Daniel Johnson, CISSP

Education: Bachelor of Business Administration (B.B.A.)

Business Management

Loyola University Maryland

2008 : 2012

Katholieke Universiteit Leuven

2010 : 2011

Bishop George Ahr High School

2004 : 2008

Experience: 2022 : Present

PTC

Cybersecurity Risk Manager

2021 : 2022

PTC

Senior Risk Specialist

Served as security officer responsible for security and compliance throughout the organization. Directed the company to its first SOC2 Type 2 attestation (unqualified) and HIPAA compliance. Established, enforced, and updated all security policies and procedures. Conducted internal audits and led regular security, compliance, and risk assessment reviews with with management from across all functions. Developed and conducted security and HIPAA training. Guided the implementation of a new Disaster Recovery site and plan to ensure client RPO and RTO objectives can be met. Completed client and third party questionnaires in support of proposal efforts and client requests. Conducted vendor assessments for all third party services used. Directed incident response efforts. Managed vulnerability scanning and penetration testing efforts and associated corrective action plans.

2020 : 2021

Torchlight

Information Security and Compliance Specialist

6+ years in information system security auditing and consulting of multiple government systems. Test, evaluate, and report security measures in compliance with federal and DOL requirements. Manage security team under the DOL EFAST2 support services contract. Lead on-site and virtual FISMA audits as a third-party independent assessor. Conduct more than 15 FISMA audits of the EFAST2 system. Well-versed in FISMA, FedRAMP, DOL and SSA security requirements, and NIST, including 800 series, FIPS, and RMF. Conduct internal audits of multiple government systems for Mathematica projects. Experience with RMF and authorization package preparation successfully achieving multiple ATOs for various systems. Create, update, QA, and evaluate security documentation including System Security Plans and Procedures, Security and Risk Assessment Reports, Use Agreements, Contingency and Audit Plans. Conduct and analyze monthly vulnerability scans. Create and manage Plans of Action and Milestones to remediate system vulnerabilities and assessment findings in coordination with IT and project staff. Consult on best practices for information security governance, risk management, and compliance. Successfully led the security team in supporting EBSA in migration to and authorization to operate in AWS. Review SOC2/3 reports for external vendors. Provide decision support and requirements analysis for proposals. Managed installation of high availability servers working with senior management. Served as deputy director of operations for $50 million project leading operations for multiple content teams and managing junior staff.

2013 : 2020

Mathematica Policy Research

Security Analyst (Data Compliance & Audit)

-Planned and established the fee billing system and billing processes to improve efficiency

-Executed the implementation of a secure online vaulting system allowing clients to access reports and other information securely

-Established a connection between portfolio management system and client vaults to simplify reporting process

-Created and assigned trading models in Advisor Workstation according to established criteria and reconciled portfolio models accross separate SQL based Applications

-Constructed and implemented database queries in a SQL based CRM system

-Prepared portfolio statements and reports advisor meetings with clients

2012 : 2013

Waterstone Wealth Advisors LLC

Data Analyst

Company: PTC

Years of Experience: 12