John Michael Vu
CA, *****, US 949-***-**** addg8j@r.postjobfree.com
linkedin.com/in/john-vu-a3636b67
SUMMARY:
Over 20 years of experience in implementing strategic security for mission-critical information systems across the federal, healthcare, and financial services industries. Repeated success in vulnerability/privacy assessments, security strategies development, and information security regulatory requirements evaluation. Possess general security certifications, such as Stanford Advanced Computer Security (SU), Cyber Security and Executive Strategy Certification (SU), AWS Identity Access Management Certification (Amazon), and Information Security Compliance (CPPU), as well as proficiency in HIPAA, HITRUST, ISO 27001/2, NIST 800-53/66/171/112/114/115, PCI, SOC 1&2, and CCPA.
Experience working with engineering and operations teams as well as engaging with senior stakeholders. Technical hand-on security assessment experience in system architectures (network, servers, storage), web application security (Static and Dynamic Analysis), and security tools (IBM AppScan, Veracode, Rapid 7, RSA Envision SIEM, Wireshark, Core-Impact, Lock-Path GRC), AWS Cloud, WebEx, and Spark Cloud.
MANAGEMENT EXPERIENCES
Exceptional leadership and management skills, such as staff recruitment, performance reviews, retention, and employee engagement for teams up to eleven, including managers, software developers, database administrators, engineers, coordinators, and analysts. Accountable for resource allocation, as well as successful experience working with both IT and business managers to align priorities and plans with key business objectives.
Areas of Expertise & Technical Skills
Cybersecurity Management
Regulatory Compliance
Program Management
Vulnerability Management
Network Security
Web Application Security
Emerging Threat & Defense
Risk Mitigation & Analysis
Team Building
Data Breach Strategy
Policy Development
Resource Allocation
PROFESSIONAL WORK EXPERIENCE
Contract Advisory from 2010 – 03/06/2020
Patient Pop, Santa Monica, CA March 2019 – March 2020
Sr. Compliance Program Manager
Served as the head of the company security, leading and directing the implementation of the Security Program and acting as the principal advisor to the CTO, Product Group, and Integration Group for privacy and security matters.
Oversaw IT security and risk management activities as well as work with executive leadership and auditors to determine acceptable levels of risk within the organization involved in Inside Threat, Mobile, and Cloud computing.
Developed and ensure the execution of an annual budget for the Security Program based on budget proposals. Align company operations execution in line with privacy and security regulations requirements.
Created a compliance program with a roadmap, strategy, and planning. Achieved HIPAA Attestation of Compliance, HITRUST, CCPA, and SOC 2 Type 2 within 8 months saved the company $1 M.
Athena Health Inc, Boston, MA March 2018 – March 2019
Lead HITRUST Auditor -remote
Offered technical guidance and support to Athena’s IaaS cloud operation team to mitigate vulnerabilities, and remediate gaps in MyCSF self-assessment questionnaire with certified HITRUST third-party vendor.
Cooperated with PWC and promoted accountability for ensuring all of the company controls met the HITRUST 9.1 security certification requirement.
Partnered with the developer, business owner, operation team, and security engineering teams to enable built-in security. Created and provided responsible reporting metrics for reviews with senior management.
Hyundai Capital America, Irvine, CA March 2017 - March 2018
Sr. Vulnerability Management - Program Manager
Assessed the organization's threat and developed a mitigation plan to overcome primary threats.
Established objectives and priorities for collection, analysis, production, and dissemination of threat and vulnerability.
Managed and monitored all of the existing vulnerabilities, and ensured remediation and mitigation completed.
Developed incident response planning program to ensure all points of contact identified for accepting, collecting, and passing incoming information for the final report events, and also ensured all pertinent information obtained to allow the identification, categorization, incident handling, and triage actions to occur in a time-sensitive matter.
Cisco Systems Inc., San Jose, CA March 2016 – March 2017
Sr. HIPAA TRUST Program Manager
Steered efforts in the development of the HITRUST security compliance roadmap and ensured timely delivery of all the evidence submits to HITRUST Committee.
Directed and controlled a team of four compliance coordinators to mitigate vulnerabilities and remediate the gap in the MyCSF self-assessment questionnaire with a certified HITRUST third-party vendor.
Assessed KPMG’s audit reports, ensured correct findings, and cloud security controls objective up to date with HIPAA HITRUST. Supervised 3 Cisco Security Analysts.
Golden State Foods Corp, Irvine, CA. March 2015 – March 2016
Sr. ISO 27001 Technical Program Manager
Streamlined the security governance, and risk management process by creating an information security program, using the ISO 27001 certification framework.
Managed the development of access control policy to timely permit the privileged access to the infrastructure and distribution management data.
Worked with the FBI and CIO in security breach includes coordination of all of the external and internal network, data, and application teams to complete the final investigation report.
Solid Landings Behavioral Health, CA March 2013 – March 2015
Information Security Officer
Created Security Program and supervised four security coordinators in HIPAA HITECH Act., compliance process.
Enabled the company to achieve Attestation HIPAA Compliant within six months, saved the company $1.5M.
Responsible for the supervision of IT security and risk management activities to ensure unhindered operations.
Responsible for Policy development and implementation, and HIPAA Privacy and Security training to the company’s workforce.
Mc Graw-Hill Financial Services -J.D. Power Corp, CA. Dec 2012 – March 2013
Information Security Officer
J.D. Power, a unit of McGraw Hill Financial, one of the world’s most recognized brands in customer satisfaction.
Served as the ISO’s official designee representing the company on information security with potential clients on the company’s security position, and a primary contact point as subject matter expert for all security matter with vendors, and external auditors.
Led the company to achieve ISO 27001 certification, coordinated the company engineering group, and the group of managers to work with the external auditor on the remediation processes.
Developed a comprehensive recovery strategy, establishing plans and solutions to restore business-critical applications, data, hardware, communications, and other IT infrastructure in the case of disaster.
Facilitated migration and implementation of non-compliant environments to compliant environments and briefing to the Executive Committee weekly.
Reported to CSO, and supervised seven network and security engineers with responsibility for evaluating the AWS security applications and systems.
Makes recommendations and assists in the implementation of changes to work more efficiently, and coherence with the JD Power security strategy.
Designed incident response planning program to ensure all points of contact identified for accepting, collecting, and passing incoming information for the final report events, and also ensure all pertinent information is obtained to allow the identification, categorization, incident handling and triage actions to occur in a time-sensitive matter.
AT&T, Security First Center of Excellence, CA March 2012 – Dec 2012
Lead Red-Team (Ethical hackers)
Created the comprehensive attacking model with the roadmap, strategy, planning, methodology, and monitor and enforce the rules of engagement that intent to be performed on all of API web application, and perimeter defense mechanism.
Led a team of four Ethical Hackers, ensured all these plans can protect the AT&T’s assets from unethical hackers, and all the processes are compliant with NIST SP 800-115/53, AT&T security policies, and all other applicable industry standards. Supervised 6 team members.
Children Hospital Research Center, Oakland, CA Jan 2011 – Jan 2012
HIPAA HITECH Auditor
Led internal teams through the preparation for and successful completion of the HIPAA HITECH Act., PCI, and regulatory audits through all phases of the operational compliance program from audit readiness through final assessment.
Performed evaluating Security Controls of AWS clouds, ensure operational, and technical safeguards compliance with HIPAA regulations.
Lending Tree Inc., Irvine, CA. Jan 2010 – Jan 2011
Sr. Program Manager, Cyber Security Assurance
Led a team of seven coordinators. Created a Security Program from ground zero, ensure it complied with Online Privacy Protection Law, FFIEC, FACTA, GLB Act, PCI-DSS.
Worked with the IT team to create an effective endpoint security protection mechanism, providing a team with an effective comprehensive recovery strategy to restore business-critical applications and other IT infrastructure in the case of disaster.
Providential Holdings Group Inc., CA March 2004 - March 2010
Director of Enterprise Security Application and Compliance
Oversees the direction, management, and goal setting for Compliance Program Integrity operations and ensures the development of outcome programs to support the direction of company business objectives.
Led compliance initiatives to prevent, detect, and respond to internal and external compliance risks and conducts enterprise risk assessments, investigations, and risk mitigation.
Worked collaboratively with administrative and leadership and advises on the development of documented operational controls and effective processes and practices that demonstrate appropriate execution of compliance regulatory requirements
Responsible for supervising 11 people including project manager, network engineers, application engineers, and IT security manager.
Additional Experience:
Sr. Manager of Content Protection and Assessment – MGM entertainment, Santa Monica, CA
Sr. Manager of IT Security Operation and Compliance - American Specialty Health Plan Corp., CA.
Sr. Secure Software Engineer - Clandestine Operation - Northrop Grumman, Redondo Beach, CA.
EDUCATION
Stanford Advanced Computer Security, Professional Certification,
Stanford University, School of Engineering, 2017-2019.
B.S. in Computer Science, University of California, San Diego, CA.
CERTIFICATION& LICENSES
Cyber Security and Executive Strategy Certification (SU)
Emerging Threats and Defenses Certification (SU)
Information Security Assurance Certification (CPPU)
Secure High-Speed Multiprotocol Network Certification (CPPU)
AWS Identity Access Management Certification (Amazon)
Router Configuration Specialist Certification (CCNA)
CISCO Cyber-Security Specialist Certification (SCYBER)
IBM AppScan Black Box Penetration Testing License
CISSP expired re-certify in progress
AFFILIATIONS
InfraGard member (Partnership between FBI and Private Sector for Protection)
International High Technology Crime Investigation Association (HTCIA)
Information Systems Audit and Control Association (ISACA)
Information Warfare Monitor (IWM)
Center for Internet Security (CIS)
Online Trust Alliance
SANS, DEFCON, TechTarget