Profiles search
John Hartmann
Director of Information Security, CISSP
Washington D.C., DC, United States
Details
Experience:
2021 : Present
WilmerHale
Director of Information Security
2016 : 2021
Arent Fox
Director of Information Security
Senior Information Security Officer for the Office of the Secretary of Health and Human Services reporting to the Deputy Chief Information Security Officer on all matters related to the information security of systems and the initiatives of the agencies security program. Serves as a primary point of contact for governance risk and compliance. Acts as a steward of information security practices and policies while fostering an environment of communication and collaboration with organizational entities, intergovernmental teams, working groups, and direct support of IT security strategic and tactical initiatives. Implements and administers programs to protect the information resources of the agency by assuring compliance with Risk Management Framework, Federal legislation, FISMA, NIST standards, executive orders, directives of the Office of Management and Budget.
- Leads a large group of System Owners and Information Security Officers in the completion of IT Security related task and the security authorization process.
- Accounts for tracking and reporting the risk profile of a large number of information systems and actively driving the mitigation of threats and vulnerabilities though customer communication and system security team management.
- Serves as the representative the office of the HHS Chief Information Security Officer liaison and the Enterprise Information System Security Manager for IT Projects and CTO initiatives that span the operating divisions of the Department.
- Maintains an IT Systems FISMA inventory of over 100 systems, security compliance, Plan of Action and Milestone Management with risk mitigation progress tracking and reporting systems raising the Office of the Secretary’s security authorization compliance from a 68% to 92%.
- Serves as the lead liaison and POC for all IG requests, reviews and audits of organizational IT Security systems.
2010 : 2016
United States Department of Health and Human Services
Information Systems Security Manager
Project leader in the Office of Cyber Security, Certification Program Office responsible for the development and operation of department-wide IT systems testing and certification programs. Insured independent verification and validation of security control assessments and accurate reporting of risks and vulnerabilities in IT inventory management tools.
Responsible for the management of special projects related to certification and accreditation with team members, customers and contract staff, to help VA achieve the goals of the Federal Information Security Management Act.
- Managed certification testing as Ex Officio/Certification Agent for the department and evaluated the findings of all assessments to determine risk profiles and the effectiveness of IT security control implementations.
- Provided oversight for all VA security programs. Prepared and presented recommendation for program and policy changes for the department level security control assessments and security control selections to the Deputy CISO and other senior information security officials.
- Ensured that enterprise security policies, procedures and standards were in compliance with regulatory requirements and legislated mandates governing information security.
- Prepared statements of work, independent government cost estimates and cost benefit analyses and other documentation necessary for the procurement of IT and telecommunication equipment, goods and services.
2010 : 2010
United States Department of Veterans Affairs
IT Specialist (INFOSEC); Assistant Project Leader – Certification Program Office
Specialist of information security in the Offices of Cyber Security identifying, developing, and recommending information protection and risk management solutions for the VA enterprise. Reported directly to the CISO/ADAS of Information Protection and Risk Management. Provided support on technical security matters to CIO, DAS, CISO, ISO’s, engineering, enterprise architecture, system administrators, software developers and other personnel involved in the implementation of security technologies and IS systems.
- Investigated sources of Federal security requirements and best practices including, existing policy, guidelines, standards, legislation, mandates and advised leadership in the development and maintenance of departmental policy as it relates to cyber security, information protection, privacy and risk management.
- Represented OCS and communicated management’s interests to VA stakeholders, OIT customers, staff members, external elements, and identified specific project goals and objectives to determine the effort, resources, and methodology necessary to complete the project.
2009 : 2010
United States Department of Veterans Affairs
IT Specialist (INFOSEC); Aide to the Chief Information Security Officer - Office of Cyber Security
WilmerHale
Director of Information Security
2016 : 2021
Arent Fox
Director of Information Security
Senior Information Security Officer for the Office of the Secretary of Health and Human Services reporting to the Deputy Chief Information Security Officer on all matters related to the information security of systems and the initiatives of the agencies security program. Serves as a primary point of contact for governance risk and compliance. Acts as a steward of information security practices and policies while fostering an environment of communication and collaboration with organizational entities, intergovernmental teams, working groups, and direct support of IT security strategic and tactical initiatives. Implements and administers programs to protect the information resources of the agency by assuring compliance with Risk Management Framework, Federal legislation, FISMA, NIST standards, executive orders, directives of the Office of Management and Budget.
- Leads a large group of System Owners and Information Security Officers in the completion of IT Security related task and the security authorization process.
- Accounts for tracking and reporting the risk profile of a large number of information systems and actively driving the mitigation of threats and vulnerabilities though customer communication and system security team management.
- Serves as the representative the office of the HHS Chief Information Security Officer liaison and the Enterprise Information System Security Manager for IT Projects and CTO initiatives that span the operating divisions of the Department.
- Maintains an IT Systems FISMA inventory of over 100 systems, security compliance, Plan of Action and Milestone Management with risk mitigation progress tracking and reporting systems raising the Office of the Secretary’s security authorization compliance from a 68% to 92%.
- Serves as the lead liaison and POC for all IG requests, reviews and audits of organizational IT Security systems.
2010 : 2016
United States Department of Health and Human Services
Information Systems Security Manager
Project leader in the Office of Cyber Security, Certification Program Office responsible for the development and operation of department-wide IT systems testing and certification programs. Insured independent verification and validation of security control assessments and accurate reporting of risks and vulnerabilities in IT inventory management tools.
Responsible for the management of special projects related to certification and accreditation with team members, customers and contract staff, to help VA achieve the goals of the Federal Information Security Management Act.
- Managed certification testing as Ex Officio/Certification Agent for the department and evaluated the findings of all assessments to determine risk profiles and the effectiveness of IT security control implementations.
- Provided oversight for all VA security programs. Prepared and presented recommendation for program and policy changes for the department level security control assessments and security control selections to the Deputy CISO and other senior information security officials.
- Ensured that enterprise security policies, procedures and standards were in compliance with regulatory requirements and legislated mandates governing information security.
- Prepared statements of work, independent government cost estimates and cost benefit analyses and other documentation necessary for the procurement of IT and telecommunication equipment, goods and services.
2010 : 2010
United States Department of Veterans Affairs
IT Specialist (INFOSEC); Assistant Project Leader – Certification Program Office
Specialist of information security in the Offices of Cyber Security identifying, developing, and recommending information protection and risk management solutions for the VA enterprise. Reported directly to the CISO/ADAS of Information Protection and Risk Management. Provided support on technical security matters to CIO, DAS, CISO, ISO’s, engineering, enterprise architecture, system administrators, software developers and other personnel involved in the implementation of security technologies and IS systems.
- Investigated sources of Federal security requirements and best practices including, existing policy, guidelines, standards, legislation, mandates and advised leadership in the development and maintenance of departmental policy as it relates to cyber security, information protection, privacy and risk management.
- Represented OCS and communicated management’s interests to VA stakeholders, OIT customers, staff members, external elements, and identified specific project goals and objectives to determine the effort, resources, and methodology necessary to complete the project.
2009 : 2010
United States Department of Veterans Affairs
IT Specialist (INFOSEC); Aide to the Chief Information Security Officer - Office of Cyber Security
Company:
WilmerHale
About
Develops and executes tactical and strategic plans, policies, and governance programs for cyber security, information assurance and risk management. Plans and manages the execution of IT solutions which protect the confidentiality, integrity and availability of technology and information systems which significantly reduce the IT risk profile of large organizations. Identifies and utilizes emerging technologies and industry best practices to provide comprehensive policy and governance models to support compliance with information security, privacy and assurance requirements.
Profile Photo
