Profiles search
Johannes Wiklund
Head of Information Security at Jotform | CCSP | PMP
McLean, VA, United States
Details
Experience:
As Head of Information Security, I am responsible for the strategy and implementation of the information security program that safeguards the data entrusted to Jotform, a San Francisco-based SaaS company focused on online forms & workflow automation with more than 15 million users.
I am currently implementing a roadmap of People, Process and Technology initiatives to take an existing fully-functional security program to the next level of maturity, across the domains of AppSec, Cloud Security, Data Security & Privacy, and Incident Response.
Successes include :
Product & Application Security : Launched a Secure-by-Design initiative that begins with a Product Risk Assessment that helps identify and reduce risk of new products early in the life cycle. I then introduced a Security Champions program which has upskilled developers to produce more secure code. To round it out, introduction of SAST tooling helped automate secure-coding reviews and provide realtime feedback to developers as they check in their code. Together these people, process and technology initiatives are helping Jotform roll out new features fast, in a secure manner.
Privacy and Compliance : Achieved SOC2 Type II compliance within 9 months showcasing our process maturity. I established a compliance team & function which improved the process of satisfying various security and privacy frameworks such as HIPAA, PCI-DSS, GDPR and CCPA. I am now partnering with our Enterprise Engineering and Biz Dev teams to architect a FedRAMP compliant environment for our government customers.
DFIR : Continuing to enhance processes and tooling for log collection, SIEM analytics, playbook development and IR training & tabletops to ensure faster detection and response to suspected security & data privacy incidents.
2021 : Present
Jotform
Head of Information Security
Head of IT/Security of this early-stage growth company, focused on architecting secure hybrid cloud infrastructure, revolutionizing Corporate IT, and operationalizing a risk-based Cyber Security program while supporting 300% growth over 6-year period.
Built a NIST-based Security Maturity program from the ground up that raised company maturity from 1.7 to 4.0 on COBIT scale over three-year period. Drove aggressive security architecture and tools roadmap, prioritizing Cloud Infrastructure Security, Application Security, Cyber Incident Response and 24x7 Security Operations.
Established Security Policy & conducted compliance audits against FISMA/FedRAMP’s NIST 800-53 standards and ISO 27002. Built risk assessment practice and conducted Third Party Risk Assessments on new and existing vendors as well as new in-house products.
Designed infrastructure security to support a flexible hybrid cloud environment consisting of 4 physical data centers integrated with scalable AWS cloud infrastructure, supporting pipeline growth from 5 to 22 products utilizing 1300 instances over 40 cloud accounts. Secured AWS multi-cloud by establishing centralized Identity and Access Management (IAM) program with Onelogin SSO that safeguarded one true identity, protected by multi-factor authentication while allowing authentication to distributed cloud resources.
Evolved company to a risk-based security program allowing for multi-tiered risk appetite which enabled business innovation while safeguarding established systems.
Presented semi-annual security strategy updates to Board of Directors
2015 : 2021
Somos, Inc.
Vice President, Information Technology & Cyber Security
Accountable for driving application and integration architecture direction for the entire Business Services unit, established end state architecture roadmap, performed technology evaluations, and replaced legacy systems with strategic sales, care and billing stack, allowing this $1bn business unit to grow to $4bn while keeping operational headcount flat.
•Implemented Salesforce.com as strategic front line application for sales and service delivery personnel, giving reps a single tool for all interactions with the customer and a solid platform to perform all delivery tasks, with integrations to back end systems.
•Architected a custom light-weight Customer Care solution based on a Widget Warehouse and integration platform reducing the number of tools a care agent needed to access in a typical day from 25 to 4.
2011 : 2015
Comcast Cable
Director, Enterprise Architecture
Technical Lead and Solution Architect for $20m e-commerce and self service web portal project based on ATG, Oracle E-Billing and Oracle SOA Suite, developed end-to-end architecture integrating commerce, care and billing functions.
With extensive travel to and work in Latin America, conducted meetings in Spanish and Portuguese to negotiate requirements with business and IT counterparts in 4 Latin American markets, mapped needs to eTom framework and harmonized to a single, global solution. Presented to stakeholders and achieved signoff on design.
Once requirements finalized, defined solution architecture for an e-commerce & e-care portal implementation integrating 5 independent software platforms with service bus approach. Oversaw vendor deliverables and performed technical oversight of of 70-member implementation team on fast moving project.
2010 : 2011
NII Holdings, Inc.
Sr. Solution Architect - Nextel International
Director - Application Support for Intercall business unit (Dec 2008 - Mar 2010)
• Oversaw Application Support Team with 35 staff responsible for Tier 1 & 2 troubleshooting, incident management and production change control for portfolio of 50+ software systems supporting conferencing, customer care, billing and reporting.
• Improved production change control and configuration management by implementing ITIL® processes and reconfiguring Service Desk tool, resulting in better tracking and visibility of production changes.
Director - Global Information Systems for Genesys business unit (Mar 2006 - Dec 2008)
Responsible for leading all corporate systems initiatives (ERP, CRM, Billing and Data Warehouse) in global telecom organization with 1000 employees in 21 countries. Managed team across three continents including building new cost-effective offshore development and support team in Shanghai.
• Spearheaded selection and implementation of Global Financial System including accounting, consolidation and budgeting. Identified vendors, performed evaluation, working directly with CFO. Rolled out in 90 days, reducing monthly close by 2 days.
• Drove lean implementation of Salesforce.com to improve efficiency for 600 users across Sales, Customer Care and Helpdesk domains.
2006 : 2010
West Corporation
Director - IT
I am currently implementing a roadmap of People, Process and Technology initiatives to take an existing fully-functional security program to the next level of maturity, across the domains of AppSec, Cloud Security, Data Security & Privacy, and Incident Response.
Successes include :
Product & Application Security : Launched a Secure-by-Design initiative that begins with a Product Risk Assessment that helps identify and reduce risk of new products early in the life cycle. I then introduced a Security Champions program which has upskilled developers to produce more secure code. To round it out, introduction of SAST tooling helped automate secure-coding reviews and provide realtime feedback to developers as they check in their code. Together these people, process and technology initiatives are helping Jotform roll out new features fast, in a secure manner.
Privacy and Compliance : Achieved SOC2 Type II compliance within 9 months showcasing our process maturity. I established a compliance team & function which improved the process of satisfying various security and privacy frameworks such as HIPAA, PCI-DSS, GDPR and CCPA. I am now partnering with our Enterprise Engineering and Biz Dev teams to architect a FedRAMP compliant environment for our government customers.
DFIR : Continuing to enhance processes and tooling for log collection, SIEM analytics, playbook development and IR training & tabletops to ensure faster detection and response to suspected security & data privacy incidents.
2021 : Present
Jotform
Head of Information Security
Head of IT/Security of this early-stage growth company, focused on architecting secure hybrid cloud infrastructure, revolutionizing Corporate IT, and operationalizing a risk-based Cyber Security program while supporting 300% growth over 6-year period.
Built a NIST-based Security Maturity program from the ground up that raised company maturity from 1.7 to 4.0 on COBIT scale over three-year period. Drove aggressive security architecture and tools roadmap, prioritizing Cloud Infrastructure Security, Application Security, Cyber Incident Response and 24x7 Security Operations.
Established Security Policy & conducted compliance audits against FISMA/FedRAMP’s NIST 800-53 standards and ISO 27002. Built risk assessment practice and conducted Third Party Risk Assessments on new and existing vendors as well as new in-house products.
Designed infrastructure security to support a flexible hybrid cloud environment consisting of 4 physical data centers integrated with scalable AWS cloud infrastructure, supporting pipeline growth from 5 to 22 products utilizing 1300 instances over 40 cloud accounts. Secured AWS multi-cloud by establishing centralized Identity and Access Management (IAM) program with Onelogin SSO that safeguarded one true identity, protected by multi-factor authentication while allowing authentication to distributed cloud resources.
Evolved company to a risk-based security program allowing for multi-tiered risk appetite which enabled business innovation while safeguarding established systems.
Presented semi-annual security strategy updates to Board of Directors
2015 : 2021
Somos, Inc.
Vice President, Information Technology & Cyber Security
Accountable for driving application and integration architecture direction for the entire Business Services unit, established end state architecture roadmap, performed technology evaluations, and replaced legacy systems with strategic sales, care and billing stack, allowing this $1bn business unit to grow to $4bn while keeping operational headcount flat.
•Implemented Salesforce.com as strategic front line application for sales and service delivery personnel, giving reps a single tool for all interactions with the customer and a solid platform to perform all delivery tasks, with integrations to back end systems.
•Architected a custom light-weight Customer Care solution based on a Widget Warehouse and integration platform reducing the number of tools a care agent needed to access in a typical day from 25 to 4.
2011 : 2015
Comcast Cable
Director, Enterprise Architecture
Technical Lead and Solution Architect for $20m e-commerce and self service web portal project based on ATG, Oracle E-Billing and Oracle SOA Suite, developed end-to-end architecture integrating commerce, care and billing functions.
With extensive travel to and work in Latin America, conducted meetings in Spanish and Portuguese to negotiate requirements with business and IT counterparts in 4 Latin American markets, mapped needs to eTom framework and harmonized to a single, global solution. Presented to stakeholders and achieved signoff on design.
Once requirements finalized, defined solution architecture for an e-commerce & e-care portal implementation integrating 5 independent software platforms with service bus approach. Oversaw vendor deliverables and performed technical oversight of of 70-member implementation team on fast moving project.
2010 : 2011
NII Holdings, Inc.
Sr. Solution Architect - Nextel International
Director - Application Support for Intercall business unit (Dec 2008 - Mar 2010)
• Oversaw Application Support Team with 35 staff responsible for Tier 1 & 2 troubleshooting, incident management and production change control for portfolio of 50+ software systems supporting conferencing, customer care, billing and reporting.
• Improved production change control and configuration management by implementing ITIL® processes and reconfiguring Service Desk tool, resulting in better tracking and visibility of production changes.
Director - Global Information Systems for Genesys business unit (Mar 2006 - Dec 2008)
Responsible for leading all corporate systems initiatives (ERP, CRM, Billing and Data Warehouse) in global telecom organization with 1000 employees in 21 countries. Managed team across three continents including building new cost-effective offshore development and support team in Shanghai.
• Spearheaded selection and implementation of Global Financial System including accounting, consolidation and budgeting. Identified vendors, performed evaluation, working directly with CFO. Rolled out in 90 days, reducing monthly close by 2 days.
• Drove lean implementation of Salesforce.com to improve efficiency for 600 users across Sales, Customer Care and Helpdesk domains.
2006 : 2010
West Corporation
Director - IT
Company:
Jotform
Spoken Language:
French, Spanish, Swedish
About
Information Security leader specializing in leveling up security programs for late-stage startups. Currently implementing AppSec, Cloud Security, Incident Response and Compliance functions for a fast-growing, global SaaS company with 15M monthly users.
Areas of Expertise:
- Security Policy | Risk Assessments | SOC2 | HIPAA | PCI | GDPR | Awareness Training
- Security Architecture | Security Operations & Tools | Incident Response | SIEM
- Cloud & Infrastructure Strategy | Cloud Security | AWS | GCP | Endpoint Security
- AppSec | Security Champions Program | Bug Bounty | Vulnerability Management
- Program Management | Strategy & Architecture | Board Presentations | Stakeholder Relationships
- Outsourcing | Off shoring | Global Teams
Profile Photo
