Information Security Technology

John Barchie, CRISC, CISSP, CMMC (RP), MCSE, CNE, CISM

408-***-**** ********@*****************.*** Fernley, Nevada LinkedIn

PROFESSIONAL SUMMARY

** *****’ experience working for large, medium, and small companies driving cybersecurity and privacy programs. Additionally, as the (ISC)2 Silicon Valley founding president, I train fellow cybersecurity professionals. I specialize in implementing and analyzing the cybersecurity controls necessary for successful implementation of governance, risk and compliance programs.

EXPERIENCE

Owner

Barchie Consulting, LLC – San Jose, CA/Fernley, NV (includes remote work)

2008-present

Chartered information security programs including budgeting of ~$4M and team building for 20+ employees through strong organization and process development to ensure daily operational success

Specialize in handling privacy and information technology regulatory environments like GDPR, CCPA, NIST, NISPOM, SOX, FFIEC, FedRAMP, PCI and HIPAA by using expert prioritization and multitasking to reduce incidents and incident response time by 50%

Enable companies to achieve their cybersecurity goals including facilitating an understanding with executive and senior management of their responsibilities in their new regulatory environments

Perform firewall rules reviews, FAS 86 software feasibility studies, independent security reviews including SOX and SOC 2 type II audits, and penetration testing

Work with existing security and IT departments providing deliverables including information security programs and policies, business impact analysis, and information security risk assessments

Director of Governance, Risk and Compliance (GRC)

Hearst Corp., New York/International (remote work)

2022-2023

Directed a team of GRC professionals to create chargeback services for GRC functions, third party risk management, change control, security awareness, and business impact analysis

Worked with senior management to identify stakeholders, create metrics, charter committees, and create a risk management framework (RMF)

Director and Global Head of Information Security Compliance

8x8 Inc., Silicon Valley, CA

2019-2022

Successfully guided 8x8 Inc. through the expanding international regulatory landscape

Assisted 8x8 Inc. through three SOC 2 Type II audits

Created the vendor due diligence program

Worked directly with Legal and IT to monitor and inform 8x8 Inc. management of regulatory and compliance risk

Reviewed contracts for security clauses and worked with Purchasing to risk assess vendors being onboarded

Participated in the Security Team architectural review and due diligence approach to security

Oversaw the FISMA, PCI DSS, SOC 2 type II, HIPAA, NIST, and ISO audits, and prepared the organization for smooth onsite and remote audits

Collaborated with the legal team to establish the due diligence necessary to work with a wide range of cybersecurity and privacy business functions

Vice President of Cybersecurity Sales

Tech Mahindra, Cupertino, CA

2018-2019

Established and/or enhanced information security programs in some of the world’s largest and most interesting healthcare, manufacturing, financial and high-tech companies

Proselytized the next generation of cybersecurity solutions that effectively mitigate malicious criminal intent and State actors, including zero trust, and micro segmentation

Built and deployed security products on behalf of Tech Mahindra

Identified and mentored cybersecurity startups and Fortune 100 companies through evangelizing innovative technologies and analyzed existing accounts to identify cybersecurity needs

Developed or fine-tuned the cybersecurity catalog of services to match the wide array of security needs within Silicon Valley organizations

Worked with startups to empower their vision of the next generation of cybersecurity tools and integrate them into the Tech Mahindra Managed Security Service Platform (MSSP)

Information for additional years’ experience available upon request. Experience includes:

Data Warehouse management, Board Reporting, Security Operations Center development, Network Architecture, Protocol Analysis, Penetration Testing and Cloud Architecture

SKILLS

Advise senior management and boards regarding their top five cybersecurity risks

Review firewall rules evaluation and development as well as network/cloud architecture

Review contract language and clauses to ensure cybersecurity regulatory compliance

Implement AI based cyber security controls

Review supply chain and vendor management processes and programs

Perform penetration testing

Assist with cybersecurity communications

EDUCATION

A.S., Computer Science, San Jose City College, San Jose, CA

Biology Core, San Jose State University, San Jose, CA (Bachelors Equivalent)

CERTIFICATIONS

RP Registered Professional (RP for CMMC), CRISC Certified in Risk and Information Systems Control, CISSP Certified Information Systems Security Professional, CISM Certified Information Security Manager, CNE Certified Novell (NetWare) Engineer, CNA Certified Novell Administrator (GroupWise), MCSE Microsoft Certified Systems Engineer (NT4 and 2000), MCSA Microsoft Certified Systems Administrator (Windows 2000), MCP Microsoft Certified Professional (IIS), CSE Corel Certified Systems Engineer (Word Perfect)

Contact this candidate