Profiles search

David Johnson

VP, Chief Information Security Officer at Constant Contact
Boston, MA, United States

Details

Education: CISM Boot Camp

2010 : 2010

Brockton High School '85

1980 : 1985
Experience: Responsible for oversight of the Information Security Program for Endurance International Group's brand portfolio.

2019 : Present

Constant Contact

VP, Chief Information Security Officer (CISO)

Responsible for oversight of the Information Security Program throughout the Steward Health Care System.

2013 : 2019

Steward Health Care

VP, Chief Information Security Officer (CISO)

Responsible for oversight of the Information Security Program throughout Steward Health Care, LLC.

2011 : 2013

Steward Health Care

Executive Director, Information Security Officer

Highlights

* Established and staffed the initial Information Security, Risk Management, IT Compliance and IT Service Management programs

* Key contributor for the development of an enterprise Disaster Recovery, Business Continuity and Crisis Management programs for all business units

* Established a comprehensive Data Privacy program complete with automated enforcement utilizing Data Loss Prevention (DLP) software

* Developed Disaster Recovery & Crisis Management Plans to ensure continuity of IT services in the event of interruption

* Team leader and primary individual responsible for successfully achieving compliance with MA Data Privacy Law

* Leadership over a logical cross-functional Information Security Organization from varying business units

* Developed a comprehensive Written Information Security Program based upon ISO 27002

* Team leader for the implementation of an ITSM process automation tool (BMC Remedy v7) in order to increase capability maturity level against both ITIL v3 and COBIT 4.0 for several IT processes

* Conducted and presented an enterprise business continuity assessment, including; 1) Business Impact Analysis; 2) Risk Assessment; 3) ITIL Service Continuity Assessment; 4)Organizational Assessment; 5) Operational Assessment; and 6) Technology Assessment

* Developed and implemented an Information Lifecycle management (ILM) strategy in order to support the organizations objective to establish stronger controls over the retention, classification and ownership of data.

Personally selected by the CIO to establish a dedicated IT Risk Management organization based upon industry best-practices. The organization is designed to address the complete lifecycle of IT Risk Management from process effectiveness and automation, to controls establishment and monitoring to exception management

2007 : 2011

Dunkin'​ Brands

Director of Enterprise Risk & Service Management

2000 : 2007

Dunkin'​ Brands

Director of Enterprise Technology Services
Company: Constant Contact
Years of Experience: 36

Skills

payment industry, Information Security, iso 27001, cissp, risk assessment, Risk Management, it strategy, network security, it management, nist 800-53, information security awareness, information security governance, information security engineering, information security standards, information security management, hipaa, information technology, enterprise software, cobit, computer security, application lifecycle management, u.s. national incident management system (nims), it governance, it risk management, it compliance, it operations, it audit, it infrastructure management, it transformation, it project & program management, it service delivery, it infrastructure design, itil, retail, biotechnology, cyber-security, cyber defense, cyberlaw, cybercrime investigation, executive management, executive leadership, it asset management

About

Executive leader with (30+) years experience across a comprehensive landscape of Information Technology verticals and within a variety business industries.



Roles have included leadership accountability for; Technology services, Infrastructure, Support, Products, Applications, Cyber Security, Information Security, IT Governance, Risk Management, Compliance, Privacy, Business Continuity, Disaster Recovery and IT Service Management.



Industry experience has included oversight within multiple international industries, including; Web Presence Hosting, Digital Marketing, Technology, Healthcare, Insurance, Bio-Technology, Retail, and Quick Service Restaurants



Fervent practitioner of, and subject matter expert in many industry best practice frameworks for information technology process management, including, CIS, HITRUST, ISO, NIST, FIPS, FISMA, COBIT, ITIL, AGILE, etc.