James Lay

· Leadership

· Developed and executed an enterprise IT strategy aligned to corporate goals and regulatory mandates, leveraging TOGAF-based enterprise architecture and strategic pillar models.

· Directed IT operations for a critical infrastructure organization, ensuring compliance with DHS and CISA guidelines through structured resilience and governance practices.

· Led implementation of Governance, Risk, and Compliance (GRC) frameworks using NIST Cybersecurity Framework and SOX controls to meet FDA, GMP, GLP, and SEC requirements.

· Integrated Technical Operations with IT to enable IoT-driven automation across lab instruments and production systems, applying secure-by-design and data integrity principles.

· Established a formal Vendor Risk Management function aligned with SOC 2 Type II and ISO 27001, including security clauses, review cadence, and access controls.

· Enterprise Applications and DevOps

· Directed modernization of core platforms, including ERP, PLM, QMS, LIMS, CLM, VDR, and Board Management, aligning enterprise systems with business capability requirements.

· Managed MSP DevOps operations for enterprise applications with CI/CD pipelines supporting AI-enhanced analytics and ML-driven genomic platforms in native cloud applications.

· Deployed and maintained public-facing web properties in a SOX-regulated environment using secure software development lifecycle (SDLC) best practices.

· Identity and Access Management

· Deployed an organization-wide Identity and Access Management (IAM) strategy across more than 40 platforms, implementing RBAC, SSO, and MFA based on Zero Trust architecture.

· Enhanced security posture by eliminating brute-force threats using adaptive authentication with Azure Entra ID and Okta.

Cybersecurity and Risk Management

· Designed a layered Defense in Depth strategy including air-gapped SIEM, EDR, IDS, and XDR systems, supporting incident detection and forensic analysis.

· Replaced legacy VPN infrastructure with Meraki SASE and AnyConnect integrated with SAML-based SSO and MFA for secure remote access.

· Enforced email authentication standards (SPF, DKIM, DMARC), eliminating over 800 domain allowlists and mitigating delivery and impersonation risks.

· Implemented a ransomware-resilient backup architecture across hybrid infrastructure, supported by redundant encrypted data paths.

· Standardized security operations with automated and manual response workflows, integrating governance KPIs and SOAR readiness.

· Infrastructure and Operations

· Developed and implemented segmented network architecture standards for cleanroom, laboratory, and manufacturing zones, aligned to GxP and Zero Trust Network Access (ZTNA).

· Replaced legacy helpdesk platforms with Zendesk integrated into an ITSM ecosystem that included RMM, change approval workflows, and AI agent functionality.

· Re-implemented Microsoft Intune and RMM tools for endpoint lifecycle management, client backups, and secure configuration enforcement.

· Achieved 99.95 percent system uptime and reduced infrastructure costs by 38 percent through hybrid cloud optimization, vendor consolidation, and capacity planning.

• Defined and executed a cloud-native IT strategy supporting business objectives leveraging IaaS (Terraform) and SaaS solutions across AWS, Google Cloud, and Microsoft 365, aligned with enterprise architecture and digital transformation goals.
• Deployed an enterprise-wide cybersecurity program based on NIST Cybersecurity Framework.
• Built a secure and scalable AWS infrastructure using Infrastructure as Code (IaC), applying SDLC and CI/CD pipelines to support DevOps and production workloads.
• Implemented IT compliance frameworks aligned with FDA 21 CFR Part 11, SOX, and CLIA standards, including role-based access control (RBAC) and change management governance.
• Oversaw facilities operations, physical security controls, and data center continuity protocols, ensuring alignment with business continuity and disaster recovery (BCP/DR) best practices.

• Managed a 12 month and 3-year IT Roadmap aligned with the Business Strategy and executed successfully.
• Developed and executed both a 12-month and 3-year IT roadmap aligned with corporate objectives and liquidity event planning, using TOGAF-aligned strategic pillars and capability-based planning models.
• Led the project for merging of enterprise ERP systems, integrating Oracle, Salesforce, and Workday platforms as part of M&A transaction planning and execution, using reference architecture and integration governance principles.
• Directed ERP DevOps initiatives and delivery workflows for orchestration tools, R&D, and financial forecasting systems, applying full SDLC and change control practices.
• Enabled 20 percent year-over-year growth by aligning IT portfolio investments with business objectives and capability outcomes.

• Developed and executed an accelerated IT roadmap aligned with corporate objectives and liquidity milestones, using TOGAF strategic planning and architecture methods to deliver digital transformation of ERP, CRM, and collaboration platforms within a 12-month horizon.
• Led hybrid project teams in modernizing core enterprise applications, including Epicor ERP, Microsoft Dynamics 365 Finance and Operations, and customer relationship management systems, applying Agile project delivery.
• Migrated several legacy collaboration and file systems to Microsoft 365, enhancing data accessibility, governance, and cost optimization while aligning with Zero Trust architecture and data classification standards.
• Designed and implemented a custom Configure, Price, Quote (CPQ) system for complex medtech product lines, integrating with Dynamics 365 to automate quoting, order entry, and shop floor orchestration—delivering operational efficiency through DevOps and full SDLC practices.

• Aligned IT strategy and multiyear roadmap with corporate strategic objectives and compliance requirements using COBIT-aligned governance models and TOGAF-8 enterprise architecture methods. Ensured alignment with SOX, FDA, and T
• V regulatory mandates.
• Migrated on-premises infrastructure to a high-availability, disaster-resilient colocation data center with hierarchical physical and logical controls. Designed the environment for high reliability and regulatory auditability.
• Reduced data center operating costs by 75 percent and improved disaster recovery time from 8 weeks to 8 hours through implementation of a full-scope Business Continuity and Disaster Recovery (BCP/DR) program, with regular compliance testing.
• Led integration of IT systems with Internet of Medical Things (IoMT) devices embedded in clinical instrumentation, enabling remote telemetry and lifecycle management.
• Directed internal and vendor teams to modernize enterprise systems, including Microsoft Dynamics 365 ERP migration from Epicor and integration with Salesforce.com.

• Led full lifecycle design, development, deployment, and support of commercial software products for both B2C and B2B markets, applying SDLC principles and Agile delivery practices.
• Designed and engineered TaskClarity, a .NET-based portfolio and project management application, supporting advanced drag-and-drop user interfaces, dynamic resource balancing, and configurable planning tools, integrated into enterprise workstreams.
• Developed and maintained a web-based counterpart to TaskClarity using ASP.NET, ensuring feature parity and performance across browser-based delivery models.
• Managed DevOps processes across release automation, feature rollout, and integration pipelines, including e-commerce deployment, client update automation, and license management, built for compatibility across Windows XP to Windows 7 and Mac OS X 10.0 to 10.6.
• Achieved commercial adoption across more than 500 licensed corporate users and approximately 5,000 active users, implementing ITSM-based support and client engagement processes.

• Developed and executed rolling 1- and 3-year IT roadmaps directly aligned with enterprise strategy, leveraging data-driven requirements principles, strategic theme mapping, and value-stream prioritization.
• Led post-acquisition IT integration initiatives across infrastructure, applications, and identity platforms, following structured M&A IT Integration Management Office (IMO) models with milestone-driven plans.
• Directed enterprise digital transformation of ERP (IFS), PLM (Agile), MES (Radcor), and BI (SAP) systems using SDLC in a regulated environment with Agile methods, enhancing operational efficiency and reporting maturity.
• Implemented SOX/ITGC control environments and FDA 21 CFR Part 11/820 compliant systems to meet GxP and audit-readiness requirements, applying COBIT-aligned IT governance. Multiple successful FDA Audits.
• Designed and built a high-reliability, fault-tolerant data center supporting multi-facility campus operations, incorporating redundant environmental controls and NIST-based infrastructure segmentation.

• Directed enterprise IT strategy aligned with a $2B cooperative's strategic objectives, applying data-driven planning to define roadmap priorities, requirements, and capability gaps.
• Executed a full transformation of core business systems including ERP (JBA on AS/400) and transportation/logistics management platforms, enabling end-to-end operational visibility and control.
• Applied SDLC in design, deploy and management of the MIRS (Manufacturer Incentive Reconciliation System), a scalable data aggregation and reconciliation platform that (at that time a novel goal) integrated real-time transaction data from over 100 high-volume distributors along with hundreds of suppliers.
• Achieved a 20 percent annual increase in recovered revenue by enhancing cross-entity financial tracking, audit integrity, and exception management through MIRS.
• Ensured all transformations were supported by structured change management, user training, and ongoing support models.