James Baker, Developer in Ludlow, VT, United States
James is available for hire
Hire James

James Baker

Verified Expert  in Engineering

Security Architect and Developer

Location
Ludlow, VT, United States
Toptal Member Since
September 21, 2022

James is an information security consultant with 25 years of professional experience in IT, specifically in the cybersecurity industry. His start with technology was in high school with early BASIC programming classes with a path to a degree in management information systems. James specializes in cloud security frameworks and security architecture.

Portfolio

Hearst - Information Security Office
Risk Management, Security Architecture, Vulnerability Assessment, Architecture...
PerkinElmer
Cloud Security, Threat Modeling, Security, Audits, Amazon Web Services (AWS)...

Experience

Availability

Full-time

Preferred Environment

Cloud Security, Cloudflare, ISO 27001

The most amazing...

...thing I've built as a cloud security architect is a Tier 4 data center hosting a community cloud in a former high school.

Work Experience

Director of Compliance

2022 - 2024
Hearst - Information Security Office
  • Managed the PCI self-assessment of Hearst and 42 subsidiaries, including interviews, assessment document collection, and remediation of findings that may put Hearst at risk of non-compliance. The assessment produced 7 self-assessment questionnaires.
  • Assisted in operationalizing the cloud-native application protection platform Wiz.io to strengthen cloud security and compliance of Hearst and its subsidiaries.
  • Provided cross-functional support to Hearst security team members regarding security operations, risk reduction, review of customers' statements of work for security compliance requirements, and validation that Hearst could meet those requirements.
Technologies: Risk Management, Security Architecture, Vulnerability Assessment, Architecture, IT Security, HIPAA Compliance, NIST, PCI, SOC 2, Security, Audits, Risk Assessment, GRC, Security Audits, PCI DSS, Security Management, IT Project Management, Compliance, Insurance, Cybersecurity, AWS Well-Architected Framework, HITRUST Certification, Code Review, Source Code Review

Director of Cloud Security

2019 - 2022
PerkinElmer
  • Built a cloud security framework and architecture roadmap, which resulted in implementing a more secure CI/CD pipeline that includes application security testing, threat detection, and improved vulnerability management.
  • Navigated a complex landscape of the country and state-specific privacy requirements for a global organization that includes GDPR, CCPA, third-party risk assessments, and contract reviews.
  • Devolved a zero trust strategy based on the new remote workforce, data protection requirements, and the growing use of SaaS providers.
Technologies: Cloud Security, Threat Modeling, Security, Audits, Amazon Web Services (AWS), Azure, OpenVPN, Bitdefender, Risk Assessment, AWS Cloud Security, GRC, IT Security, Risk Management, Security Audits, Data Privacy, GDPR, California Consumer Privacy Act (CCPA), PCI DSS, Security Management, IT Project Management, Compliance, Insurance, Vulnerability Assessment, Cybersecurity, AWS Well-Architected Framework, HITRUST Certification, Code Review, Source Code Review

Building a Data Center

I acted as the cloud security architect working on an $11 million project with six other IT-related architects for the Commonwealth of Massachusetts. We turned a high school that closed in 1987 into a Tier 4 data center hosting a community cloud for executive secretariats to use. The project involved building security for cloud infrastructure and networks and meeting regulatory requirements for the Massachusetts Department of Revenue, Department of Health and Human Services, and Department of Unemployment Assistance.
2017 - 2018

Certificate in Risk Management and Insurance

Harvard University - Cambridge, MA, USA

2001 - 2005

Bachelor's Degree in Information Systems

Northeastern University - Boston, MA, USA

MARCH 2019 - MARCH 2025

CCSP

ISC2

JANUARY 2012 - JANUARY 2025

ISSAP

ISC2

JUNE 2009 - JUNE 2025

CISM

ISACA

AUGUST 2007 - AUGUST 2025

CISSP

ISC2

Tools

GCP Security, OpenVPN

Frameworks

AWS Well-Architected Framework

Platforms

Amazon Web Services (AWS), Azure

Industry Expertise

Cybersecurity

Paradigms

HIPAA Compliance

Languages

Python

Other

Cloud Security, Security Architecture, CISO, PCI DSS, Governance, Data Protection, Security, AWS Cloud Security, IT Security, Threat Modeling, Vulnerability Assessment, SOC 2, Audits, ISO 27001, Risk Assessment, GRC, Security Audits, Security Management, IT Project Management, Compliance, HITRUST Certification, Data Privacy, GDPR, California Consumer Privacy Act (CCPA), Web App Security, Secure Coding, Bitdefender, Insurance, Code Review, Source Code Review, Risk, Risk Management, Architecture, NIST, PCI, Cloudflare

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring