vulnerability Management Project Management System Maintenance Cost Benefit Analysis
P R O F E S S I O N A L E X P E R I E N C E
TEXAS CHILDREN’S HOSPITAL HOUSTON, TX (2019−PRESENT) Assistant Director, Cybersecurity 2020−Present
Ensure strict compliance with regulatory standards and the National Institute of Standards and Technology
(NIST) framework within the hospital.
Design executive summaries to notify the time of discovery of new vulnerabilities and exploits.
Organize workflow and processes for SailPoint and BeyondTrust.
Take full charge revamping and developing governance, risk management, and compliance (GRC) and insider threat program for policies and procedures practices
Direct team for the execution of deception network platform and creation of standard operating procedures for information technology (IT) general controls (ITGC) intended for distributed IT.
Serve as a member of steering committees, accountable for hospital compliance, IT risk management, organizational resilience, policy and procedures, and emergency management
Conduct tabletop exercises for executives and technical staff to discuss and make proper ransomware decisions.
Oversee a program to devise an executive dashboard raising awareness of enterprise risks such as compliance, patient safety, third-party risk, insider threat, and data loss risk.
Created awareness program, thus reducing the rate of phishing clicks from 13.6 to 2.4 through the following initiatives:
o Development and submission of presentations to executives, leaders, and staff; o Establishment of cyber awareness and interactive fun trainings; and o Execution of KnowBe4 program.
Manager, Core Infrastructure and Security Operations 2020
Assumed responsibility for the network operations center, security operations, and directory services to promote synergies within the enterprise.
Formulated a 90-day plan to analyze the health of numerous systems as well as the occurrence of security and infrastructure gaps.
Directed the evaluation of all logging of events and alerts to eliminate false positives in the environment.
Keenly assessed all contracts, consequently decreasing a budget of $4.5M.
Successfully led an identity management and account provisioning project from inception to go-live, which minimized account provisioning times from two weeks to four days, while redesigning Active Directory
(AD), organizing all user accounts, and complying with internal and audit specifications for account removals.
Spearheaded various chief information technology (CIO) IT optimization (ITO) projects for clients in consumer goods, oil and gas, telecommunications, healthcare, and travel and leisure as a technical project manager for relating products to ITO applications, infrastructure, security, architecture, Project Management Office (PMO), data center, and network, as well as end-user computing, e-mail/collaboration, and help desk. JOHN WESTBROOK
11930 Carriage Hill Drive, Houston, Texas 77077
615-***-**** ************@*****.***
2 P a g e
Governance, Risk, and Compliance Manager 2019−2020
Supervised the GRC Team with 13 employees responsible in developing GRC processes and evaluating third- party vendors, as well as the Identity and Access Management (IAM)/Privileged Access Management (PAM) Team consisting of 14 members in maintaining account access and permissions.
Instructed the company’s leadership regarding strategies and risks within the hospital environment.
Promoted internal awareness of potential governance, compliance, and risks violations.
Managed the investigation of third-party breaches and subsequent impact on the company.
Established strong relationships with business and clinical teams to drive cyber risk awareness.
Devised strategies to improve the threat and vulnerability management tool.
Steered efforts in restoring healthy client relationships by serving as a front-line advocate for the client to the company and offering a great and well-coordinated client experience, thereby resulting in the extension of support contracts as well as an increase in the overall scope of the contracts. KPMG HOUSTON, TX (2017−2019)
Strategy and Governance Manager 2018−2019
Conducted cyber maturity analysis at a large energy company that included an in-depth examination of the company's assets and preparedness for cyber threats.
Assisted with the management of customer’s security platform by building two different security operations teams, which entailed the development of an operations and maintenance plan, key performance indicators
(KPIs) and metrics, and ServiceNow knowledge-based scripts as well as provision of support models which included formulas to explain the need for more resources.
Identified AD and non-AD applications for adherence to Sarbanes-Oxley (SOX) regulations by using a weighted system to comprehend the company’s risk of unauthorized access.
Administered the establishment of functional and business requirements for provisioning/de-provisioning of employee accounts, which entailed planning of business and workflows for engagement with Workday and ServiceNow platforms.
Formulated rules and procedures for managing cyber risk in global projects and initiatives, with the goal of streamlining GRC activities and incorporating cyber requirements for project approval.
Built a future state governance model for a large financial, energy, and insurance company, resulting in the creation of a security organization with industry-leading processes, procedures, and metrics.
Advised various companies with regulatory standards: HIPAA, HITECH, SOX, FERC, FEDRAMP and NERC- CIP
Manager, Cybersecurity Transformation 2017−2018
Used NIST framework in carrying out keen security assessments
Provided support to identity management and SharePoint technologies by restructuring various businesses infrastructure
Cultivated and sustained relationships with the business enabling 21 consulting engagements for Dell
Earned commendation as the subject matter expert (SME) for Microsoft products SIMEIO SOLUTIONS ATLANTA, GA
Security Engagement Manager 2014−2017
Functioned as customer’s strategic adviser in charge of creating roadmaps for future growth.
Rendered help in providing strategic suggestions regarding program and service management during the sales process, which included of the following:
o Recommendation of content on service management methodology; and o Assistance in framing a specific project opportunity in a high-level work plan, operations, and resource initiatives
Performed engagement planning and scheduling, involving resource allocation and statement of work (SOW) construction.
Held accountability in designing KPIs and metrics for senior executive dashboards and slide decks. JOHN WESTBROOK
11930 Carriage Hill Drive, Houston, Texas 77077
615-***-**** ************@*****.***
3 P a g e
Spearheaded the delivery of several IAM solutions, encompassing role-based access control (RBAC), automated life cycle management, and multifactor authentication as well as continuous access certification and PAM.
Worked closely with the Sales and Engagement Team, which extended support contract from three to five years securing a $15M total contract value, the largest contract in company history.
Efficiently devised customer service representative (CSR) strategy and practices to develop business, enterprise, and birthright roles that decreased time to onboard CSRs from two weeks to less than an hour while conforming with SOX rules.
TEKSYSTEMS − COMMUNITY HEALTH SYSTEMS NASHVILLE, TN Program Director 2011−2014
Evaluated several hospitals to assess security gaps and creating strategic plans for clinical applications deployment
Served as an effective liaison between corporate and hospital executives, with tasks of providing with infrastructure security upgrades for a meaningful usage
Collaborated with corporate teams in ensuring adherence to the project schedule and go-live dates
Led the establishment of project management reporting for hospitals’ executives
Formulated efficient security training programs for newly hired project managers
Worked as the SME for security infrastructure implementations across Keane, Meditech, and Cerner clinical applications
Succeeded in completing clinical applications upgrades in 42 hospitals, thus achieving more than $15M revenue in a span of six months
E A R L I E R C A R E E R
HUNTER TECHNICAL SERVICES NASHVILLE, TN
Engineering Consultant, Dell Lead Technology
ARDENT HEALTHCARE SERVICES NASHVILLE, TN
Wintel Technology Manager
DELOITTE & TOUCHE NASHVILLE, TN
Senior System Engineer
E D U C A T I O N
Master of Business Administration, 2013
University of Phoenix, Tempe, AZ
Bachelor of Science in Information Technology, with Focus on Enterprise Security University of Phoenix, Tempe, AZ
C E R T I F I C A T I O N S
Microsoft Certified System Engineer
Information Technology Infrastructure Library (ITIL) V3 Foundations Certification Dell-Certified Technician
P R O F E S S I O N A L A F F I L I A T I O N S
Houston Infragard
Healthcare Information Management and System Society (HIMSS) Nashville Technology Council
Pi Kappa Alpha Fraternity
Contact this candidate