Summary
Overview
Work History
Education
Skills
Certification
Affiliations
References
Timeline
SeniorSoftwareEngineer
John Cornwell

John Cornwell

Security|Privacy|Digital Trust
Euclid,OH

Summary

Dynamic Lead Security Governance Analyst at UPMC with a proven track record in risk management and compliance. Expert in GDPR and HIPAA, I excel in developing robust IT policies and training teams on security best practices. Passionate about enhancing digital trust and mitigating vulnerabilities through innovative solutions and effective leadership.

Overview

10
10
years of professional experience
1
1
Certification

Work History

Lead Security Governance Analyst, TPRM Manager

UPMC
Remote, OH
07.2020 - Current
  • Partners with key stakeholders in the business, and with third parties, to identify, assess, aggregate, and document IT processes, risks, vulnerabilities, and controls.
  • Performs risk assessments, identifies IT controls for significant processes, and develops test procedures for readiness.
  • Lead the development of IT policies and procedures necessary to mitigate risk assessment and risk report exposures.
  • Trains staff, process owners, and IT control owners in compliance with policies, standards, procedures, security, and relevant regulatory requirements.
  • Communicates the results of risk assessments to management and process owners.
  • Develops and implements continuous monitoring programs for IT risk and vulnerability management, as well as IT compliance programs.
  • Participates in an advisory capacity on system implementation, third-party risk assessments, vendor management, and special management requests. Suggest ways to improve compliance and security.
  • Evaluates emerging cybersecurity trends and threats, and drafts effective security controls to mitigate vulnerabilities and risks.
  • Uses best practices and knowledge of internal and external business strategies, opportunities, and trends to proactively address business and compliance issues.
  • Lead in maintaining corrective action programs for security.
  • Lead tracking corrective actions and/or audit findings in collaboration with Security Core Function Area Managers (CFAMs).
  • Lead with the execution and maintenance of the Cybersecurity Capability Maturity Model (C2M2), HITRUST, SOC 2 Type 2, HIPAA, and GDPR.
  • Provided leadership during times of organizational change or crisis situations.
  • Ensured compliance with regulatory requirements and industry standards.

Data Protection Analyst, EDiscovery

Cuyahoga County
Cleveland/Remote, OH
10.2018 - 02.2022
  • Conducts forensic investigations of computers, and other electronic devices or systems (including digital and electronic media). Consults with investigators to determine appropriate search parameters for each case. Writes concise reports detailing findings.
  • Evaluates the effectiveness of the IT governance structure to determine whether IT decisions, directions, and performance support the organization’s strategies and objectives. Manages and maintains data integrity pertaining to County business, identifies system data, hardware, or software components required to meet business needs.
  • Ensures that all electronic data obtained and produced is kept confidential. Following the strictest privacy standards related to PII, PCI, and HIPAA.
  • Analyzes, evaluates, reviews, and documents user permissions and security parameters. Performs security reviews for the provisioning, ongoing monitoring, and termination of access for County systems. Evaluates and assists in the design, implementation, maintenance, monitoring, and reporting of system and security controls to verify the confidentiality, integrity, and availability of information.
  • Technical support for network connectivity, system administration, applications, and training as needed.
  • Serves as a contact with other government agencies for computer and electronic data requisitions.
  • Studies and monitors existing systems to ensure integrity, and assess for required upgrades. Research available solutions for optimization.
  • Installs new solutions. Designs and implements security solutions and training materials.
  • Utilized document management system to organize company files, keeping up-to-date and easily accessible data.
  • Analyzed key performance indicators to identify effective strategies.
  • Audited company's legal documents to verify compliant policies and procedures.
  • July 2020 – February 2022, part-time.

Network Administrator

Armstrong County IT
Kittanning, PA
04.2015 - 09.2018
  • Establishes network specifications, performance, and maintains network optimization and security via router and firewall administration, configuration, testing, troubleshooting, and monitoring. Performs pentesting in accordance with and in support of security plans.
  • Establishes processes for the County's cyber security plan.
  • Installs and supports LANs, WANs, network segments, and virtual servers.
  • Maintains and monitors network facilities, servers, VPNs, gateways, and intrusion detection systems.
  • Confers with vendors, developing, testing, evaluating, and installing network/security enhancements and upgrades.

Business Systems Analyst

State Farm
Ford City, PA
11.2015 - 04.2016
  • Administer and maintain business applications (on-prem and cloud-based), network, hardware solution implementation and general IT support.
  • Manages social media accounts.

Education

MBA - Digital Law & Technology

Northern Kentucky University
Newport, KY
08.2025 - Current

Master of Science - Information Systems Security

University of The Cumberlands
Williamsburg, KY
05.2019

Bachelor of Science - Information Technology

Colorado State University
Fort Collins, CO
11.2015

Bachelor of Science - Management Information Systems

Indiana University of Pennsylvania
Indiana, PA
05.2015

High School Diploma -

West Shamokin Jr/Sr High School
Rural Valley, PA
06.2008

Skills

  • Privacy compliance and digital trust: expertise in GDPR, CCPA, HIPAA, HITRUST, and ISO/IEC 27001 standards, skilled in managing personally identifiable information (PII), PCI data, and sensitive health information
  • Risk management and governance: proficient in IT GRC frameworks, risk assessments, and vulnerability management, experience with FAIR analysis, and continuous monitoring programs
  • Regulatory policy implementation: deep knowledge of domestic and international regulatory policies and their application in organizational settings
  • Technical proficiency: Hands-on experience with tools like Splunk, Nexpose, LogicGate, eDiscovery platforms, Microsoft 365 Security and Compliance Center, and digital forensics tools
  • Security program development: Proven track record in creating IT policies and procedures to mitigate risks and ensure compliance
  • Training and leadership: skilled in training teams on compliance protocols, security best practices, and regulatory requirements

Certification

  • Certified Data Privacy Solutions Engineer (CDPSE) - ISACA
  • Digital Trust Associate - DigiCert
  • Certified in Data Protection (CDP) - Identity Management Institute
  • Certified Identity and Security Technologist (CIST) - Identity Management Institute
  • Certified GRC Professional - OneTrust Privacy
  • Network Security Expert (NSE) Associate 2 - Fortinet
  • Certified Ethics Associate - IT (CEA-IT) Management and Strategy Institute
  • Project Management Essentials - Management and Strategy Institute
  • CyberArk Trustee - CyberArk
  • RiskLens FAIR Analyst - RiskLens
  • ISO/IEC 27001 Information Security Associate - Skillfront

Affiliations

  • FBI Infragard
  • Identity Management Institute
  • ISACA
  • Associate of Information Technology Professionals
  • Association for Project Management

References

References available upon request.

Timeline

MBA - Digital Law & Technology

Northern Kentucky University
08.2025 - Current

Lead Security Governance Analyst, TPRM Manager

UPMC
07.2020 - Current

Data Protection Analyst, EDiscovery

Cuyahoga County
10.2018 - 02.2022

Business Systems Analyst

State Farm
11.2015 - 04.2016

Network Administrator

Armstrong County IT
04.2015 - 09.2018

Master of Science - Information Systems Security

University of The Cumberlands

Bachelor of Science - Information Technology

Colorado State University

Bachelor of Science - Management Information Systems

Indiana University of Pennsylvania

High School Diploma -

West Shamokin Jr/Sr High School

Similar Profiles

CREATE PROFILE
John CornwellSecurity|Privacy|Digital Trust
Resume profile built at Resume-Now.com