Profiles search

Mike Kirtland

Using security to help business get where it needs to go.
Orange, CA, United States

Details

Education: Bachelor of Business Administration (B.B.A.)

Business Administration

California State University-Fullerton

2015
Experience: Cytiva is a global provider of Life Science technologies and services that advance and accelerate the development and manufacture of therapeutics, addressing urgent needs and helping save patient lives.

2022 : Present

Cytiva

Director Information Security

2021 :

Trusted Rudder Advisors, LLC

Principal

Provided protection of infrastructure and data through roadmapping and championing enterprise-wide information security strategy. Ensured confidentiality, integrity, and availability of critical data through policy development, risk assessment, and compliance with multiple regulations using NIST and CIS frameworks. Adhered to regulatory requirements and protect the integrity of existing systems and standards by overseeing vendor qualification and assessment programs. Transformed the security organization from a roadblock to a business partner by helping the business understand the security landscape.

● Established and maintained compliance with GLBA, FFIEC, PCI-DSS, NYDFS, and CCPA through strong information security strategy.

● Directed and managed all cultural and technical aspects of cybersecurity for a 1,500 employee industry-leading financial organization.

● Moved InfoSec and other technical teams to deliver 20% YOY increase in NIST compliance and 40% reduction in internal vulnerabilities.

● Reduced the impact of disasters by devising and implementing business continuity and disaster recovery plans.

● Developed security incident response plan, vulnerability management, IaaS and SaaS cloud security, and product design initiatives by directing information security architecture and ops teams.

● Reduced time for semi-annual user attestation by 52% and 28% YOY.

● Supported technical and administrative security controls by conducting enterprise and system-specific security assessments.

2019 : 2021

American Advisors Group

Director of Information Security

Led the transformation of the company from ad-hoc to managed security posture through development and execution of strategic vision for information security program. Achieved HITRUST certification within 12 months for organization responsible for 11 million patient records from 100+ medical facilities. Facilitated risk assessments and sales cultivation through direct engagement with customer legal, compliance, and security staff. Protected confidentiality, availability, and integrity of data by collaborating with stakeholders and balancing security and business requirements.

2018 : 2019

Manifest MedEx

Director of Information Security

Managed strategy, budget, and ensured delivery to plan for global information security operations supporting 14,000+ employees at 80+ facilities around the world, including negotiation of high-risk regulatory and compliance landscapes across Europe (GDPR), Russia, and China. Directed multi-year security compliance program addressing PCI DSS, GDPR, and SOx compliance using NIST CSF and CIS20 frameworks. Formed security ops team to manage all security controls, monitoring, analysis and response. Platforms include the company's SIEM, network perimeter, anti-virus/malware, Cloud security (SaaS and IaaS), Data Classification, DLP, identity and access management, SAML SSO, patch management (SCCM), PKI, VPN, and multi-factor authentication (MFA).

2016 : 2018

Beckman Coulter

Senior Manager, Global Information Security
Company: Cytiva
Years of Experience: 27

Skills

Access Control, Business Analysis, Business Continuity Planning, California Consumer Privacy Act (CCPA), CISSP, Cloud Computing, Cloud Security, Cybersecurity, Data Analysis, Disaster Recovery, Encryption, Enterprise Architecture, Enterprise Risk Management, Enterprise Software, Executive Leadership, General Data Protection Regulation (GDPR), Governance, HITRUST, Identity, Identity & Access Management (IAM), Identity Management, Identity Theft, Information Security, Information Security Management, information technology, Integration, ISO 27001, IT Risk Management, leadership, Management, Master Data Management, Network Administration, Network Security, NIST 800-53, Payment Card Industry Data Security Standard (PCI DSS), PCI DSS, PKI, Project Coordination, Project Management, Risk Assessment, Security Architecture Design, Security Audits, Security Incident Response, SIEM, Start-ups, Technical Support, Two-factor Authentication, Vulnerability Assessment, Vulnerability Management, Antivirus, Smart Cards, VPN, System Deployment, Enterprise Risk, Business Continuity, Security Incident, Two-factor, Security Architecture

About

Accomplished and passionate leader with 20+ years’ experience in the information security and privacy field. Skilled at providing business value in heavily regulated industries. Solid track record as strategic leader of information security programs and establishing strong security posture through awareness and collaborative partnership with IT and the business. Skilled at effectively leading crisis management in response to advanced and persistent threats, data breaches, and fraud to both corporate and customer targets. Comprehensive knowledge of the PCI-DSS, SOx, GDPR, NYDFS, HIPAA/HITRUST, CCPA regulatory landscapes. Strong leadership and management skills with proven ability to balance customer relationships, business strategy and risk management.



Noteworthy Accomplishments

• Increased maturity of security program by 20% YOY as measured against NIST CSF standards;

• Led crisis management team in all aspects of response to and recovery from nation-state threat actor.

• Effectively led strategy to move an at-risk organization to achieve regulatory certification within 12 months



What drives me: I am passionate about bringing corporate security out of the darkness, building the right InfoSec for each organization, and delivering actual business value.