Post Job Free
Sign in

Senior Technology & Business Executive

Location:
Lake Jackson, TX
Salary:
250000
Posted:
June 06, 2025

Contact this candidate

Resume:

JOHN GALLO *********@*****.*** 979-***-**** Lake Jackson, TX www.linkedin.com/in/johngalloiii SENIOR TECHNOLOGY & BUSINESS EXECUTIVE

Driving Digital Transformation & Technology Innovations to Achieve Operational Excellence and Build Competitive Advantage

Visionary business-minded technology executive with 25 years of experience translating complex problems into growth opportunities through the design and delivery of effective, value-focused solutions. Adept at accelerating the pace and improving the accuracy of business decision-making processes by simplifying operating models, team structures, and the use of data. Effective communicator and inspirational team leader who engages well across the C-Suite, Board of Directors, and with business line leaders through value enablement, partnering, and collaboration. A demonstrated hands-on expert in developing and cultivating organizations, educating, engaging executive leadership, and building strategic customer and vendor partnerships crucial to success. An accomplished negotiator who is dedicated to maintaining an organization built on integrity, quality, service, and uncompromising ethics.

Strategic Planning Team Leadership FI Core Banking Digital Transformation Change Management Enterprise Architecture IT Operating & Service Delivery Modeling Enterprise Technology Management IT Operations Portfolio Management Budget Management Cloud & Virtual Solutions Agile M&A Integration Audit Oversight and Remediation Compliance Data & Analytics Stakeholder Engagement Identity Access Management Vulnerability Management NIST CSF Information Security Program Management Cybersecurity Strategy Enterprise Risk Management PROFESSIONAL EXPERIENCE

Texas Dow Employee Credit Union, Houston, TX January 2013 – Current Vice President of Enterprise Infrastructure, Cloud Architecture & Information Security, (CISO Role) 2021 – Currently Key Achievements:

Transformation Leadership: Led transition to Cloud Native Operating Model with a three-year technology roadmap. Cybersecurity Strategy: Formulated Cyber Security IT strategy, aligning it with business goals. Crisis Management: Directed initiatives during Covid-19 to ensure operational continuity and security. Leadership Engagement: Engaged C-Level executives and Board of Directors to secure buy-in for future state. Led digital transformation initiatives by establishing Technology Innovation Function, enhancing business agility cost- neutrally and converting technical debt into assets, improving user experience and Net Promoter Score through agile improvements to infrastructure.

o Migrated infrastructure operations to Cognizant, saving $27M over 3 years. o Directed enterprise-wide technology and cybersecurity efforts. o Reorganized a siloed IT organization into a unified entity, increasing project efficiency tenfold through agile methodology utilizing Jira PI planning.

o Migration to SDWAN achieved > 99.99% Global Network Uptime with dual ISPs ensuring redundancy and performance optimization.

o Updated voice platforms to Five9 architecture using Oracle and Microsoft Teams, eliminating technical debt. o Led design of voice security solutions for Microsoft Teams and Five9, protecting against call spoofing and fraud, partnering with vendors for advanced security.

o Developed Cloud Strategy Roadmap and DR Paper, reducing on-prem dependency by 70%, achieving RTO of 15 minutes, RPO of 5 minutes, and increasing efficiency by 20%. o Implemented Service Now, replacing Footprints, enhancing IT service management workflows and service delivery. o Supervised migration to Azure Cloud, transitioning email, CRM, and data warehouse to Office 365, Dynamics 365, and Snowflake on Azure Cloud.

o Redesigned the operating model, metrics, and governance framework for IT Infrastructure and Service Delivery functions, which resulted in improved customer Net Promoter Score (NPS) and sustained a 99.9% uptime on all critical systems.

o Established standards for IT infrastructure, digital solutions, and branding while ensuring business agility and compliance.

o Migrated infrastructure and applications to Cisco ACI and Nutanix. Designed and implemented Cyber Security Operating Model for a 3-year technology strategy roadmap integrating cloud diversity.

o Digital Brand Management Program: Collaborated with BlueVoyant to protect our online presence and reputation by removing unauthorized mobile apps and websites impersonating TDECU. o Zero-Trust Architecture Enhancements: Implemented Palo Alto Prisma Access across all branch locations to minimize potential risks.

o Web Application Firewall and DDoS Protection: Deployed with Cloudflare to enhance defense against online application attacks.

o Managed change initiatives to overcome established paradigms and gain stakeholder support. o Improved productivity, reduced risks, and cut costs by $1M annually through outsourcing SOC services. o Prioritized tech/cyber projects based on risk appetite defined by BOD and CRO. o Promoted an information security culture with annual training programs. o Enhanced Vulnerability Management: Incorporated additional signals and threat intelligence to proactively identify risks for the operations team to address. o Threat Hunting Program: Replaced legacy vendor Recorded Future to establish processes to identify persistent threats, reinforcing proactive security measures utilizing Defender for Experts MDR. o Improved Threat Detection: Engaged Microsoft experts for Extended Detection and Response to strengthen threat detection capabilities.

o Privileged Remote Access for Vendors: Strengthened external vendor access management with BeyondTrust Privilege Remote access solution.

o Privileged Access Management: Upgraded platform with BeyondTrust to improve security posture. o Automated Breach and Attack Simulation: Implemented Pentera to regularly test and enhance security readiness. o Implemented Okta Customer Identity Access Management (CIAM) strategic operating model, enhancing customer experience, increasing customer signups, boosting employee productivity, and accelerating the delivery of secure applications.

Led the NIST CSF 2.0 improvements in Information Security risk and compliance governance and response domains o Assembled cross-organizational team to champion change within cyber security strategy and program to meet goals of NIST cyber security program maturity level (2.4 to 3.2 out of 4) o Secured Board Approval for Member Information Security Policy: Established essential governance and compliance measures to safeguard member and employee data.

o Completion of NIST Assessment: Executed a comprehensive cyber risk assessment in collaboration with Slalom, yielding actionable recommendations and a definitive security roadmap for strategic enhancements. o Resolution of Audit Findings: Successfully addressed all audit findings in 2024, including several high-priority critical items, illustrating substantial progress in risk mitigation and compliance. o Clean NCUA/TCUD Examination: Attained a clean NCUA examination with no findings, supported by persuasive evidence and meticulously documented compliance.

o CLA Audits Facilitation: Effectively managed multiple external audits on our security framework, resulting in only two high and zero critical findings.

o Execution of Mandatory Tabletop Exercises: Conducted NCUA-mandated tabletop exercises, reinforcing compliance and organizational preparedness.

o Enhancement of Security Awareness Training: Overhauled the program with an interactive video training system and a gamified approach during October Cyber Awareness Month, substantially increasing engagement. o Improvement in SAT Training KRIs: Achieved measurable progress in training compliance, with more staff completing SAT training ahead of deadlines, indicating heightened security awareness. o Completion of M&A Risk Assessments: Performed thorough risk assessments for Space City and Sabine acquisitions, ensuring due diligence in support of merger and acquisition activities Created a cybersecurity strategy to enhance cyber readiness for quick recovery with minimal cost and disruption from attacks. o Developed enterprise cyber security roadmap, program, and strategy. o Improved Cyber security maturity from NIST CSF rating 2.4 to 3.2. o Implemented Data protection policy including data classification and data loss prevention controls. o Established policies for privileged users and application patching. o Collaborated with business to create an enterprise security framework. o Fostered a security-first culture through the Human Risk awareness program. o Led adoption of hybrid on-premises data center and Microsoft Azure E5 security platform. External boards and leadership activities:

o CSO50 award winner in 2019 for Zero Trust model at TDECU. o Board member of CISOExec Network since 2018.

o Chair of CUFSLP cyber security board.

o Elected to BeyondID / Okta Advisory Board in 2022 o Presented at Gartner IAM and Houston’s Leadership Summit in 2022 to 2024. o Featured speaker in 2022 on podcast for Technology Cloud migration, security, and governance. Senior Director – Information Security, Compliance, and IT Strategy, 2019 – 2021 Provide vision and leadership for enterprise-wide business technology and cybersecurity initiatives. Manage enterprise cyber security governance structure, policies, processes, and metrics. Create Strategic initiatives, advise CIO & Enterprise Risk Management BOD on alignment with corporate business strategic objectives and guided senior IT management on implementation. Responsibility for execution, strategy, and vision for cyber security over TDECU’s businesses. Developed and advanced the security program and directed all functions and teams in support of ensuring current and future cyber risks are addressed appropriately. Ownership over all related security policies, processes and technologies and worked closely with other senior business leaders, to ensure security is aligned with business goals and objectives and to meet the needs of the enterprise strategic objectives.

• Drove cyber maturity by developing risk-based cybersecurity roadmap strategy based on NIST CSF. o Analyzed gaps to shape transformational roadmap aligned with new corporate business strategy. o Matured security posture through implementation of embedded security control requirements throughout the life cycle ensuring traceability of requirements to corporate policy and control frameworks. o Improved, cyber risk assessment, data protection, incident Response for information security. Applied assessment process framework across the cyber portfolio, defined roles and responsibilities for security coverage of the enterprise and enabled monitoring of the progress of the plans. o Presented program self assessment results quarterly to the BOD and audited results every 24 months.

• Led Information Security platform overseeing a team of diverse and passionate infosec practitioners supporting:

o Security architecture & engineering

o SOC & incident response

o Assurance & vulnerability management

o Security education & insider threats

o Data protection and DLP

o Operational Technology protections

• Modernized legacy core system with a modern digital product that enabled business process optimization and aggregation of operational information across regions.

• Established technology product team based on pure Agile methodology that evolves application portfolio with enhanced product delivery velocity

• Drove cyber maturity by developing risk-based cybersecurity strategy based on ISO27001 standard.

• Streamlined M&A activities by creating technology integration function and IT M&A integration playbook to strengthen due diligence and risk analysis for seamless integration acquisitions.

• Turned around and delivered strategic Cyber program in less than a year; led subsequent delivery of NIST- based operational dashboard aggregating data from on prem and managed services systems. Director – Business Information Systems & Security / Compliance 2017 - 2019 Information Technology Director

Led 4-member team in delivering flexible, scalable, sustainable, and highly secure technology solutions for program created by the NIST CSF framework to provide security mechanisms through privacy and information assurance initiatives across the company. Develop and present security business cases and financial proforma’s to steering committee for enterprise initiatives. Managed

$2M budget and development of efficient IT processes.

• Responsible for information security governance, risk management and compliance programs

• Deployed 24x7 Cloud SIEM/SOC/NOC Managed Service Solution for threat management that detects, responds and contains internal and external cyber-attacks across the enterprise.

• Defined and maintained the Enterprise Security Incident Response Plan for the enterprise

• Deployed Enterprise Security Awareness Training program

• Administer and deliver internal audits and administer security gap remediation plans

• Implemented Data Loss Prevention program

• Administer regulatory FFIEC/NCUA/NIST cyber assessment Tool

• Implemented Next Gen Antivirus Program

• Developed external connectivity through VPN / MFA

• Manage Vulnerability Reporting and Patch Management program

• Maintain Information Security Program (Policy)

• Led IT modernization and optimization program, delivering fully virtualized datacenter, standardized development platform, support for mobile devices, and legacy core business system replacement, including guiding RFI/RFP process, collaborating with Consulting, and obtaining c-Suite / Board approval. Develop Business Intelligence and Enterprise Application Support Strategy

• Providing vision and leadership for developing and implementing information technology initiatives that align with the strategic plan

• Direct, manage and deliver application development projects through the application of comprehensive software development life cycle (SDLC) processes.

• Deliver continuous improvement of the existing software applications and architecture

• Manage the client technology relationship, including expectations and customer satisfaction

• Develop self reporting portal utilizing available data sources

• Provide leadership on how we capture, define, disseminate, and utilize the wealth of data that we collect about the financial marketplace

• Centralized business intelligence function that are a single source of financial and operational metrics with consistent definitions across our portfolio of businesses

• Created standard reporting methodology

Director - Architecture & Security 2013 – 2017

Developed a strategic business plan for TDECU technology transformation to reduced inefficiencies and control excess IT spending

• Establish the company's technical vision for new infrastructure and leading TDECU's technological development.

• Directs the company's strategic direction along with the development and future growth of TDECU’s technologies.

• Works in a consultative fashion with other department heads, as an advisor of technologies that may improve their efficiency and effectiveness.

• Elimination of legacy core business systems and deployment of DNA Fiserv architecture in 2014/2015

• Built third party integration plan

• Developed playbook for migration of business and IT services

• Managed core banking vendor and corporate project plans for successful delivery of Fiserv core banking system

• Developed high-level project management methodology, metrics and financial discipline at TDECU’s in 2013, leading to a return of IT project funds to the business.

• Created business plan to utilize co-location data center facilities eliminating redundancies and reducing administration costs and created a governance model to manage the consolidated IT enterprise

• Lead project to migrate business applications and shared IT services from legacy in house data centers to cost effective efficient co-located data centers

• Standardized and centralized applications and IT shared services using Citix and VMWare in Co-Located data canters.

• Developed cybersecurity strategy

o Deployed rigorous security mechanisms through privacy and information assurance initiatives across the company in 2014/2015

o Masergy SIEM Solution / Implemented Data Loss Prevention program o Established standards in VPN / MFA

o Established Patch Management program

o Audit and examinations

ADDITIONAL EXPERIENCE

CAPITAL G Bank Limited, January 2004 – December 2012 CTO, Vice President

CAPITAL G Bank Limited, February 2001 – Dec 2003

Senior Systems Architect

First Atlantic Commerce Limited December 2000 - February 2001 Internet Payment Gateway Consultant

oeBusiness.com Limited March 1999 – December 2000

Director of eCommerce Integrations

Full Service Trade System Limited December 1997 – February 1999 Network/Operations Manager

Independent Consultant October 1997 - December 1997 Bank of N. T. Butterfield and Son September 1989 - October 1997 Senior Technical Support Analyst

EDUCATION & CREDENTIALS

BSc – Bachelor of Arts in Computer Science Engineering St. Anselm College, Bedford, NH



Contact this candidate