Joe Donohue

Builder of proactive information security programs / Speaker / Good natured scold

Maplewood, NJ, United States

Details

Education: BA

English, history

Rutgers University

1997

Experience: I take a risk based approach to securing an organization's information assets and in the process enable clients to meet contractual and regulatory requirements. I emphasize fostering a strong security culture where personnel at all levels understand their particular role in securing their organization's data. I see simplicity as a virtue and recognize the value of coherent, sensible processes and describing risks in easy to understand language. At Nettitude there's a true passion for securing information. Our goal isn't merely to get you over the line to meet a compliance requirement but rather to put in the extra effort to reduce overall risk. Simply put, we do what we do, because it's the right thing to do.

2019 : Present

Nettitude Group

Senior Information Security Consultant

Key Responsibilities

• Assess client risks, then identify existing frameworks best suited for particular industries.

• Craft custom frameworks that leverage best practices of various frameworks and standards tailored to client's particular risk profile.

• Design and implement regulatory compliance and risk management programs.

• Craft remediation strategies that prioritizes high risk gaps to get most bang for the buck.

• Introduce process enhancements to drive towards continuous improvement.

2017 : 2019

ZeroDayLab Ltd.

Sr. GRC Consultant - North America

Leader Governance Risk Compliance (GRC) Solution :

• Researched GRC vendors, identified the best provider for the agency's needs and budget.

• Drove the global implementation supporting 3 distinct companies (Grey, GHG and Cohn & Wolfe).

• Exceeded delivery totals of self-assessments for all prior years within 6 months of project initiation.

• Achieved 100% global on-time delivery of control self-assessments in 2016 during time of massive IT transformation.

• Introduced vendor risk management program via the GRC.

2010 : 2017

Grey Global Group

IT Compliance Coordinator-North America

Built SOX compliance program from ground up by researching regulatory requirements and crafting policies and procedures that enabled the IT department to comply with SOX while supporting the agency's strategic vision.

2005 : 2009

Grey Group

Senior Technical Writer

Authored online help for technical specialists and lay audiences.

Wrote a broad range of web copy for high profile AT&T websites (both internal and public facing sites).

1999 : 2004

AT&T

Technical Writer

Company: Nettitude Group

Years of Experience: 37

Skills Advertising, Business Analysis, Compliance, Compliance Management Systems, Consulting, Content Management, Contractual Agreements, Cyber Threat Hunting (CTH), Information Technology, Internal Controls, IT Audit, Leadership, Legal Compliance, Management, Microsoft Office, Process Improvement, Program Management, Project Management, Risk Assessment, RoboHelp, Sarbanes-Oxley Act, SOX Compliancy, Technical Writing, Threat & Vulnerability Management

About Seasoned risk manager. GRC driver. Designer of vendor risk management and regulatory compliance programs that are global in-scope for clients in an array of industries from communications and digital marketing to defense contracting, maritime (cargo, cruise lines and ferry services), and public transportation.

A quick study who achieves results under tight time constraints. Easy going personality translates into ability to build strong, productive relationships with a wide range of technical experts in high pressure roles (If you're reading between the lines...yes, I'm saying I'm good at getting along with difficult people).

I enjoy public speaking and delivering engaging presentations to explain cyber risk management principles in an accessible, fun manner to drive adoption of good practices. So, please let me know if you'd like to discuss what I can do for your organization.

Specialties: NIST 800-171, ISO 27001, SIG 3rd Party Assessments

CISSP, CISA