John Barchie
Verified Expert in Engineering
Security Software Developer
Fernley, NV, United States
Toptal member since November 2, 2022
As a senior security manager and consultant, John established, implemented, or audited information security in over 150 institutions. As a certified and practicing trusted advisor with a background in cybersecurity and network engineering, John assists companies in optimizing the benefits of information security programs. Specializing in governance, risk, and compliance, John informs organizations how to evaluate, monitor, and direct information security risk.
Portfolio
Experience
- Compliance - 20 years
- Executive Reporting - 20 years
- Business Continuity & Disaster Recovery (BCDR) - 20 years
- Audits - 20 years
- Boards - 20 years
- Networking - 20 years
- Security Management - 20 years
- Governance - 20 years
Availability
Preferred Environment
SOC 2, NIST, Security Audits, Security Management, Cybersecurity
The most amazing...
...things I've done are helping NASA Ames Research Center improve their in-house SIEM and helping Visa get ready for their first FFIEC audit.
Work Experience
Principal | Owner
Barchie Consulting
- Built out and educated security teams for small, medium, and large companies.
- Facilitated an understanding with executive and senior management of their responsibilities in their new regulatory environments on rent-a-CISO engagements.
- Chartered information security programs, including budgeting and team building.
- Performed radio and newspaper interviews and created articles and other policy positions concerning the regulatory environment surrounding cybersecurity, GDPR, NIST, ISO 27000 series, FFIEC, and FedRAMP.
- Utilized new measurement techniques for cybersecurity risk, establishing likelihood and impact for risk register events, resulting in the identification of critical projects and creation of a board-level report to present to the board of directors.
- Prepared the cybersecurity risk assessment for FDA pre-market entry of Glooko cloud-based medical device software. Worked with development teams to analyze vectors of potential attacks and enumerate the controls necessary to mitigate risk.
- Acted as a trusted advisor working with various state and Fortune 500 organizations to provide board reports, establish GRC functions, perform security assessments, and act on behalf of the organizations in the CISO or DPO role.
- Prepared organizations for HIPAA and GDPR compliance, established risk management frameworks, created secure software development lifecycles, and integrated cybersecurity into normal business functions.
- Provided direction on incident response, risk assessment, legal obligations for international regulations, and information security consulting.
- Conducted external and internal penetration tests, wrote deliverable reports, and presented them to the CIO and his team.
GRC Director
Hearst - Information Security Office
- Provided stability to a department affected by key leadership changes.
- Built out the quarterly and yearly roadmap to meet Hearst's current and future goals.
- Analyzed ways to make governance, risk, and compliance (GRC) a billable chargeback service.
- Established the risk management framework utilizing the Lynx risk management tool.
Director and Global Head of Information Security Compliance
8x8
- Developed a global compliance program (FISMA, SOC 2, HIPAA, PCI DSS, GDPR, and ISO) that met regulatory and legal obligations.
- Attended sales calls and helped knock down cybersecurity-related objections, resulting in an increase in the monthly recurring revenue for 8x8 services.
- Reviewed over 200 vendor and customer contracts to ensure the cybersecurity obligations could be met by the organization.
- Expanded the cybersecurity compliance program to Singapore and the UK.
- Established the cybersecurity risk register for the organization and ensured it was integrated into the enterprise risk management program.
Vice President of Cybersecurity West Coast
Tech Mahindra
- Established a cybersecurity product line for Tech Mahindra in Silicon Valley.
- Developed training programs and scripts for sales teams to sell cybersecurity products.
- Established or enhanced information security programs in some of the world's largest and most interesting healthcare, manufacturing, financial, and high-tech companies.
- Worked with startups to empower their vision of the next generation of cybersecurity tools and integrate them into the Tech Mahindra managed security service platform.
Experience
SOC 2 Type II Audits
Establish Aggregation Network for U.C. Berkeley
University of the Pacific
Education
Associate Degree in Computer Science
San Jose City College - San Jose, CA, USA
Coursework Toward Bachelor's Degree in Biology
San Jose State University - San Jose, CA, USA
Certifications
Certified in Risk and Information Systems Control (CRISC)
ISACA
Certified Information Security Manager (CISM)
ISACA
Certified Information Systems Security Professional (CISSP)
(ISC)2
Certified Network Engineer (CNE) | Continuing Education Units (over 120)
Novell
Skills
Paradigms
HIPAA Compliance, Security Software Development, DevSecOps
Industry Expertise
Cybersecurity, Network Security
Platforms
Amazon Web Services (AWS)
Languages
Python
Other
Networking, Risk, SOC Compliance, PCI Compliance, Management Reporting, Boards, Business Continuity & Disaster Recovery (BCDR), Audits, Security Management, Security Engineering, Network Operation Centers (NOC), Risk Management, Risk Reporting, Risk Management Framework (RMF), Information Security, Compliance, Governance, Direction, Monitoring, Evaluation, ISO 27001, GDPR, HITRUST Common Security Framework (CSF), Network Architecture, Security, PCI DSS, HITRUST Certification, IT Security, Security Architecture, Risk Assessment, Vulnerability Assessment, Threat Modeling, GAP Analysis, Solution Architecture, Communication, Executive Reporting, Architecture, NIST, Firewalls, Security Assessment, Reporting, CISO, SOC 2, ISO 27002, Security Audits, GRC, Web Security, Computer Security, Tech Sales, Identity & Access Management (IAM), System-on-a-Chip (SoC), SOX, Risk Response, FedRAMP, Software Architecture, Security Testing, Assets, Operations, Programming, Computer Architecture, Zero Trust, Cloud Architecture, IT Management, PCI, Leadership, Network Engineering, Single Sign-on (SSO)
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring