Jonathan Treptow
Youngsville,NC
Summary
Strategic and results-driven Cyber Risk Management leader with over a decade of distinguished experience, excelling in identifying, assessing, and mitigating cyber risks across complex organizational landscapes. Proven success in designing and implementing robust risk management frameworks, policies, and procedures to protect critical assets and data. Proficient in conducting comprehensive risk assessments, vulnerability analyses, and threat modeling to proactively address cybersecurity challenges. Skilled in effectively communicating complex technical concepts to diverse stakeholders, fostering collaboration across teams to drive impactful risk reduction initiatives. Committed to staying at the forefront of emerging threats and pioneering innovative risk management strategies. Possesses exceptional leadership, analytical, and problem-solving skills, cultivated through extensive hands-on experience in the field. IT professional with 10 years of experience developing and implementing security solutions in fast-paced environments. Skilled in TPRM and GRC with proven history of delivering exceptional risk management support.
Overview
24
24
years of professional experience
1
1
Certification
Work History
Senior Cybersecurity Analyst
Johnson & Johnson
10.2023 - Current
- Conducted security audits to identify vulnerabilities.
- Performed risk analyses to identify appropriate security countermeasures.
- Recommend improvements in security systems and procedures.
- Organized professional with expertise in managing resources and optimizing performance. Proficient in providing valuable insights and supporting decision-making processes. Committed to enhancing productivity and contributing to overall success.
- Proved successful working within tight deadlines and a fast-paced environment.
- Used critical thinking to break down problems, evaluate solutions and make decisions.
- Demonstrated a high level of initiative and creativity while tackling difficult tasks.
Cyber Risk Management Team Lead Over GRC and TPRM
Labcorp
03.2020 - 10.2023
- Spearheaded the management of the TPRM team, ensuring flawless execution of tasks
- Developed comprehensive questionnaires tailored to each vendor's Statement of Work (SOW) to streamline onboarding processes
- Drove team expansion initiatives, overseeing recruitment, hiring, and training activities
- Pioneered the seamless integration of a new application for GRC/VRAs, enhancing efficiency and effectiveness
- Revamped VRA program documentation to capture metrics and risks accurately, bolstering risk management capabilities
- Led the transition from document tracking to real-time updates using Teams, fostering enhanced collaboration and visibility
- Played a pivotal role in identifying and mitigating Tech Debt within the organization, optimizing operational efficiency
- Spearheaded the development and implementation of comprehensive third-party risk management frameworks and policies
- Conducted thorough risk assessments and due diligence reviews of third-party vendors, ensuring compliance with regulatory requirements and industry standards
- Established and maintained relationships with external vendors and partners, fostering open communication channels and ensuring alignment with organizational risk tolerance
- Collaborate cross-functionally with legal, procurement, and compliance teams to assess contractual agreements and mitigate potential risks associated with third-party relationships
- Developed and executed risk mitigation strategies, including risk transfer mechanisms, controls implementation, and contingency plans
- Led training and awareness programs for internal stakeholders to promote understanding of third-party risk management principles and best practices
- Monitored and reported on the performance of third-party vendors, identifying emerging risks and implementing corrective actions as necessary
- Stayed abreast of emerging threats and industry trends in third-party risk management, continuously improving processes and protocols to enhance organizational resilience.
- Coached team members in techniques necessary to complete job tasks.
- Evaluated employee skills and knowledge regularly, training, and mentoring individuals with lagging skills.
- Established open and professional relationships with team members to achieve quick resolutions for various issues.
- Assisted in recruitment to build team of top performers.
- Conducted regular reviews of operations and identified areas for improvement.
Cybersecurity Risk Management - Application & 3rd Party Assessment Specialist (Contractor)
Bristol-Myers Squibb
03.2019 - 03.2020
- Orchestrated multiple international risk management assessments, ensuring compliance with global cybersecurity standards
- Managed numerous application projects, meticulously verifying vendors' adherence to best practices
- Conducted comprehensive reviews of APIs, Data Flow Diagrams, Network Architecture, Single Sign-On (SSO), on-premises, and cloud solutions
- Coordinated collaborative vendor risk assessments with third-party business owners, facilitating understanding of remediation action items.
- Communicated results of participant assessment period in writing and verbally and assisted in preparation of final assessment report.
IT Risk Management (ITRM) Project Manager (Contractor)
Meditology Services
04.2018 - 01.2019
- Led execution of multiple security risk assessments and HITRUST certification projects, ensuring clients' compliance with industry standards
- Conducted informative onsite interviews to educate clients on evidence collection requirements, fostering transparency and cooperation
- Assisted organizations with evidence gathering for HITRUST certification, ensuring meticulous compliance with regulatory mandates
- Coordinated evidence collection for OCR audit reviews, demonstrating attention to detail
- Spearheaded establishment of a comprehensive third-party vendor risk management program, enhancing organizational resilience and security posture.
Experienced Associate, Cyber Risk Management
PricewaterhouseCoopers (PWC)
11.2016 - 04.2018
- Conducted comprehensive cybersecurity risk assessments, including vulnerability scans, penetration testing, and threat intelligence analysis
- Assisted in developing and implementing cybersecurity risk management frameworks, policies, and procedures tailored to industry regulations and compliance requirements
- Supported third-party risk assessments to ensure vendor and partner cybersecurity alignment with organizational standards
- Contributed to incident response plan implementation, including tabletop exercises and simulations for organizational preparedness
- Collaborated with cross-functional teams to remediate security issues and vulnerabilities, providing risk mitigation recommendations
- Reviewed and analyzed security logs and alerts, investigating potential incidents and escalating as necessary
- Supported cybersecurity awareness and training initiatives for employees to enhance overall security posture.
Security Forces/Military Police
United States Air Force (USAF)
09.2000 - 11.2004
- Trained and experienced Security Forces/Military Police professional
- Proficient in security procedures, protocols, and tactics
- Knowledgeable in law enforcement and crime prevention
- Skilled in physical security, access control, and perimeter protection
- Experienced in crowd control and maintaining order in high-pressure situations
- Trained in firearms handling and proficiency
- Expertise in emergency response and crisis management
- Effective communication and collaboration skills for working with diverse teams
- Strong attention to detail and ability to follow protocols and regulations
- Committed to upholding the safety and security of personnel and assets.
Education
Master of Science -
Capella University
01.2017
Bachelors in Computer Science - undefined
Devry University
01.2014
Skills
- Cybersecurity Standards: NIST, ISO, PCI DSS, HIPAA, GDPR
- Disaster Recovery/Business Continuity Planning (DR/BCP)
- Third Party Risk Management (TPRM)
- Program Management
- Team Leadership and Development
- Compliance and Regulatory Governance
Certification
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
Timeline
Senior Cybersecurity Analyst
Johnson & Johnson
10.2023 - Current
Cyber Risk Management Team Lead Over GRC and TPRM
Labcorp
03.2020 - 10.2023
Cybersecurity Risk Management - Application & 3rd Party Assessment Specialist (Contractor)
Bristol-Myers Squibb
03.2019 - 03.2020
IT Risk Management (ITRM) Project Manager (Contractor)
Meditology Services
04.2018 - 01.2019
Experienced Associate, Cyber Risk Management
PricewaterhouseCoopers (PWC)
11.2016 - 04.2018
Security Forces/Military Police
United States Air Force (USAF)
09.2000 - 11.2004
Master of Science -
Capella University
Bachelors in Computer Science - undefined
Devry University
Similar Profiles
Laura BuckleyLaura Buckley
Reimbursement Specialist at Johnson & JohnsonReimbursement Specialist at Johnson & Johnson
Kishor Kumar JKishor Kumar J
Phaco Sales Manager at Johnson & Johnson Surgical Vision India Pvt. Ltd.Phaco Sales Manager at Johnson & Johnson Surgical Vision India Pvt. Ltd.
Amani AlashqarAmani Alashqar
Local Safety Officer – Gulf at Johnson & Johnson Innovative MedicineLocal Safety Officer – Gulf at Johnson & Johnson Innovative Medicine
Matthew HendryMatthew Hendry
Marketing Manager – Electrophysiology at Johnson & Johnson MedTech – CardiovascularMarketing Manager – Electrophysiology at Johnson & Johnson MedTech – Cardiovascular
Sadie DowdSadie Dowd
Baker at Crumbl CookiesBaker at Crumbl Cookies