Walter Haley
East Norriton,PA
Summary
Dynamic leader with extensive experience at JOHNSON & JOHNSON in Information Security and Risk Management, successfully driving security and compliance strategies that enhanced operational efficiency and risk reduction. Recognized for expertise in SOX Compliance Management and a strong ability to unite cross-functional teams to achieve complex objectives.
Overview
19
19
years of professional experience
Work History
Sr. Manager – Business Information Security
JOHNSON & JOHNSON
01.2022 - Current
- Directed cross-functional teams in developing innovative solutions to complex problems.
- Responsible for leading the Network Segmentation efforts at six high-risk sites.
- Led the Application Assessment Project for high-risk applications, and led corrective action planning and remediation efforts (130+ applications).
- Performed 20+ High-Risk VAA/IDSA in support of Janssen Innovative Medicine.
- Led the penetration testing process for seven high-risk, external-facing applications.
- Base business support for all J&J IM processes (lab assessments, etc.).
- Monitored compliance with industry regulations and company policies to mitigate risk.
- Deal lead for all acquisitions in Innovative Medicine.
- Performed a detailed walkthrough of select sites and restricted areas to define areas of potential vulnerability.
- Responsible for the documentation of assessment outcomes and presentation to impact groups and leadership teams.
- Established detailed policies and procedures for select, critical areas (defined as restricted spaces: labs, server rooms, manufacturing areas, and other highly sensitive or vulnerable areas).
- Performed threat modeling for high-risk J-Labs and critical CROs for Janssen Innovative Medicine.
- Performed detailed physical security assessments for recent acquisitions in line with the new physical security standard at J&J.
Manager/Sr. Manager – Internal Controls and Sox PMO
JOHNSON & JOHNSON
01.2013 - 01.2022
- Planned and led team meetings to review business results and communicate new and ongoing priorities.
- Managed risk by developing and implementing effective risk management strategies.
- Finalized Threat Model and Application Security Questionnaire for major SOX platforms including Fusion-SAP, US ROTC, JDE EnterpriseOne, and World applications.
- Facilitated the SOX year-end certification process for ITSS, presenting yearly to the J&J CIO for over 8 years.
- Managed all CIA/PwC audits for the pre-implementation reviews for the Back-to-Basics Program.
- Performed SOX application rationalization effort, reduced overall SOX inventory.
- Mapped the current SOX control environment for all business process cycles to COBIT 4.1, GAMP 5 principles, ITIL V3, ISO 27002:2005, and Privacy Audit Control Requirements to ensure the internal controls encompass the identified frameworks.
- Created enterprise policies and standards inclusive of internal controls into the global Information Asset and Protection Policies (IAPPs) at Johnson & Johnson (areas of focus for Phase I: Change Management, Backup and Recovery, Application Security, Logical Security, Identity and Access Management, and Interfaces).
Manager – Risk Management Services
AC LORDI
01.2012 - 01.2013
- Implemented process improvements, resulting in an increase in operational efficiency.
- Manager on ITGC, FSA Audit, and Investigation engagements.
- Conducted independent tests on selected control objective to confirm operational effectiveness through benchmarking.
- Team Lead on all SAS 70 audit engagements.
- Facilitated team meetings and workshops to foster collaboration and share best practices.
Assistant Vice President
DEUTSCHE BANK
01.2011 - 01.2012
- Created effective business plans to focus strategic decisions on long-term objectives.
- Established overarching policies and procedures for an internal audit/investigation framework.
- Implemented global warehouse security training, based on industry best practices, and consultation with local law enforcement.
- Responsible for front office management of overall inventory controls and reporting.
- Responsible for reconciling two systems (warehouse management system = LogPro, and financial reporting system = JDE).
- Responsible for the Inventory Shrink Reserve Reconciliation process, including performing detailed physical site security assessments, inventory cycle counts, and documentation of vendor freight movement and transportation processes.
- Responsible for investigating any missing inventory counts to define the root cause and establish mitigating controls and corrective actions, including establishing a secure, locked area for high-risk inventory.
Senior Associate/Manager
KPMG
01.2006 - 01.2011
- Manager on ITGC, FSA Audit, and Investigation engagements.
- Manager on all SAS 70/SAE 16 audits.
- Mapped control activities to control objectives to ensure key controls were covering the risks associated with the service provider, or incorporated into the client controls considerations section of the SAS 70.
- Created all pertinent documentation and deliverables for the SAS 70 Audit.
- Performed a GAP analysis on the month-end close processes control standards (in comparison to industry best practices) for the balance sheet account reconciliation process, journal entry process, and segregation of duties, and presented findings to the company to initiate a complete set of control standards.
- Mapped control activities to control objectives encompassing four areas: Computer Operations, Logical Access, Change Control, and System Development. Representing the General Controls portion of the Financial Statement Audit.
Education
Bachelor of Science - Business Administration, Finance and Marketing
Temple University
Skills
- Third-Party Risk Management
- Physical Security Assessments
- Application and Cyber Security
- Internal controls and risk compliance
- Creating policies and standards
- Documentation and Process Control
- Control/Requirement documentation
- Remediation and mitigating controls
- IT Audits
- SOX Compliance Management
- Data Management
- Change Control
- Inventory Management
- Supply Chain Investigations
Timeline
Sr. Manager – Business Information Security
JOHNSON & JOHNSON
01.2022 - Current
Manager/Sr. Manager – Internal Controls and Sox PMO
JOHNSON & JOHNSON
01.2013 - 01.2022
Manager – Risk Management Services
AC LORDI
01.2012 - 01.2013
Assistant Vice President
DEUTSCHE BANK
01.2011 - 01.2012
Senior Associate/Manager
KPMG
01.2006 - 01.2011
Bachelor of Science - Business Administration, Finance and Marketing
Temple University
Similar Profiles
Ronald Mchale JrRonald Mchale Jr
Machine Operator at Johnson & JohnsonMachine Operator at Johnson & Johnson
Oscar Wayne VigeOscar Wayne Vige
SR MANAGER FM SERVICES AMERICA at Johnson & JohnsonSR MANAGER FM SERVICES AMERICA at Johnson & Johnson
Dithma NeedhamDithma Needham
Abiomed Clinical Consultant at Johnson & Johnson, Medical DevicesAbiomed Clinical Consultant at Johnson & Johnson, Medical Devices
Nadim MohamedNadim Mohamed
CAR-T Manufacturing Operator at Johnson & JohnsonCAR-T Manufacturing Operator at Johnson & Johnson
Gabrielle DeFrangescoGabrielle DeFrangesco
Substitute Teacher at Kelly ServicesSubstitute Teacher at Kelly Services