Directed ** major IT programs, establishing new PMO Governance structures, and adeptly utilizing Waterfall, Scrum, Lean- Six Sigma, and Agile-SAFe methodologies across diverse industries for getting programs back to successful implementations.

18 years expertise in management of network migration and cybersecurity with a focus on M&A environments and integration of acquired entities. Turnaround of troubled programs with ability to manage time and cost effectively.

Proven record in Identity, Fraud, and Access Management (tools: IBM IAM, CyberArk, Azure A/D, Okta, ForgeRock, SailPoint) and GRC implementations aligning with frameworks like NIST, ISO, SOX and CIS. SOX Controls and Audits.

Led regulatory reviews in HIPAA, SOX, ISO 27001 & 27002, and managed up to 282 personnel with budgets up to $189M.

Spearheaded 9 major M&As, 4 TSA’s, 3 NIST, and 5 FISMA audits, ensuring compliance and successful evaluations.

Extensive experience (15+ years) in Cybersecurity, PCI compliance, SOX and sectors like finance, insurance, and healthcare.

Demonstrated leadership in cybersecurity, mergers and acquisitions, software development lifecycle programs and data center programs; managed globally diverse teams including DBAs, analysts, engineers, developers, and project managers.

Successfully executed technical projects, overseeing timelines, budgets, risks, and stakeholder communication.

CERTIFICATIONS:

Project & Program Management:

PMP (PMI Atlanta #782402) & PgMP – Program Management Professional

ITIL v3 Foundations

CMMP and Change Foundations (ACMP)

IBM AGILE Thought Leader/Master Implementer (#1287) – Software Redesign

Agile & Software Development:

Certified Scrum Master (CSM) – Scrum Alliance (License #000297818)

SAFe Agile Implementer – DEVELOPMENT, QA and PRODUCTION environments

MCSM (Microsoft Certified Solution Master) – Microsoft Line Master Implementation

Quality & Process Improvement:

Six Sigma Black Belt (LEAN) – IBM, 2008

CSOE – Certified Sarbanes-Oxley Expert (SOX Association)

IT Security & Compliance:

CISSP – Certified Information Systems Security Professional (ISC2)

CISA – Certified Information Systems Auditor

Certified in Computer Forensics with Encase Analytics (SOX 404 compliant)

PCI/DSS ISA Certification, Auditor (QSA) & NIST, FISMA, SSAE 16, TR-39

OCEG GRC Professional – Including governance, risk, compliance, ethics, and audit.

HIPAA Certification

CSA – Cloud Security Alliance Fellow; Atlanta Chapter

Software & ERP Implementation:

Salesforce Master Implementer – Led 4 Fortune 100 projects. Primavera P6 EPPM Certification - 2018

PEOPLESOFT Financial ERP Implementer & SCAMPI Level 3 CMMI Certification

Oracle Certified Professional – 6 major ERP Implementations

Additional Certifications:

CPC-AAPC & PCI-P2PE Assessor and PCI DSS 3.2

CHPS-AHIMA, DHHS FEDRAMP

IBM ITSM & IAITAM (Certified Asset Management Security Expert #80236)

EDUCATION

Air Force Academy, Colorado Springs, Colorado

oB.S. in Aeronautical Engineering (84-87)

Georgia State University

oB.S. in Criminal Justice Management, Minor in Business Law (89-91)

oJ.D., College of Law (05-11)

Concordia University

oB.S. in Business Administration & Project Management, Minor in IT Management, Summa Cum Laude (00-02)

LANGUAGES

Fluent: German, English, Latin; Conversational: Mandarin (Taiwanese), Korean (Formal Hangul), Nippon (Formal Japanese)

TECHNICAL SKILLS

Project Management: PMI, PMP, Agile-SAFe, SCRUM, KANBAN, PRINCE 2, Six Sigma (Black Belt & LEAN), Waterfall

Software & Systems: Peoplesoft, ServiceNow, Microsoft Suite (Project, Office, Server, Visio), JIRA, Splunk, WebSphere, Oracle ERP, Salesforce, Primavera, Informatica, SAP Suite, Oracle Suite, ServiceNow-Suite, Google Suite and SQL

Regulations & Compliance: HIPAA, EDI, SOX, ITILv3, PCI DSS 3.2, GDPR, ISO/IEC Standards, NIST, FISMA, AML

Development & Implementation: .NET Suite (MS VB.NET, ASP.NET, C#), WebLogic, SOAP, SQL, UI-UX, PHP, REST, Linux, Java/Unix, API Integrations, Master data management, Website Development and Master Data Modeling

Business Intelligence & Analytics: Business Requirements, Data Analytics, Predictive Analysis, IBM Watson

PRIMAVERA Tools and Integrations

Primavera P6 (Enterprise Project Portfolio Management - EPPM): 5 years expertise in schedule, resource, and portfolio management with advanced reporting and analytics, Integration with broader enterprise systems

Primavera Cloud: 4 years’ experience with cloud-based project management functionalities with secure data sharing and collaboration in real-time

Primavera Risk Analysis (Pertmaster): 3 years’ experience with probabilistic risk analysis and modeling to develop risk assessment integrated with scheduling tools for enterprise resource planning (ERP) and development of FTE counts and commitments for Programs.

Primavera Portfolio Management: 3 years’ experience with strategic portfolio prioritization, burn down charts and resource allocation as well as client investment forecasting.

Primavera Unifier: 3 years doing capital project and portfolio management with cost control and document management capabilities.

Primavera Time Control - Detailed labor, equipment, and material field data collection and integration with Primavera scheduling tools

Oracle Business Intelligence (OBI) / BI Publisher: Customized reporting and advanced analytics with Seamless integration with Primavera tools for data-driven insights

Oracle Gateway: 5 years’ experience with data synchronization between Primavera applications and other enterprise systems ensuring real-time data flow and connectivity during Mergers and Acquisitions

Primavera User Defined Components (UDC): Custom component creation for specialized project needs with tailoring Primavera applications to specific organizational workflows.

Integrated Framework with ERP Systems: Seamless integration of Primavera tools with popular ERP systems (e.g., Oracle, SAP) with real-time data exchange for improved decision-making

Microsoft Office Suite: MS Project for complementary project management needs integrated with Primavera with Excel for advanced data analysis and reporting and feeds into PowerPoint for stakeholder presentations.

Collaboration & Communication Tools: Platforms like Slack or Microsoft Teams with task management tools such as JIRA or Trello

Business Intelligence & Visualization Tools: Expertise in tools like Tableau, Power BI for data-driven insights with integration with Primavera data for enhanced reporting

CYBERSECURITY

Cybersecurity Frameworks & Standards: Understanding of frameworks such as NIST, ISO/EIC 27001, CIS Security Controls.

Security Platforms & Tools: Familiarity with tools like Splunk, ArcSight, Symantec Endpoint, CyberArk PSM, Qualys, Rapid7, SAP HANA, OKTA/MFA, Identity Management, Endpoint Security, Data Security – Cloud DLP and Encryption

Cloud Security: Knowledge of cloud platforms (e.g., AWS, Azure, Google Cloud) and their security best practices.

Threat Analysis: Ability to assess, understand, and mitigate cybersecurity threats with process improvements.

Incident Response: Planning, orchestrating, creating response plans and leading response to cybersecurity incidents.

Network Security: Knowledge of firewalls, IDS/IPS systems, VPNs, and other network security technologies.

Access Control and Identity Management: Experience with PAM/IAM tools and practices to manage user access, like Single Sign-On (SSO) and Multi-Factor Authentication (MFA) including development of the LUMINATE Platform. 15 years’ experience with CyberArk, SailPoint and ServiceNow and with two magazine articles regarding the success of said programs.

MANAGERIAL & STRATEGIC SKILLS

Program Management: Oversight and management of large-scale cybersecurity projects and initiatives.

Change Management: conflict resolution, analytical prowess, facilitation, negotiation, empathy, risk management, training, technical proficiency, adaptability, and cultural awareness to guide organizations through successful transformations.

Governance and Compliance: Ensuring cybersecurity efforts are compliant with industry regulations and standards.

Risk Management: Ability to assess, prioritize, and mitigate risks in an organization.

Budgeting: Managing cybersecurity budgets, understanding the cost-effectiveness of tools and initiatives.

Vendor Management: Evaluating and managing relationships with third-party service providers and vendors.

Strategic Planning: Ability to align cybersecurity strategies with business goals and objectives.

SOFT SKILLS

Communication: Effectively conveying complex cybersecurity concepts to both technical and non-technical stakeholders.

Leadership: Guiding and motivating cross-functional teams.

Problem-Solving: Identifying solutions to complex security challenges and turn around strategies for troubled programs.

Analytical Thinking: Evaluating data and trends to inform decisions for security, M&A, financial, healthcare, and governmental institutional.

Adaptability: Responding quickly to emerging threats or changing business needs.

Stakeholder Management: Building and maintaining relationships with internal stakeholders and external partners.

KEY STRENGTHS

Leadership & Strategy: Established PMO from scratch, senior-level communications, strategic planning, and team building

Project Management: Resolution of troubled projects, ERP implementations (PEOPLESOFT, Salesforce, SAP, Oracle), managing budgets up to $189M.

Process Improvements: Agile Change Agent/Leader, LEAN Six Sigma Process, VSMs, ERP optimization, DevOps automation

Regulatory & Compliance: SOX, HIPAA, GDPR, FISMA, FEDRAMP, NIST, PCI/DSS 3.2, legal compliance, audit leadership

Communications: Effective C-level communication, SLAs, SOWs, RFP responses, stakeholder engagements

Tech Implementations: Successfully led IT projects from $50K-$850K, developed SDLC processes, enterprise project management solutions. Worked with turn arounds on troubled projects/programs on 11 occasions to success.

SOX FRAMEWORKS

SOX Compliance Framework Understanding: In-depth knowledge of the Sarbanes-Oxley Act, its key sections (especially Section 302 and Section 404), and the ability to implement compliant frameworks accordingly with attestations.

Internal Controls Design & Assessment: Experience in designing, evaluating, and testing internal controls for SOX compliance, including IT general controls. Experience working with external auditors to facilitate SOX compliance audits.

SOX Auditing Skills: Experience with internal and external SOX audits, including preparation, execution, and remediation activities. Ability to identify and assess risks related to SOX compliance and devise strategies to mitigate these risks.

Documentation Skills: Proficiency in documenting policies, procedures, and controls related to SOX compliance.

Regulatory Reporting: Skill in preparing and presenting reports required for SOX compliance, including certifications.

EXPERIENCE:

Senior Technical Program Manager, (Contract) SOX, Cybersecurity and M&A

Orion Star Technical Services, Atlanta, GA T-Mobile

05/2023-Present

Managed global security controls, audits, and implementations for SOX and Cybersecurity LA.09 Group.

Collaborated with internal audit and external consultants to evaluate the effectiveness of IT controls, resulting in a 32% reduction in audit findings. Worked with CyberArk, OKTA, SailPoint and Service Now teams for GRC.

Coordinated with executives and stakeholders to align cybersecurity strategies with roll out of business objectives.

Reviewed and updated incident response plans, ensuring timely response and mitigation of potential security breaches.

Led cross-functional teams to achieve project milestones on time and under budget after a re-organization.

Helped to create new control attestations that were found to be fully in compliance with AI automation practices; after failing two previous audits; within JIRA and CyberArk that fed into a Service Now GRC constant reporting system.

Senior Strategy Execution Consultant (P4 - Director), IDF Group -Identity & Fraud

Equifax, Atlanta, GA

04/2021-04/2023

Orchestrated global engagements; managed the full Luminate UK, Canada and US Deployment that was initially behind by 36 weeks but successfully completed on schedule with clients at over 60 governmental agencies for cybersecurity.

Luminate program was the first successfully released program for Equifax in five years that accomplished reporting of identity fraud weaknesses and was adopted by more than 84 banking systems, the US and UK governments.

Oversaw the EWS Product Portfolio, including 16 Products, and supervised Product Managers, Project Managers, Developers and Architects. Reporting to SLT, Auditors, Legal Team, Marketing on program performance and abilities.

Received four Equifax One awards for successful Data Center decommissioning and migration to a cloud environment.

Led technical projects and ensured timely delivery, network migrations, and cybersecurity measures during M&A processes.

Managed IAM (Identity and Access Management) projects with security professionals; worked on compliance with SLT, SOX, GDPR, and HIPAA regulations and to pass GDPR, FEDRAMP and FISMA.

Senior Technical Program Manager, CSA Security Group

Equifax, Atlanta, GA

11/2019-04/2021

Managed global security controls, audits, and implementations.

Received six awards during tenure for achievements like establishing OWASPI risk detection profiles and collaborating on post-breach GDPR and compliance controls. ISO 27001 audit and control updates to bi-annual attestations.

Implemented Identity and Access Management technologies and maintained ongoing performance evaluations.

Program Manager, CSA

Equifax, Atlanta, GA

04/2019-11/2019

Led end-to-end Security projects and M&A due diligence.

Managed operational effectiveness testing and ISO 27001 and other Compliance policy improvements.

Oversaw post-merger integrations and client relationship management. Helped to work on 2 M&A’s with other teams.

Program Manager, Identity Management/PAM

Orion Star Tech (Equifax), Atlanta, GA

09/2018-04/2019

Salvaged a failing SIERRA PAM program, leading it from 18% to 100% completion within deadlines.

Collaborated with diverse business units for successful Security Consent order compliance.

Managed onboarding and training processes; received accolades for performance.

Program Manager

Orion Star Tech (Entergy), Atlanta, GA

12/2017-09/2018

Oversaw QSA Security Assessment and GDPR EU Security Audit for PEOPLESOFT ERP Systems.

Redesigned PMO processes, managed a $4M budget, and resolved Salesforce ERP upgrade challenges.

Enhanced security review engagements' on-time completion from 22% to 78% within six months.

Program Director

Contract for Merger and Acquisition (HP and Samsung Printers)

Atlanta, GA 11/2016 - 03/2017

Mergers & Acquisitions: Led post-M&A integration efforts, ensuring PCI, HIPAA, Legal, and SOX compliance. Transitioned platforms to an AWS framework for enhanced security and utilized Informatica ETL Power Center 9.6 for data migration.

Vendor & Contract Management: Spearheaded vendor negotiations for Service Level Agreements and outlined future vendor scope and risk management.

IT Infrastructure: Directed integration of Docker environments for library automation and streamlined the CI/CD pipeline through a unified DevOps team using Microsoft Azure.

Achievements: Completed the contract under budget and ahead of schedule, earning recognition from the HP governance board.

Director, Program Management / Change Management

First Data

Atlanta, GA 12/2015 - 11/2016

PMO Leadership: Managed a PMO portfolio of 70+ projects, executed by a team of 22 project managers. Established a PMO, achieving a 35% increase in throughput and improved retention from 30% to 92%.

Vendor & Partnership Management: Led integrative efforts with major mobile payment providers, and managed investment programs with major financial stakeholders, resulting in $6M monthly revenue.

Cybersecurity & Compliance: Implemented PCI DSS 3.2 verifications, securing ISO 27001 certification. Introduced efficient tools for PCI compliance management.

Data Center Consolidation: Centralized three data centers into a unified Azure/AWS model in Chennai, India, achieving significant operational efficiency.

Orion Star Technical Services (Contract Services)

Atlanta, GA 09/2013 - 12/2015

Roles included Program Director for the Weather Channel, Senior Technical Program Manager for Georgia Technology Authority, and Program Manager for Orion Health.

Program & Project Management: Led significant turnaround efforts, such as reviving a delayed Enterprise Server Consolidation Project, saving $42M through data center consolidation for 36 state agencies.

Data Management & Cybersecurity: Managed data integration API's, hierarchy management, and overall security. Optimized IBM IAM processes and introduced MDM matching rules and data quality processes.

Achievements: Won accolades from PMI Chapter, State of Georgia, and IBM for program excellence.

Senior Technical Program Manager

YP Holdings

Atlanta, GA 12/2012 - 09/2013

Strategic Leadership: Collaborated with executive teams during YP's separation from ATT, directing IT reorganization and MDM efforts.

Integration & Infrastructure: Designed a roadmap tailored to various deal structures and transitioned enterprise environments to a centralized ITSM structure using Azure, achieving significant data recovery enhancements.

IT Solutions: Worked extensively with Informatica MDM tools, focusing on optimization and performance tuning.

Achievements: Completed program ahead of schedule, recognized by CEO Ralph DeLa Vega for flawless execution without any SEC issues.

IBM/Mead Johnson Senior Project Manager 07/2011-12/2011 Contract M&A

Orchestrated the revitalization of an overdue Enterprise Server Consolidation Program, culminating in its completion within nine months.

Achieved significant efficiencies through application consolidation and server virtualization, shaping a 5-year ITSM strategy.

Oversaw VMWare, Security, Risk, Compliance, and vendor integration teams.

Managed a diverse team of 416 professionals, including 36 Project Managers and 4 Program Managers with a $189M budget.

Instituted a Project Management Office (PMO), devising standardized frameworks and procedures for all enterprise projects. Reported directly to the CTO and CIO.

Centrics Group (Dentistry for Children) Program Manager 02/2011-07/2011 Contract M&A

Unified 38 dental offices under a cohesive IT framework.

Crafted and monitored project plans, budgets, and timelines against key milestones.

Handled deal structuring and negotiations, liaising with internal and external stakeholders.

Spearheaded post-merger integrations: organizational restructuring, process enhancement, system amalgamation, and culture realignment.

Led post-merger follow-ups, including hardware decommissioning and application migration.

Dimension Data, Alpharetta, GA Senior Project Manager 12/2008-05/2009 Contract for KMMG for Plant Startup

Undertook comprehensive due diligence for the integration of 3 vendors into KMMG, paving the way for the establishment of the KIA Plant in West Georgia.

Constructed financial models to underpin deal valuations and configurations.

Assisted in deal negotiations, liaising with advisory teams for optimal client results.

Steered post-merger activities, from organizational revamps to system harmonization.

Facilitated transaction separation, defining terms and supervising hardware and software transitions.

IBM Senior Project Manager 11/2004-12/2008

Oversaw the merger of Blue Cross/Blue Shield with Anthem and Cambia.

Supervised vendors, project teams, and IT delivery, tracking performance for M&A activities, change management.

Presented program status updates to Senior Leadership Teams.

Led multiple IT product and business teams, bridging gaps and coordinating major releases.

Managed vendor integration, ensuring alignment with the new organization's objectives.

Instituted HIPAA compliance updates across various teams.

Piloted projects from inception to final implementation, interfacing with stakeholders and vendors.

Set and monitored project budgets, conducted periodic status meetings, and enhanced internal project management tools and methodologies.

Mentored and inducted new Project Managers. Spearheaded the transition and decommissioning of Equifax data centers.

IBM Various Project Management roles 01/2000-11/2004

United States Air Force Captain – Weapons System Officer (XF-12) 06/1987-09/1996

REFERENCES: Available upon request with 75 here - https://www.linkedin.com/in/john-gassett-pmi-pmp-829901/

Contact this candidate