John S. Armele

Succasunna, NJ 201-***-**** ad2d41@r.postjobfree.com

https://www.linkedin.com/in/john-armele

Business Information Security Expert

Governance, Risk, and Compliance (GRC)

Well-qualified Information Security Professional experienced with assessing, identifying, and mitigating operational risk to protect information assets. Business Information Security Expert who holds a prominent level of integrity to enable business alignment with security governance in support of good business decisions.

Responsible for information technology security policy, standards, procedures, and security baseline support to assist the pharmaceutical and medical device business in identifying and mitigating risk for the past twenty-two (22) years. I am motivated, diligent, creative, dependable, and a productive collaborator. I build positive rapport with business partners and customers and support the development of colleagues to deliver high quality results. I consult for leadership and functional teams, stakeholder partners, and company associates.

I work well in collaborative and diverse environments and desire to provide value and positive impact to leadership, partner stakeholders, and business organizations. I use risk analysis skills to provide solutions to business and technical challenges.

SKILLS

Risk Management Leading Teams Security Policy & Standards Project Management Security Compliance Negotiation Skills Project Quality Security Awareness Network Design Process Improvement Business Acumen Finance Management Influence Without Authority Vendor Management Relationship Development Communication Skills Records Management EXPERIENCE

NOVARTIS, East Hanover, NJ December 2015 – July 2023 Global Pharmaceuticals Corporation

Business Information Security Expert, December 2015 – July 2023 Facilitated creation and maintenance of a strong cybersafe culture in the US to reduce cyber security incidents and risk by reaching senior business leaders and stakeholders and creating partnerships to drive awareness and change. Implemented policy framework across US divisions, held accountability of security IT controls, escalated identified risks, advised on interpretation of guidelines, and maintained stable information security IT operations for projects and applications.

• Managed cross-functional group of 100+ Business Information Security Champions to inspire and raise cybersecurity awareness across high-risk business organizations which improved cybersecurity culture and lessened risk.

• Served as stakeholder on multiple cross-functional business review councils for digital initiatives to provide information security guidance, allowing business segments to reach doctors and patients quicker while ensuring personal healthcare information was protected. John S. Armele ad2d41@r.postjobfree.com

• Managed RIM (Records & Information Management) annual operational spend of $1.3M and, by improving process, decreased annual spend by approximately 50%.

• Supported application portfolio transformation remediation to increase compliance rate to 100%.

• Reviewed and approved information technology asset classifications to ensure adherence to security compliance supporting an overall decrease in potential cybersecurity risk.

• Collaborated with Data Privacy (HIPAA), Legal, Regulatory, Quality, and Procurement stakeholders to support and negotiate information security contract verbiage, resulting in shortened time to contract delivery and business opportunity.

• Reported on US country performance metrics aligned with the company risk profile, presenting cyber risk scoring to improve situational awareness and prioritize required actions.

• Worked closely with CSOC (Cybersecurity Operations Center) on incident management and reporting, technical support, and ongoing monitoring of actions taken toward mitigation plans which decreased time to determine business impact and plan for mitigation.

• Facilitated Sarbanes-Oxley (SOX) IT process and management testing to address and decrease overall external audit findings.

BECTON, DICKINSON AND COMPANY, Franklin Lakes, NJ January 2001 – November 2015 Global Medical Device Manufacturing and Distribution Corporation Senior Security Analyst, August 2012 – November 2015 Functioned as SME for multiple security technologies to identify and decrease information technology risk using mitigation techniques and compensating controls. Supported adherence to security frameworks, acts, and laws based on ISO 27001, NIST, PCI-DSS, SOX, SSAE 18 SOC 2, COBIT, HIPAA, HITRUST, and HITECH to implement standard security audit controls and substantially decrease overall company risk. Assessed security programs, GRC, and third-party corporate information technology access as it relates to security risk analysis and assessments for 100+ third party providers.

• Facilitated penetration testing, management system security policies review, vulnerability management, and annual associate training to manage annual corporate PCI-DSS compliance.

• Managed migration to cloud web content filtering provider for 21,000 associates and 15,000 mobile devices to strengthen web access security features.

• Responsible for ensuring application owners were knowledgeable of assessment findings based on control testing, developed and documented mitigation plans, and followed through with actions to address and lessen company risk.

Manager, Network Services, October 2006 – July 2012 Developed management skills and provided a nurturing relationship for a team of Network Engineers to deliver world class network architecture and security services for a global corporation consisting of approximately 200 sites and over 30,000 employees.

• Developed network design standards based upon resiliency and network outage tolerance for the business. Facilitated global campaign with business leaders to align and integrate network design to meet business requirements and enterprise risk tolerance.

• Streamlined procedures for process improvements and was responsible for information security communications to corporate employees. These actions increased security posture, adherence to change process, and decreased change process timeframes.

• Owned and managed network security change management processes; defined RACI model which included clear team roles and responsibilities.

Senior Network Architect/Engineer, January 2001 – September 2006 Key team member to design and implement global network infrastructure to support business requirements of increasing bandwidth and new applications. Acted as top tier operational support for John S. Armele ad2d41@r.postjobfree.com

network incident management and outages to lessen business downtime. Contributed to business continuity planning and disaster recovery testing.

• Core team member for global service provider RFP; conducted financial and pro-forma analyses to support senior management in making informed decisions that saved approximately $10.8 million.

• Designed, implemented, and managed a network and security infrastructure upgrade project at business-critical distribution centers and manufacturing plants to mitigate business risk saving over

$1.2 million per year.

• Managed entire corporate headquarters facilities, network, and telephony upgrade program ($8.2M) to increase capacity and performance.

• Global lead for SAP roll-out program to support underlying infrastructure and information security requirements.

ADDITIONAL RELEVANT EXPERIENCE

GLOBAL CROSSING FINANCIAL MARKETS, New York, NY

Manager, Core Network Engineering

The Bank of New York, New York, NY

Senior Network Engineer

EDUCATION TRAINING

Master of Science, Technology Management

Stevens Institute of Technology, Hoboken, NJ

Bachelor of Science, Telecommunications Management DeVry University, Lombard, IL

PROFESSIONAL DEVELOPMENT CERTIFICATIONS

Certified Information Systems Security Professional (CISSP) – ID 533295 Certified Information Security Manager (CISM) – ID 1017841 PROFESSIONAL ASSOCIATIONS

ISC2

ISACA, NJ Chapter

Contact this candidate