Daniel Johnson, CISSP
Education:
Bachelor of Business Administration (B.B.A.)
Business Management
Loyola University Maryland
2008 : 2012
Katholieke Universiteit Leuven
2010 : 2011
Bishop George Ahr High School
2004 : 2008
Experience:
2022 : Present
PTC
Cybersecurity Risk Manager
2021 : 2022
PTC
Senior Risk Specialist
Served as security officer responsible for security and compliance throughout the organization. Directed the company to its first SOC2 Type 2 attestation (unqualified) and HIPAA compliance. Established, enforced, and updated all security policies and procedures. Conducted internal audits and led regular security, compliance, and risk assessment reviews with with management from across all functions. Developed and conducted security and HIPAA training. Guided the implementation of a new Disaster Recovery site and plan to ensure client RPO and RTO objectives can be met. Completed client and third party questionnaires in support of proposal efforts and client requests. Conducted vendor assessments for all third party services used. Directed incident response efforts. Managed vulnerability scanning and penetration testing efforts and associated corrective action plans.
2020 : 2021
Torchlight
Information Security and Compliance Specialist
6+ years in information system security auditing and consulting of multiple government systems. Test, evaluate, and report security measures in compliance with federal and DOL requirements. Manage security team under the DOL EFAST2 support services contract. Lead on-site and virtual FISMA audits as a third-party independent assessor. Conduct more than 15 FISMA audits of the EFAST2 system. Well-versed in FISMA, FedRAMP, DOL and SSA security requirements, and NIST, including 800 series, FIPS, and RMF. Conduct internal audits of multiple government systems for Mathematica projects. Experience with RMF and authorization package preparation successfully achieving multiple ATOs for various systems. Create, update, QA, and evaluate security documentation including System Security Plans and Procedures, Security and Risk Assessment Reports, Use Agreements, Contingency and Audit Plans. Conduct and analyze monthly vulnerability scans. Create and manage Plans of Action and Milestones to remediate system vulnerabilities and assessment findings in coordination with IT and project staff. Consult on best practices for information security governance, risk management, and compliance. Successfully led the security team in supporting EBSA in migration to and authorization to operate in AWS. Review SOC2/3 reports for external vendors. Provide decision support and requirements analysis for proposals. Managed installation of high availability servers working with senior management. Served as deputy director of operations for $50 million project leading operations for multiple content teams and managing junior staff.
2013 : 2020
Mathematica Policy Research
Security Analyst (Data Compliance & Audit)
-Planned and established the fee billing system and billing processes to improve efficiency
-Executed the implementation of a secure online vaulting system allowing clients to access reports and other information securely
-Established a connection between portfolio management system and client vaults to simplify reporting process
-Created and assigned trading models in Advisor Workstation according to established criteria and reconciled portfolio models accross separate SQL based Applications
-Constructed and implemented database queries in a SQL based CRM system
-Prepared portfolio statements and reports advisor meetings with clients
2012 : 2013
Waterstone Wealth Advisors LLC
Data Analyst
Company: PTC
Years of Experience: 12