Profiles search
Joe Paul
Cybersecurity Compliance Leader & Deputy CISO @ Choreograph | CISSP, CRISC, CISA, CGEIT, CBCP, PMP, HITRUST, ISO27001
Dallas, TX, United States
Details
Experience:
• Manage and work with Compliance Analyst, including assigning tasks to assist in the completion of compliance activities.
• Manage implementation, compliance tracking, and reporting processes for the security governance frameworks, regulatory, and client compliance requirements.
• Manage SaaS applications and processes used to track various compliance initiatives.
• Define and monitor security metrics and KPIs.
• Ownership of all internal and external audit coordination between auditors and internal stakeholders, performing initial reviews of evidence submissions and subsequent project management tasks.
• Successfully led entire HITRUST r2 re-certification process.
• Ensure risk-based compliance to governmental and industry standards such as SOX, HIPAA / HITECH, HITRUST, and SSAE 18 SOC1 / SOC2.
• Provide input for corporate security projects with regards to identifying requirements for ongoing compliance.
Ensure oversight of compliance of IT Security obligations for training / awareness, risk assessments, BCDR & Incident Response exercises, and security reviews.
• Manage vendor security vetting.
• Work proactively with all areas of the business to ensure security compliance objectives are met.
• Chair the Committee on Risk and Control, and provide reporting to various senior leaders.
2022 : Present
Choreograph
Director of Cybersecurity Compliance / Deputy CISO
VICTORY BRIDGE FOUNDATION (VBF), a 501(c)(3) charitable organization, serves veterans, first responders, and their families by raising awareness & providing resources for suicide prevention, mental health Initiatives, substance abuse rehabilitation solutions, and PTSD.
2023 :
Victory Bridge Foundation
Board Member
• Drove Supplier Assurance Services (SAS) Standards and Procedures and ensured enhancements in response to internal and external drivers; ensured awareness and communication of relevant updates.
• Lead SAS Governance forums ensuring appropriate coverage and tracking.
• Designed, developed and maintained assessment processes, procedures, checklists and guidance.
• Provided governance and requirements into development and maintenance of toolkits.
• Identified impact of changes across Corporate Third-Party Operations (CTPO), ensuring appropriate handling of impacting changes.
• Ensured SAS community understood assessment requirements and processes as well as impacts resulting from changes.
• Ensured assessment documentation libraries were kept current.
• Provided governance input into SAS training program and SAS input into CTPO and broader training programs
• Functioned as the primary interface with CTPO Exam Management Team, Compliance, Operational Risk Oversight, Control Management, and JPMC Client Teams for SAS-aligned exam, audit and other review matters including responding to and tracking of RFIs.
• Partnered with regional CTPO governance functions on SAS-aligned exam, audit and other review RFIs and key issues as required.
• Managed bi-annual SAS Audit activities and responses.
• Facilitated reporting and communications related to SAS-aligned exam, audit, reviews and issues
• Managed Risk & Control Self-Assessment (RCSA) and execute RCSA activities for SAS.
• Managed issue identification and oversaw action plan remediation for risks and control deficiencies aligned to SAS.
• Prepared materials and supporting documentation to assist Manager and/or acted as a delegate for management meetings, awareness sessions, global and regional activities and ad hoc forums as required.
2021 : 2021
JPMorgan Chase & Co.
Vice President, Supplier Assurance Governance Lead
• Planned and executed third-party risk assessments of multiple suppliers to evaluate their overall operational and information security posture and specific application security posture, ensuring that the appropriate controls were in place to meet JPMC’s standards and requirements.
• Tracked all assessments, remediations, and exceptions in JPMC’s implementation Archer GRC system branded as 4Site.
2019 : 2021
JPMorgan Chase & Co.
Vice President, Supplier Assurance
• Oversaw the Manager's Control Assessment (MCA) and ensured that the appropriate risks, controls, tests and Key Risk Indicators (KRI) are in place and reported on.
• Identified issues through proactive interactions with customers to ensure timely identification and reporting of control deficiencies via documented issue management practices
• Ensured on-time remediation and appropriate management reporting of issue status and corrective actions.
• Managed all audit-related activities including ensuring factual issue accuracy and documentation of corrective actions.
• Partnered with other team members to provide MCA Governance for several CTI Global Functions.
2019 : 2019
Citi
Vice President, Information Security Risk Management
• Manage implementation, compliance tracking, and reporting processes for the security governance frameworks, regulatory, and client compliance requirements.
• Manage SaaS applications and processes used to track various compliance initiatives.
• Define and monitor security metrics and KPIs.
• Ownership of all internal and external audit coordination between auditors and internal stakeholders, performing initial reviews of evidence submissions and subsequent project management tasks.
• Successfully led entire HITRUST r2 re-certification process.
• Ensure risk-based compliance to governmental and industry standards such as SOX, HIPAA / HITECH, HITRUST, and SSAE 18 SOC1 / SOC2.
• Provide input for corporate security projects with regards to identifying requirements for ongoing compliance.
Ensure oversight of compliance of IT Security obligations for training / awareness, risk assessments, BCDR & Incident Response exercises, and security reviews.
• Manage vendor security vetting.
• Work proactively with all areas of the business to ensure security compliance objectives are met.
• Chair the Committee on Risk and Control, and provide reporting to various senior leaders.
2022 : Present
Choreograph
Director of Cybersecurity Compliance / Deputy CISO
VICTORY BRIDGE FOUNDATION (VBF), a 501(c)(3) charitable organization, serves veterans, first responders, and their families by raising awareness & providing resources for suicide prevention, mental health Initiatives, substance abuse rehabilitation solutions, and PTSD.
2023 :
Victory Bridge Foundation
Board Member
• Drove Supplier Assurance Services (SAS) Standards and Procedures and ensured enhancements in response to internal and external drivers; ensured awareness and communication of relevant updates.
• Lead SAS Governance forums ensuring appropriate coverage and tracking.
• Designed, developed and maintained assessment processes, procedures, checklists and guidance.
• Provided governance and requirements into development and maintenance of toolkits.
• Identified impact of changes across Corporate Third-Party Operations (CTPO), ensuring appropriate handling of impacting changes.
• Ensured SAS community understood assessment requirements and processes as well as impacts resulting from changes.
• Ensured assessment documentation libraries were kept current.
• Provided governance input into SAS training program and SAS input into CTPO and broader training programs
• Functioned as the primary interface with CTPO Exam Management Team, Compliance, Operational Risk Oversight, Control Management, and JPMC Client Teams for SAS-aligned exam, audit and other review matters including responding to and tracking of RFIs.
• Partnered with regional CTPO governance functions on SAS-aligned exam, audit and other review RFIs and key issues as required.
• Managed bi-annual SAS Audit activities and responses.
• Facilitated reporting and communications related to SAS-aligned exam, audit, reviews and issues
• Managed Risk & Control Self-Assessment (RCSA) and execute RCSA activities for SAS.
• Managed issue identification and oversaw action plan remediation for risks and control deficiencies aligned to SAS.
• Prepared materials and supporting documentation to assist Manager and/or acted as a delegate for management meetings, awareness sessions, global and regional activities and ad hoc forums as required.
2021 : 2021
JPMorgan Chase & Co.
Vice President, Supplier Assurance Governance Lead
• Planned and executed third-party risk assessments of multiple suppliers to evaluate their overall operational and information security posture and specific application security posture, ensuring that the appropriate controls were in place to meet JPMC’s standards and requirements.
• Tracked all assessments, remediations, and exceptions in JPMC’s implementation Archer GRC system branded as 4Site.
2019 : 2021
JPMorgan Chase & Co.
Vice President, Supplier Assurance
• Oversaw the Manager's Control Assessment (MCA) and ensured that the appropriate risks, controls, tests and Key Risk Indicators (KRI) are in place and reported on.
• Identified issues through proactive interactions with customers to ensure timely identification and reporting of control deficiencies via documented issue management practices
• Ensured on-time remediation and appropriate management reporting of issue status and corrective actions.
• Managed all audit-related activities including ensuring factual issue accuracy and documentation of corrective actions.
• Partnered with other team members to provide MCA Governance for several CTI Global Functions.
2019 : 2019
Citi
Vice President, Information Security Risk Management
Company:
Choreograph
About
With over 20 years of experience in the cybersecurity field, I am a seasoned professional who excels in executing data privacy, IT security, audit, business continuity, disaster recovery, IT governance, cyber risk management, and compliance solutions. I have multiple certifications and credentials that demonstrate my knowledge and skills in these areas, such as CISA, CISSP, CRISC, CGEIT, CBCP, CTPRP, PMP, ISO 27001, Lean Six Sigma, and ITIL.
As the Director of Cybersecurity Compliance and Deputy CISO at Choreograph, a WPP/GroupM company, I manage and work with a team of compliance analysts, oversee the implementation and reporting of security governance frameworks and regulatory requirements, and coordinate internal and external audits. I also successfully led the entire HITRUST r2 re-certification process and ensured risk-based decision making across the organization. My mission is to protect the data and assets of our clients and stakeholders, while enhancing the efficiency and effectiveness of our cybersecurity processes.
Profile Photo
