Summary
Overview
Work History
Skills
Certification
Accomplishments
Additional Work Project Organizations
Timeline
AssistantManager
John Barchie

John Barchie

Fernley,Nevada

Summary

Cybersecurity Subject Matter Expert (SME) and Manager/Consultant Founding President of the Silicon Valley Chapter of (ISC)2 21-plus years in Enterprise Risk Management and Risk Management Frameworks Over 150 audits performed emphasizing operational efficiency SME in security frameworks including NIST SP800-53 rev5, ISO 2700x, PCI DSS, and COBIT.

Information Security Specialist with passion for aligning security architecture plans and processes with security standards and business goals. Extensive experience developing and testing security framework for cloud-based software. Versed in robust network defense strategies.

Overview

16
16
years of professional experience
10
10

Certifications

Work History

Principal

Barchie Consulting
01.2008 - Current
  • Enabled companies to achieve their cybersecurity goals including facilitating an understanding with executive and senior management of their responsibilities in their new regulatory environments
  • Chartered information security programs including budgeting and team building
  • Knowledge skills: Privacy and information technology regulatory environments like GDPR, NIST, NISPOM, SOX, FFIEC, FedRAMP, PCI and HIPAA are a specialty
  • Firewall rules development, FAS 86 software feasibility studies, independent security reviews including SOX and SSAE 16 audits and penetration testing
  • Worked with existing security and IT departments providing deliverables including: information security programs and policies, business impact analysis and information security risk assessments.
  • Skilled at working independently and collaboratively in a team environment.

Director of GRC, Governance, Risk and Compliance

Hearst
01.2022 - 01.2023
  • Directed a team of GRC professionals to create charge back services for GRC functions, third party risk management, change control, security awareness and business impact analysis
  • Worked with senior management to identify stakeholders, create metrics, charter committees, and create a risk management framework
  • Collaborated with legal team to establish the due diligence necessary to work with a wide range of cybersecurity and privacy business functions.

Director and Global Head of Information Security Compliance

8x8 Inc.
01.2019 - 01.2022
  • Successfully guided the organization through the expanding international regulatory landscape
  • Assisted the organization through three SOC 2 Type 2 audits
  • Created the vendor due diligence program
  • Worked directly with Legal and IT to monitor and inform the organization of regulatory and compliance risk
  • Reviewed contracts for security clauses and worked with Purchasing to risk assess vendors being onboarded
  • Participated in the Security Team architectural review and due diligence approach to security
  • Oversaw the FISMA, PCI DSS, SOC 2 type II, HIPAA, NIST, and ISO audits, prepared the organization for smooth onsite and remote audits.

West Coast InfoSec Practice Manager

OpenSky Corporation
01.2016 - 01.2017
  • Advised various state and Fortune 500 organizations regarding their Board reports
  • Functioned as organizational CISO or DPO
  • Integrated cybersecurity principles into regular business activities
  • Established GRC functions
  • Prepared organizations for HIPAA and GDPR compliance
  • Established risk management frameworks (RMF) and NIST
  • Created Secure Software Development Lifecycles (SSDLC).

VP of Cybersecurity Sales

Tech Mahindra
01.2018 - 01.2019
  • Established and/or enhanced information security programs in some of the world’s largest and most interesting healthcare, manufacturing, financial and high-tech companies
  • Proselytized the next generation of cybersecurity solutions that effectively mitigate malicious criminal intent and State actors
  • Built and deployed security products on behalf of Tech Mahindra
  • Identified and mentored cybersecurity startups and Fortune 100 companies through evangelizing innovative technologies and analyzed existing accounts to identify cybersecurity needs
  • Developed or fine-tuned the cybersecurity catalog of services to match the wide array of security needs within Silicon Valley organizations
  • Worked with startups to empower their vision of the next generation of cybersecurity tools and integrate them into the Tech Mahindra Managed Security Service Platform (MSSP).

Cybersecurity Consultant

Arrakis Consulting
03.2017 - Current
  • Created articles and other policy positions concerning the regulatory cybersecurity environment regarding CMMC, GDPR, NIST, ISO 27000 series, FFIEC, FedRAMP, etc
  • Collaborated with existing customers to set up compliance with regulatory and contract obligations surrounding cybersecurity risk
  • Established Incident Response Plans and exercises, business impact analysis (BIA), risk assessments, Board of Director reports, and consulted with Legal departments.
  • Self-motivated, with a strong sense of personal responsibility.
  • Skilled at working independently and collaboratively in a team environment.
  • Reduced cyber threats by implementing robust security frameworks and incident response plans.
  • Enhanced network security by conducting comprehensive vulnerability assessments and penetration tests.

Skills

  • Information Governance
  • Security Policy & Plans Development
  • Compliance Management incl HIPAA, ISO 2700x, PCI DSS, COBIT
  • Security Frameworks, NIST SP800-53 rev 5
  • Security Planning, Auditing, Assurance
  • Security Training
  • Information Protection
  • Network Security incl Penetration Testing
  • Risk & Vulnerability Assessment
  • Incident Response & Disaster Recovery
  • Business Continuity
  • Cloud Security

Certification

  • RP Registered Professional (RP for CMMC)
  • CRISC Certified in Risk and Information Systems Control
  • CISSP Certified Information Systems Security Professional
  • CISM Certified Information Security Manager
  • CNE Certified Novell (NetWare) Engineer
  • CNA Certified Novell Administrator (GroupWise)
  • MCSE Microsoft Certified Systems Engineer (NT4 and 2000)
  • MCSA Microsoft Certified Systems Administrator (Windows 2000)
  • MCP Microsoft Certified Professional (IIS)
  • CSE Corel Certified Systems Engineer (Word Perfect)

Accomplishments

Administrative/Management: Worked with the Big 4 firms. Implemented HIPAA inspired security programs for hospitals. Accomplished multiple ATOs for defense contractors. Presented Board-level talks regarding the top five cybersecurity risks to billion-dollar institutions. Managed 20+ person teams to build data warehouses and deliver software. For high technology firms provided GRC program implementation and successful SOC 2 reports. Provided Risk Assessments and successful regulatory reviews for financial institutions. Provided pre-preparation for organizations interested in achieving FedRAMP.

Technical: Implemented AI managed network traffic analysis. Implemented secure hybrid cloud technology stack to secure public data. Used protocol analyzers to evaluate encryption in transit. Evaluated cryptography for FIPS 140-2 compliance.

Additional Work Project Organizations

  • NASA
  • HP
  • VISA
  • PayPal
  • Quantum
  • A10Networks
  • SCIF
  • KPMG
  • Nikon
  • Sony
  • KLA Tencor
  • Boeing

Timeline

Director of GRC, Governance, Risk and Compliance

Hearst
01.2022 - 01.2023

Director and Global Head of Information Security Compliance

8x8 Inc.
01.2019 - 01.2022

VP of Cybersecurity Sales

Tech Mahindra
01.2018 - 01.2019

Cybersecurity Consultant

Arrakis Consulting
03.2017 - Current

West Coast InfoSec Practice Manager

OpenSky Corporation
01.2016 - 01.2017

Principal

Barchie Consulting
01.2008 - Current

Similar Profiles

CREATE PROFILE
John Barchie