Risk Management Criminal Investigator
Resume:
John K. Garrett
** ********* *****, ********* *.J 07042 U.S. Citizen
Phone: 973-***-**** Eligible for Security Clearance
Email: ****.*******@*****.*** M. Sc, Management Science
Governance, Risk and Compliance Analyst
Governance, Risk, and Compliance subject matter expert for large public/private-sector clients.
Experienced leader and manager of matrixed work teams in complex operating environments.
Innovative, Strategic Manager, Coordinator, and Research Analyst with extensive track record.
Designs/delivers effective projects, solutions, and operational improvements for complex organizations.
Select Work Experiences
Senior Research Analyst 04/2016 - Present
Self-Employed - Garrett Investigations, LLC, Montclair, NJ
Provide research and analytical solutions services in support of litigation and business research for law firms, insurance carriers and municipal governments, and perform opposition research for candidates for political office in New Jersey and New York State.
Effectively locate/research - difficult-to-find “relevant” information. Utilize technology, investigative techniques, tradecraft, and root-cause analysis to drill-down and resolve clients’ issues. Work independently as a prime contractor or collaborate as a sub-contractor.
Review and coordinate major research and intelligence reporting projects. Conduct inquiries for diverse civil and criminal research projects using personal interviews and online/proprietary databases, and exercise investigative due diligence in issues of conflicts of interest and in mergers and acquisitions.
Employing research, and evaluation tools and methods to Generate and deliver detailed research and investigation reports with graphics up to 50+ pages.
Governance, Risk & Compliance Analyst 10/2019 – 02/2020
Randstad Technologies, New York, NY 3-month contract
Contracted to design the new Security Champion program from scratch for MetLife’s Investments Information Technology (IT) Division. Collaborated with management and software developers, identified key needs and top priorities for both groups, used quantitative and qualitative methods to analyze select MetLife operations, and recommended the optimal approach (“Secure DevOps”) to include “security” from start to finish in MetLife’s in-house software agile development lifecycle.
Designed the new Security Champion position to lead application security efforts for agile software developers, including how-to engage with other MetLife team members.
Delivered a closely documented program and training framework adopted by the client.
Reviewed, analyzed, and evaluated various operational management plans, policies, directives, procedures, etc. to assess organizational impact.
Drafted Secure Systems Development Life Cycle and Risk / Compliance Framework (Graphic)
Designed presentation for technical leadership and developer audiences.
Created visual aids illustrating new Security Champion program with documented roles and responsibilities to support researched data.
Designed supportive workflow diagrams and illustrations to enhance presentation clarity.
Designed and documented a detailed PowerPoint training plan for Secure Agile DevOps and Security Champion developer staff to cover first-year program operations month by month.
Deputy Director 04/2010 – 02/2016
Department of Citizen Services and Economic Development, Essex County, NJ 40 hours/week
Directed and managed daily operations for a department with 1.3K employees serving the third-most populous County in New Jersey (nearly 800K residents). Promoted and managed effective County-wide cross-functional relationships and initiatives among seven Department divisions. Performed resource planning, project/program governance and management functions. Oversaw vendor performance, supervised task execution, developed and implemented creative solutions to numerous complex administrative, technical, and organizational department challenges.
Managed a matrixed workforce and proffered leadership to the seven division heads.
Supported the Acting Director during incumbent’s absences.
Project Manager: drove implementation of automated digital time-and-payroll tracking “swipe” equipment to improve Department employee accountability and transparency. Resolved software and operational issues, created policies/processes, managed initial user resistance, and launched the new system that was later expanded for the entire County workforce.
Reviewed, analyzed, and evaluated operational governance plans, policies, directives, and systems created to assess organizational impacts. Applied analytical and evaluative methods to measure quality and efficiency to promote continued improvement to agency programs.
Conducted research and data analysis to support business operations for the Department and the 7 divisions. Performed analysis of business objectives, documenting IT security requirements and identifying process improvement and business opportunities. Drafted policies for planned/existing business processes and recommended information security best practices. Ensured compliance with data privacy information safeguards according to the Code of Fair Information Practices and Principles, and Federal Guidelines.
Information Security Risk Manager 03/2008 – 04/2010
Horizon Blue Cross Blue Shield of New Jersey (BCBS), Newark, NJ 40 hours/week
Managed the first-ever IT Security, Risk, and Governance matrixed team for New Jersey’s only licensed Blue Cross and Blue Shield health insurance provider, serving 3.2+ million people across the State. Reported to the Director of Information Security.
Created IT Governance structure for the new unit. Engaged BCBS business units, established information security decision-making structures, and drafted policy guidance.
Identified and reduced enterprise IT security risks and worked to mitigate cyber threats and vulnerabilities.
Project Coordinator for an Information Security and Privacy Computer Awareness Program.
Developed a structured and sustainable process to identify, document, and track the information security risks posed by outside vendors and the outsourcing of numerous internal business functions. Implemented, managed, and maintained enterprise security risk registers. Advisor to the risk exception process, monitoring risk mitigation throughout the risk treatment lifecycle.
Senior Investigator, Office of Ethics and Compliance 12/2006 – 12/2007
The University of Medicine and Dentistry of New Jersey, Newark, NJ 40 hours/week
Selected for this position by the Chief Compliance Officer (CCO). Exercised significant supervisory and management functions for the newly-formed Office of Ethics and Compliance (OEC). Hired and managed four compliance investigators and gave structure, direction, and mission objectives to the new organization. Reported to the University Vice President and the CCO.
Drafted an enterprise compliance framework and formulated original business and compliance investigative strategies, documents, and reporting templates.
Managed complex and sensitive inquiries regarding technology, governance, and regulatory compliance for the University.
Instrumental in the development and design of the case work flow model and the organizational plan for effective case management within the OEC and between the OEC and the Law Department.
Built a top-performing, highly productive investigative unit that handled a growing number of compliance findings each month, while continuing to increase the monthly closure rate.
Developed and sustained a positive working relationship with other agencies and conducted successful joint research efforts.
Enterprise Information Security Officer (ISO) 09/2005 – 12/2006
The University of Medicine and Dentistry of New Jersey, Newark, NJ 40 hours/week
Created the enterprise IT security governance road map, the program, and the team, for The University of Medicine and Dentistry of New Jersey, a top 100 U.S. health sciences research university, with approximately 7K students in 100+ degree and certificate programs; 13K+ employees, including nearly 2,500 faculty members; and 200+ education and healthcare affiliates throughout New Jersey.
Developed a highly effective Information Security and Awareness Program that directly addressed the University’s IT information security challenges.
Delivered a cohesive, structured, and effective information security strategic plan that became a multi-year roadmap for implementation of strategic and tactical security initiatives.
Identified, tracked, monitored, and mitigated IT security risks across the University IT enterprise.
Hired and managed team of three information security analysts and specialists.
Initiated the University’s first-ever “enterprise-scaled” information security capabilities.
Significantly enhanced the University’s information security posture to support growth profile.
Drafted and initiated an Information Security Program Charter to promote IT Governance Program that provided authority and structure to the emerging information security organization.
Initiated an information security policy review to help identify the disparate security policies-in-place across the enterprise of five campuses and eight individual schools.
Drafted, deployed, and socialized new IT security policies within the University user community and integrated new policy information into the new-hire intake orientation process.
Developed a structured risk–based information security program utilizing ISO 17799 / ISO 27001: 2005 frameworks that effectively supported the academic, clinical, and administrative use of information technologies at the University.
Created an Information Security Oversight Committee for program review and policy/awareness implementation. Designed enterprise information security plans and drafted the policy framework.
Selected and implemented the new University Intrusion Prevention System (“Tipping Point”) that delivered enhanced enterprise network security protection.
Project Manager for the Information Security Awareness Program: designed and implemented the first-ever information awareness program for the University in line with industry best practices, including hands-on awareness training for users and IT specialists.
Director, Information Security & Business Continuity Planning 09/2002 – 09/2005
New Jersey State Office of Information Technology, Trenton, NJ 40 hours/week
Designed and managed programs to enhance information security for the NJ Office of Information Technology (OIT) on behalf of executive branch state agencies under the Office of the Governor, including the Dept. of the Treasury, Dept. of Health, Dept. of Labor, Law & Public Safety, etc. Supervised a highly leveraged staff of four analysts.
Developed/implemented Information Security and Awareness Program for executive state agencies.
Managed network vulnerability risk assessments and supervised network penetration testing designed to discover state agency network vulnerabilities.
Initiated a statewide computer Intrusion Detection System Project (IDS): a designed initiative utilizing a State Government/U.S. Army CERDEC partnership, and a Federal Cooperative Research and Development Agreement.
Conducted an Executive Department review of Business Continuity Plans including a Three-Day Table-Top review/exercise.
Information Security Policy Advisor 11/2001 – 09/2002
AXA Financials and Equitable Life Assurance, Weehawken, NJ 35 hours/week
Developed a consistent, integrated, organization-wide system of information security policies for a new U.S.- based insurance company formed by the merger of a U.S. company and a French company. Drafted a consolidated set of cyber security policy documents consistent with best professional practices and guidelines.
Information Security Analyst 02/1998 – 01/2000
Public Service Electric and Gas Company (PSEG), Newark, NJ 40 hours/week
information security analyst hired for PSEG’s newly formed information security unit: researched, evaluated, and recommended emergent security technologies, products, and tools to improve the enterprise security posture. Drafted information and physical security policies, reports, training and education materials, technical specifications, and design documentation.
Identified theft of company-provided laptops as a leading information security threat as well as a major unplanned cost factor (replacement of stolen laptops) and a business risk (loss of proprietary information on the stolen laptops).
Analyzed loss statistics and identified seasonal anomalies
Initiated an organization-wide Information Security and Privacy Computer Awareness Program focused on physical security issues and the prevention of laptop theft. Enlisted senior management support for an enterprise-wide initiative.
Drafted and distributed a quarterly information security newsletter for the entire workforce. Distributed security tips brochures.
Project Results: cut laptop theft by 45% over three months and by 65% over a nine-month period.
Education
M.Sc., Management Science, New Jersey Institute of Technology, Newark, NJ, 1998, GPA: 3.8.
BA, Political Science, Thomas Edison State University, Trenton, NJ, 1993.
Additional Information
Project Management Professional (PMP) – Attending, Project Management Institute, 2023-2024
Security Management Certifications:
Certified Third Party Risk Professional (CTPRP), 2016
ISACA - Certified in the Governance of Enterprise IT (CGEIT), 2009 – Present
ISACA - Certified Information Security Manager (CISM), 2007 – Present
ISC2 - Information Systems Security Management Professional (ISSMP), 2005 – Present
ISC2 - Certified Information Systems Security Professional (CISSP), 2004 – Present
ISO 17799 / ISO 27001:2005 Information Security Management Implementation, 2006
Information Security Assessment Methodology (NSA-IAM), National Security Agency, 2003
COVID-19 Contact Tracing Certificate, Johns Hopkins University, 2020
https://coursera.org/share/b582828ceb00ba393bc1e61c510dd1d4
Select Training:
IBM Consulting Methodology, IBM, 2000 and 2001 Belgium.
Essex County NJ Police Academy Training and Investigators Training Programs
Skills: Microsoft Office Suite; Visio; Lexis/ Nexis (to include graphics software, and others)
Professional Affiliations:
Member, ISC2, Information Security Consortium, 2005 – Present.
Member, ISACA, Information Systems Audit and Control Association, 2007 – Present.
Member, ISACA, NY-NJ Metropolitan Chapters, 2007 – Present.
Member, New Jersey Licensed Private Investigators Association (NJLPIA), 2013 – Present.
Contact this candidate