Christopher Johnson
Brooklyn,NY
Summary
I am a senior security professional with a robust background in information technology spanning the Financial, Technology, and Insurance sectors. I bring deep expertise in support, integration, and project management across diverse desktops, servers, and security toolsets. My specialization in Information Security and Assurance encompasses Enterprise Security, Security Risk Management, Cyber Attack response, and incident handling. I am proficient in key security frameworks and standards, including NIST CSF, ISO 27001, and CIS 20, as well as regulatory requirements such as NYDFS500, FFIEC, GLBA, and GDPR. My technical knowledge spans critical areas such as Incident Response, Advanced Endpoint Security, Network Security (Firewalls, Network Access Controls), SIEM, and Email Security. I thrive in dynamic, deadline-oriented environments, recognized for my strong communication skills and ability to foster positive relationships with end-users, management, and colleagues alike.
Overview
22
22
years of professional experience
1
1
Certification
Work History
Principal Business Consultant, Cyber and Information Security
Infosys Consulting/Technology Transformation
07.2003 - Current
- Lead the design and delivery of client advisory, solution delivery and organizational transformation engagements in standalone projects or as part of wider client programs.
- Provide guidance to Technology Infrastructure and Software Development teams on all aspects of client risk and control.
- Coordinate information security responses across the organization to regulatory examinations, attestations, client due diligence questionnaires, major events/incidents, and performing gap analyses against new or updated mandates.
- Develop or perform a periodic basis regarding the status of the information security program and key initiatives to regulators, Board, CIO’s or other responsible individuals or committees.
- Partner within CISO team and with other internal stakeholders to provide oversight of and remediate cyber-related matters.
- Managed client NYDFS 500 Cybersecurity 2023 attestation program.
- Evaluated client security stack provided recommendations to management.
Information Security Officer (VP)
Mizuho America
09.2018 - 02.2023
- Member of the CISO team that guides the design, development, and deployment of secure technical architectures, security standards and procedures, incident response, and information security policy challenges.
- Evaluated security products and vendors and provided recommendations to CISO.
- Participated in the adoption of a zero-trust security framework where verification is required from everyone trying to access resources within the network.
- Interacted with internal audit and regulators to communicate IT controls and their effectiveness.
- Managed Mizuho Americas consolidated cyber security exercise calendar.
- Collaborated with the resilience management team to enhance understanding of the effects and strategies related to cyber threat and risk resilience.
- Provided guidance to Technology Infrastructure and Software Development teams on all aspects of Cyber and Technology risk and control.
- Facilitates multiple forms of exercising such as workshop, tabletop, and functional exercises
- Performing security assessments of new applications and changes.
- Oversaw the implementation of robust security measures for cloud environments to ensure data protection and compliance.
- Drove the implementation and maintenance of a strong control environment.
Product Cyber and Information Security Risk Analyst (AD)
UBS Bank U.S.A
04.2017 - 09.2018
- Banking Group subject matter expert on Cyber and Information Security related issue reporting to Bank Risk Officer Reported to Senior Bank Management on cyber security initiatives and status on a quarterly basis.
- Developed and managed Cyber and Data security risk oversight process for the Bank and provide remediation updates to senior management.
- Managed and maintain the Bank’s threat and vulnerability program including asset management, vulnerability scanning and triage, remediation planning and coordination, management of Bank threat intelligence capabilities; coordinated penetration testing; and relevant reporting to management as needed.
- Monitored cybersecurity development initiatives and performing continuous risk assessments of affiliates
- Risks to the bank.
- Coordinated general IT and cyber risk assessments, risk map maintenance; KRI reporting as needed; development and maintenance of IS processes, procedures, standards and guidelines.
- I ensure that IT RCSAs are complete and thoroughly address all aspects of risk.
- Drove the implementation and maintenance of a strong control environment
- Interacted with internal audit and regulators to communicate IT controls and their effectiveness.
- Provided guidance to Technology Infrastructure and Software Development teams on all aspects of Cyber and Technology risk and control.
- Member of Wealth Management America Cyber crisis response working group, Bank Technology Committee, UBS Group Cyber Threat and Information Security Management Committee.
Education
M.S. - Computer Science, Information Security and Assurance
Western Governors University
Salt Lake City, UtahB.S. - Information Assurance and Security
Capella University
Minneapolis, MinnesotaSkills
- All Windows Desktop and Server OS, Linux (Kali, OpenSUSE, Ubuntu) and Mac OS
- Skilled in utilizing technologies: Archer, JIRA, HP ArcSight, QRader, Splunk, ServiceNow, Anomali, Blue Coat Proxy SG, Cisco ESA, Rapid 7 Nexpose, IBM Guardium, Tanium, Sentinel One, Hashi Vault, Azure Entra ID, Illumio zero-trust segmentation platform, CyberArk, Microsoft Defender for Endpoint, CrowdStrike Falcon XDR, SentinelOne Singularity, Palo Alto Cortex XSOAR, Tenable Nessus, Tanibleio, ExtraHop Reveal(x), Proofpoint Email Security and DLP, Symantec Endpoint Protection and Data Loss Prevention, Netskope CASB, Wireshark, MS PowerPoint, Project and Visio
Accomplishments
Accomplishment:
Directed second-line oversight of a digital asset custody platform, performing risk identification, scenario analysis, and control validation around key areas such as private key management, cold storage, and wallet authentication. Partnered with cybersecurity and operations teams to test resilience controls and define incident response playbooks for potential asset loss or compromise.
Outcome:
Improved operational readiness by implementing compensating controls for key storage and transaction validation processes, achieving a zero-loss record and enhancing regulator confidence in the custody platform’s resilience.
Certification
Certified Ethical Hacker
Timeline
Information Security Officer (VP)
Mizuho America
09.2018 - 02.2023
Product Cyber and Information Security Risk Analyst (AD)
UBS Bank U.S.A
04.2017 - 09.2018
Principal Business Consultant, Cyber and Information Security
Infosys Consulting/Technology Transformation
07.2003 - Current
B.S. - Information Assurance and Security
Capella University
M.S. - Computer Science, Information Security and Assurance
Western Governors University
Training
- Certified Ethical Hacker (C|EH) #: ECC81998470687
- Computer Hacking Forensic Investigator (C|HFI) #: ECC56182084010
- Microsoft Azure Security Technologies Training (AZ-500) – Learning Tree International
- Defending the Perimeter from Cyber Attacks Training – Learning Tree International