Profiles search

Patty Ryan

Sr. Director, Chief Information Security Officer at QuidelOrtho
South Burlington, VT, United States

Details

Education: MBA (Exec)

Management

NYU Stern School of Business

1996 : 1998

BA

Economics

Columbia University

1985 : 1989
Experience: 2022 : Present

QuidelOrtho

Sr. Director, Chief Information Security Officer

2018 : 2022

Ortho Clinical Diagnostics

Sr. Director, Chief Information Security Officer

Transformed a passive, outsourced IT Security function into an internally staffed team of Information Security experts focused on protecting the confidential information entrusted to Fragomen. Scope included information security policy, information risk management, threat and vulnerability management, compliance, security monitoring and incident response. Also assumed responsibility for the Firm’s GDPR compliance program. Major accomplishments included :

• Revamped Fragomen’s Information Security policies, creating a cohesive framework, reflecting global Information Security and Data Privacy mandates as well as best practices.

• Created a Compliance structure which ensured timely reaction to over 200 client assessments, RFPs, audits as well as regulatory assessments (e.g. PCI, SOC2, ISO) annually.

• Deployed consistently and globally technical security controls such as vulnerability scanning and security monitoring.

• Designed and implemented an Information Risk Management program, quantifying risk across applications, third parties, IT infrastructure and operations.

• Organized and led a team of internal staff and specialized consultants to ensure the Firm’s compliance, focusing on key aspects such as consent, rights of the data subject, and security of processing.

2016 : 2018

Fragomen

Director, Data Protection

Responsible for security engineering and operational activities for information security technologies deployed globally. Developed and executed the strategy to move past ad-hoc security controls to the adoption of a multi-year roadmap for IT security technologies. This strategy aimed to reduce risk by influencing all aspects of architecture, engineering and operations. Major accomplishments include :

• Intrusion Detection/Prevention and Network Forensics capabilities in 30 countries globally.

• Client Access Protection, Anti-Virus/Anti-Malware and Hard Disk Encryption deployed across 150k end points globally.

• Design and implementation of a global SEIM, integrating server and network content to create the first unified view across the enterprise.• Development of a global governance model enabling alignment with business partners and vendors resulting in an annualized cost reduction of $1.5 million.

• Integration of the technology stack for the $20 billion acquisition of Synthes enabling one set of IT Security Controls.

• Developed and implement global incident response and security monitoring structure, leveraging internal and external resources.

• Represented J&J in industry groups, including the Cloud Security Alliance. Liaised with the NJ State Police to leverage and exchange information security best practices

2011 : 2015

Johnson & Johnson

Director, Information Security Engineering

Managed a staff of 30+ security professionals across the Americas responsible for the implementation and operational support of IT Security Controls.

• Built out and staffed two physical SOC locations allowing 24x7x365 security monitoring across the Americas.

• Designed and implemented security monitoring to incorporate all technology assets from an acquisition that increased the technology footprint by 400%.

• Deployed globally technology solutions to enable global configuration monitoring, vulnerability scanning, pen testing, digital forensics, and incident response

2008 : 2011

ING

USFS - Director, Information Security (acquired CitiStreet)
Company: QuidelOrtho
Years of Experience: 35

Skills

Business Analysis, Business Continuity, Business Intelligence, Business Process, Business Process Improvement, Change Management, CISSP, Cloud Computing, COBIT, Computer Security, Cross-functional Team Leadership, Disaster Recovery, Enterprise Architecture, Firewalls, Governance, Incident Management, Information Security, Information Security Management, Information Technology, Integration, ISO 27001, IT Audit, ITIL, IT Management, IT Operations, IT Service Management, IT Strategy, Network Security, PCI DSS, PMO, PMP, Process Improvement, Program Management, Project Management, Project Portfolio Management, Risk Management, Sarbanes-Oxley Act, SDLC, Security, Security Awareness, Security Management, SharePoint, Vendor Management, Visio, Vulnerability Management

About

Results-driven global Information Security professional with experience leading a broad range of corporate IT Security initiatives. 30+ years of experience with consistent focus on achieving efficient, effective and secure solutions tied closely to business and IT tactical and strategic goals. Extensive hands-on experience with a myriad of IT Security technologies and operational models, each structured to balance business needs with risk profile. Outstanding global leader, proven effective at managing and building high-performing integrated global teams.