Bruce Bryner

Information Security leader with a strong track record in developing and maturing enterprise security programs. Focused on aligning security initiatives with regulatory compliance and organizational objectives, while fostering a culture of collaboration and security awareness. Expertise in building resilient frameworks that address industry-specific regulations and enhance overall security posture.

• CISSP – Certified Information Systems Security Professional
• CHPS – Certified Healthcare Privacy & Security

• ACM Global Labs, Elmgrove, NY, Business Information Security Officer, 01/01/22, Present, Positioning ACM to achieve a resilient Information Security Management System., Navigating the complexities of a multi-faceted international company to build an ISMS maturation and risk remediation project plan., Successful staffing justification, hiring and training of a formal information security department., Policy, SOP, Process, and documentation development., Driving new business processes and IT projects to align the corporation to industry security standards., Orchestration of culture shift toward security compliance., Staging to meet the demands of highly regulated client auditors., Establish and lead data security governance., Lead penetration testing and system hardening efforts in relation to proprietary cloud-based business systems., Development of a compliance dashboard to provide easily consumable indications of security program compliance., Development of enhanced security training and awareness program., Development of various security plans, including a communications plan, vulnerability management plan, disaster recovery plan, and vendor risk management plan., Demonstration of security maturation through the review and edit of client contracts and RFIs., Development of an internal security control audit program to assure corporate security compliance.
• Cardinal Health, Dublin, OH, Business Information Security Officer, 01/01/20, 12/31/22, Engaging with IT, business teams and members of the Information Security team to prioritize information security risk identification/mitigation., Thought leader and information security operations oversight., Being a trusted partner for Cardinal’s Pharma business segment., Reviewing and advising on security architectural designs to follow 'Defense in Depth' strategies., Measuring the business value of security and risk mitigation activities., Contract management – security language review., Engage in regular cadences with cross-functional teams to ensure security adherence, process improvement, and information security program improvement., Identifying security goals, objectives and metrics specific to the assigned business segment to show continued improvement of security posture., Socialize and manage the implementation of information security policy, standards, guidelines and procedures., Assist in prioritizing information security initiatives and spending within business segment., Ensure information technology compliance including data privacy and other regulations.
• Beacon Health System, South Bend, IN, Information Security Administrator/designated Information Security Official, 01/01/15, 12/31/20, Develop, implement and monitor information security program and strategy., Security risk and compliance assessment; mitigation strategy & implementation., Develop corporate information security policy/procedure and audit protocols., Prioritize risk mitigation activities based on potential business impact., InfoSec system solution architecture/development/cost negotiations., Develop and chair Information Security Committee; participation in corporate data governance., Third party/business associate/new initiative risk review., Gap analysis & security controls evaluation aligned with NIST and other information security frameworks, and state & federal regulation., Develop and oversee delivery of security/privacy training & awareness program., Incident response & event mitigation; incident response procedure development., Business Continuity/Disaster Recovery planning., Foster culture change to the betterment of Beacon’s overall data security posture., Guide cross-functional teams to new technology implementations.
• Indiana University, Multi-Campus, Various, IN, IT support manager, 01/01/92, 12/31/15, Hiring, mentoring and supervision of a team of technologists., Innovative solution development, several of which adopted University-wide., Development and delivery of secure coding instructional coursework., Developed IT user-support and information security processes, educational programs, strategy, system implementations., Conducted audit-preparedness consulting., Server, network, and security systems design, engineering and implementation., Engaged in University wide business continuity planning, documentation, review and coordination., Business liaison between University security office and all IU Regional campus IT centers., Security framework and security process guides development which were adopted University-wide., Emergent threat analysis and risk mitigation planning., Successfully devised and implemented a sensitive data retention policy/process, negotiating 100% compliance across all campus business and academic units., Developed Memorandums of Understandings between IT and academic units., Project management/leadership/staff supervision on a wide range of IT initiatives., Equipment acquisition & cost negotiation in excess of $1M annually.