John Michael Vu

CA, *****, US 949-***-**** addg8j@r.postjobfree.com

linkedin.com/in/john-vu-a3636b67

SUMMARY:

Over 20 years of experience in implementing strategic security for mission-critical information systems across the federal, healthcare, and financial services industries. Repeated success in vulnerability/privacy assessments, security strategies development, and information security regulatory requirements evaluation. Possess general security certifications, such as Stanford Advanced Computer Security (SU), Cyber Security and Executive Strategy Certification (SU), AWS Identity Access Management Certification (Amazon), and Information Security Compliance (CPPU), as well as proficiency in HIPAA, HITRUST, ISO 27001/2, NIST 800-53/66/171/112/114/115, PCI, SOC 1&2, and CCPA.

Experience working with engineering and operations teams as well as engaging with senior stakeholders. Technical hand-on security assessment experience in system architectures (network, servers, storage), web application security (Static and Dynamic Analysis), and security tools (IBM AppScan, Veracode, Rapid 7, RSA Envision SIEM, Wireshark, Core-Impact, Lock-Path GRC), AWS Cloud, WebEx, and Spark Cloud.

MANAGEMENT EXPERIENCES

Exceptional leadership and management skills, such as staff recruitment, performance reviews, retention, and employee engagement for teams up to eleven, including managers, software developers, database administrators, engineers, coordinators, and analysts. Accountable for resource allocation, as well as successful experience working with both IT and business managers to align priorities and plans with key business objectives.

Areas of Expertise & Technical Skills

Cybersecurity Management

Regulatory Compliance

Program Management

Vulnerability Management

Network Security

Web Application Security

Emerging Threat & Defense

Risk Mitigation & Analysis

Team Building

Data Breach Strategy

Policy Development

Resource Allocation

PROFESSIONAL WORK EXPERIENCE

Contract Advisory from 2010 – 03/06/2020

Patient Pop, Santa Monica, CA March 2019 – March 2020

Sr. Compliance Program Manager

Served as the head of the company security, leading and directing the implementation of the Security Program and acting as the principal advisor to the CTO, Product Group, and Integration Group for privacy and security matters.

Oversaw IT security and risk management activities as well as work with executive leadership and auditors to determine acceptable levels of risk within the organization involved in Inside Threat, Mobile, and Cloud computing.

Developed and ensure the execution of an annual budget for the Security Program based on budget proposals. Align company operations execution in line with privacy and security regulations requirements.

Created a compliance program with a roadmap, strategy, and planning. Achieved HIPAA Attestation of Compliance, HITRUST, CCPA, and SOC 2 Type 2 within 8 months saved the company $1 M.

Athena Health Inc, Boston, MA March 2018 – March 2019

Lead HITRUST Auditor -remote

Offered technical guidance and support to Athena’s IaaS cloud operation team to mitigate vulnerabilities, and remediate gaps in MyCSF self-assessment questionnaire with certified HITRUST third-party vendor.

Cooperated with PWC and promoted accountability for ensuring all of the company controls met the HITRUST 9.1 security certification requirement.

Partnered with the developer, business owner, operation team, and security engineering teams to enable built-in security. Created and provided responsible reporting metrics for reviews with senior management.

Hyundai Capital America, Irvine, CA March 2017 - March 2018

Sr. Vulnerability Management - Program Manager

Assessed the organization's threat and developed a mitigation plan to overcome primary threats.

Established objectives and priorities for collection, analysis, production, and dissemination of threat and vulnerability.

Managed and monitored all of the existing vulnerabilities, and ensured remediation and mitigation completed.

Developed incident response planning program to ensure all points of contact identified for accepting, collecting, and passing incoming information for the final report events, and also ensured all pertinent information obtained to allow the identification, categorization, incident handling, and triage actions to occur in a time-sensitive matter.

Cisco Systems Inc., San Jose, CA March 2016 – March 2017

Sr. HIPAA TRUST Program Manager

Steered efforts in the development of the HITRUST security compliance roadmap and ensured timely delivery of all the evidence submits to HITRUST Committee.

Directed and controlled a team of four compliance coordinators to mitigate vulnerabilities and remediate the gap in the MyCSF self-assessment questionnaire with a certified HITRUST third-party vendor.

Assessed KPMG’s audit reports, ensured correct findings, and cloud security controls objective up to date with HIPAA HITRUST. Supervised 3 Cisco Security Analysts.

Golden State Foods Corp, Irvine, CA. March 2015 – March 2016

Sr. ISO 27001 Technical Program Manager

Streamlined the security governance, and risk management process by creating an information security program, using the ISO 27001 certification framework.

Managed the development of access control policy to timely permit the privileged access to the infrastructure and distribution management data.

Worked with the FBI and CIO in security breach includes coordination of all of the external and internal network, data, and application teams to complete the final investigation report.

Solid Landings Behavioral Health, CA March 2013 – March 2015

Information Security Officer

Created Security Program and supervised four security coordinators in HIPAA HITECH Act., compliance process.

Enabled the company to achieve Attestation HIPAA Compliant within six months, saved the company $1.5M.

Responsible for the supervision of IT security and risk management activities to ensure unhindered operations.

Responsible for Policy development and implementation, and HIPAA Privacy and Security training to the company’s workforce.

Mc Graw-Hill Financial Services -J.D. Power Corp, CA. Dec 2012 – March 2013

Information Security Officer

J.D. Power, a unit of McGraw Hill Financial, one of the world’s most recognized brands in customer satisfaction.

Served as the ISO’s official designee representing the company on information security with potential clients on the company’s security position, and a primary contact point as subject matter expert for all security matter with vendors, and external auditors.

Led the company to achieve ISO 27001 certification, coordinated the company engineering group, and the group of managers to work with the external auditor on the remediation processes.

Developed a comprehensive recovery strategy, establishing plans and solutions to restore business-critical applications, data, hardware, communications, and other IT infrastructure in the case of disaster.

Facilitated migration and implementation of non-compliant environments to compliant environments and briefing to the Executive Committee weekly.

Reported to CSO, and supervised seven network and security engineers with responsibility for evaluating the AWS security applications and systems.

Makes recommendations and assists in the implementation of changes to work more efficiently, and coherence with the JD Power security strategy.

Designed incident response planning program to ensure all points of contact identified for accepting, collecting, and passing incoming information for the final report events, and also ensure all pertinent information is obtained to allow the identification, categorization, incident handling and triage actions to occur in a time-sensitive matter.

AT&T, Security First Center of Excellence, CA March 2012 – Dec 2012

Lead Red-Team (Ethical hackers)

Created the comprehensive attacking model with the roadmap, strategy, planning, methodology, and monitor and enforce the rules of engagement that intent to be performed on all of API web application, and perimeter defense mechanism.

Led a team of four Ethical Hackers, ensured all these plans can protect the AT&T’s assets from unethical hackers, and all the processes are compliant with NIST SP 800-115/53, AT&T security policies, and all other applicable industry standards. Supervised 6 team members.

Children Hospital Research Center, Oakland, CA Jan 2011 – Jan 2012

HIPAA HITECH Auditor

Led internal teams through the preparation for and successful completion of the HIPAA HITECH Act., PCI, and regulatory audits through all phases of the operational compliance program from audit readiness through final assessment.

Performed evaluating Security Controls of AWS clouds, ensure operational, and technical safeguards compliance with HIPAA regulations.

Lending Tree Inc., Irvine, CA. Jan 2010 – Jan 2011

Sr. Program Manager, Cyber Security Assurance

Led a team of seven coordinators. Created a Security Program from ground zero, ensure it complied with Online Privacy Protection Law, FFIEC, FACTA, GLB Act, PCI-DSS.

Worked with the IT team to create an effective endpoint security protection mechanism, providing a team with an effective comprehensive recovery strategy to restore business-critical applications and other IT infrastructure in the case of disaster.

Providential Holdings Group Inc., CA March 2004 - March 2010

Director of Enterprise Security Application and Compliance

Oversees the direction, management, and goal setting for Compliance Program Integrity operations and ensures the development of outcome programs to support the direction of company business objectives.

Led compliance initiatives to prevent, detect, and respond to internal and external compliance risks and conducts enterprise risk assessments, investigations, and risk mitigation.

Worked collaboratively with administrative and leadership and advises on the development of documented operational controls and effective processes and practices that demonstrate appropriate execution of compliance regulatory requirements

Responsible for supervising 11 people including project manager, network engineers, application engineers, and IT security manager.

Additional Experience:

Sr. Manager of Content Protection and Assessment – MGM entertainment, Santa Monica, CA

Sr. Manager of IT Security Operation and Compliance - American Specialty Health Plan Corp., CA.

Sr. Secure Software Engineer - Clandestine Operation - Northrop Grumman, Redondo Beach, CA.

EDUCATION

Stanford Advanced Computer Security, Professional Certification,

Stanford University, School of Engineering, 2017-2019.

B.S. in Computer Science, University of California, San Diego, CA.

CERTIFICATION& LICENSES

Cyber Security and Executive Strategy Certification (SU)

Emerging Threats and Defenses Certification (SU)

Information Security Assurance Certification (CPPU)

Secure High-Speed Multiprotocol Network Certification (CPPU)

AWS Identity Access Management Certification (Amazon)

Router Configuration Specialist Certification (CCNA)

CISCO Cyber-Security Specialist Certification (SCYBER)

IBM AppScan Black Box Penetration Testing License

CISSP expired re-certify in progress

AFFILIATIONS

InfraGard member (Partnership between FBI and Private Sector for Protection)

International High Technology Crime Investigation Association (HTCIA)

Information Systems Audit and Control Association (ISACA)

Information Warfare Monitor (IWM)

Center for Internet Security (CIS)

Online Trust Alliance

SANS, DEFCON, TechTarget

Contact this candidate