Joe Donohue
Education:
BA
English, history
Rutgers University
1997
Experience:
I take a risk based approach to securing an organization's information assets and in the process enable clients to meet contractual and regulatory requirements. I emphasize fostering a strong security culture where personnel at all levels understand their particular role in securing their organization's data. I see simplicity as a virtue and recognize the value of coherent, sensible processes and describing risks in easy to understand language. At Nettitude there's a true passion for securing information. Our goal isn't merely to get you over the line to meet a compliance requirement but rather to put in the extra effort to reduce overall risk. Simply put, we do what we do, because it's the right thing to do.
2019 : Present
Nettitude Group
Senior Information Security Consultant
Key Responsibilities
• Assess client risks, then identify existing frameworks best suited for particular industries.
• Craft custom frameworks that leverage best practices of various frameworks and standards tailored to client's particular risk profile.
• Design and implement regulatory compliance and risk management programs.
• Craft remediation strategies that prioritizes high risk gaps to get most bang for the buck.
• Introduce process enhancements to drive towards continuous improvement.
2017 : 2019
ZeroDayLab Ltd.
Sr. GRC Consultant - North America
Leader Governance Risk Compliance (GRC) Solution :
• Researched GRC vendors, identified the best provider for the agency's needs and budget.
• Drove the global implementation supporting 3 distinct companies (Grey, GHG and Cohn & Wolfe).
• Exceeded delivery totals of self-assessments for all prior years within 6 months of project initiation.
• Achieved 100% global on-time delivery of control self-assessments in 2016 during time of massive IT transformation.
• Introduced vendor risk management program via the GRC.
2010 : 2017
Grey Global Group
IT Compliance Coordinator-North America
Built SOX compliance program from ground up by researching regulatory requirements and crafting policies and procedures that enabled the IT department to comply with SOX while supporting the agency's strategic vision.
2005 : 2009
Grey Group
Senior Technical Writer
Authored online help for technical specialists and lay audiences.
Wrote a broad range of web copy for high profile AT&T websites (both internal and public facing sites).
1999 : 2004
AT&T
Technical Writer
Company: Nettitude Group
Years of Experience: 37
A quick study who achieves results under tight time constraints. Easy going personality translates into ability to build strong, productive relationships with a wide range of technical experts in high pressure roles (If you're reading between the lines...yes, I'm saying I'm good at getting along with difficult people).
I enjoy public speaking and delivering engaging presentations to explain cyber risk management principles in an accessible, fun manner to drive adoption of good practices. So, please let me know if you'd like to discuss what I can do for your organization.
Specialties: NIST 800-171, ISO 27001, SIG 3rd Party Assessments
CISSP, CISA