John Mbuthia, M.Sc., CISSP, Developer in Hamilton, ON, Canada
John is available for hire
Hire John

John Mbuthia, M.Sc., CISSP

Verified Expert  in Engineering

vCISO and IT Developer

Location
Hamilton, ON, Canada
Toptal Member Since
February 13, 2023

John has 17+ years of experience managing all aspects of IT and cybersecurity for Fortune 500 organizations and small operations. His expertise includes risk mitigation through balanced processes and controls, BCM, GRC, IAM, security operations, third-party risk, social media brand protection, training and awareness, physical security controls, incident response table-top exercises, and vulnerability management. John has consistently created compliant environments safe from emerging threats.

CybersecurityInformation SecuritySecurityWindowsPythonCatalystSailPointGRCSystem SecurityCertified Information Systems Security Professional (CISSP)

Portfolio

Gore Mutual
Certified Information Systems Security Professional, CrowdStrike, AppGuard...
Coca-Cola Canada
SAP GRC, SAP Identity Management (IDM)
The Coca-Cola Company
Information Security, CISSP, Business Continuity Planning (BCP), Fusion...

Experience

Windows - 20 yearsCISSP - 17 yearsInformation Security - 16 yearsSAP Identity Management (IDM) - 12 yearsSAP GRC - 12 yearsCertified Information Systems Security Professional - 11 yearsBusiness Continuity Planning (BCP) - 10 years

Availability

Full-time

Preferred Environment

Windows

The most amazing...

...processes I've been involved in are standing up cybersecurity functions from the ground up, developing strategies and roadmaps, and maturing them.

Work Experience

Chief Information Security Officer

2022 - 2023
Gore Mutual
  • Established the cybersecurity function and staffed it from 3 to 17 employees.
  • Implemented NIST as the risk and control framework, setting an industry-recognized reference for the cybersecurity program.
  • Built a 24/7 all-year vSOC, ensuring efficient real-time identification of threats against the organization.
  • Advanced threat mitigation by introducing technologies like CrowdStrike, AppGuard, and Nexthop for quicker threat handling.
  • Modernized and improved the end-user awareness and education program and extended awareness sessions for executives, helping set the tone from the top and support the cybersecurity program.
  • Incorporated physical security into the enterprise security portfolio and performed assessments to establish gaps.
Technologies: Certified Information Systems Security Professional, CrowdStrike, AppGuard, ZeroFox, SailPoint, Business Continuity Planning (BCP), CISO

Chief Technology Officer

2017 - 2020
Coca-Cola Canada
  • Built IT infrastructure for the new company in preparation for its divestiture from the US parent organization.
  • Led and managed an infrastructure reengineering project to support a countrywide business transformation initiative consisting of 61 locations, 5.5 time zones, and 6,000+ employees, ensuring day-1 readiness of all systems.
  • Managed the implementation of the SAP ERP system as a new global solution.
  • Partnered with providers on a complete overhaul of communication infrastructure, ensuring 100% connectivity.
  • Established a data center in Canada and an Office 365 environment, supporting new business operations.
  • Created a new local IT organization and support structure consisting of ten associates and third-party providers.
Technologies: SAP GRC, SAP Identity Management (IDM)

Global Directior Information Security

2007 - 2017
The Coca-Cola Company
  • Held full P&L responsibility for 20 direct reports and a security budget of over $5 million.
  • Guided geographically diverse security teams locally and across 20 bottling operations in 19 countries.
  • Partnered with local bottler leadership to establish a sustainable IT security program for operations and plants.
  • Facilitated and oversaw security awareness training for all employees, contractors, and third parties, reducing the risk of phishing.
Technologies: Information Security, CISSP, Business Continuity Planning (BCP), Fusion, Catalyst, Cybersecurity, IT Security

Cybersecurity Strategy for a Canadian Medium-sized Financial Institution

RelyBank is a medium-sized federally-regulated financial institution based in Canada. During the last two years, the bank embarked on an ambitious transformational journey to position the organization amongst the top lenders in its category by 2025. This goal has involved an overhaul of the business model and the IT systems, most of which have been migrated to the cloud, while some legacy on-premise systems remain. As part of the transformation, RelyBank has developed and deployed a cutting-edge mobile banking solution that is bound to become a disrupter and accelerate the actualization of RelyBank's vision.

In this context, the leadership team has determined that an over-arching cybersecurity strategy is required, with digitization being at the forefront of the transformation and strict regulations such as Guidance B13 coming into play in 2024. The proposal will highlight the approach needed to implement this strategy.

Industry Expertise

Cybersecurity

Other

Certified Information Systems Security Professional, CISSP, CISO, IT Security, Information Security, AS400, SAP Identity Management (IDM), CrowdStrike, AppGuard, ZeroFox, Microsoft Defender Antivirus, Business Continuity Planning (BCP), Fusion, Security, vCISO, GRC

Languages

Python

Frameworks

Catalyst

Tools

SAP GRC, SailPoint

Platforms

Windows

2010 - 2011

Master's Degree in Information Security Management

University of Fairfax - Salem, VA, USA

AUGUST 2003 - PRESENT

Certified Information Systems Security Professional (CISSP)

(ISC)²

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring