Andy Butler Email & Phone Number

Charlotte, North Carolina, US

• Providing security consulting and training on security infrastructure and architecture with small- to medium-sized companies.
• Secure storage architecture and configuration.
• Website and database encryption, data security, DLP.
• Security standards based on NIST, CIS.

Brentford, Middlesex, GB

• Led a team of Data Security Architects with responsibility for establishing GSK strategy for Data Security, including requirements for data encryption in transit and at rest, Data Loss Prevention (DLP), and Removable.
• Led creation of new Data Security Standard and complete rewrite of Cryptography Standard.
• Managed implementation of enterprise key management system and database encryption service.
• Designed enterprise “crown jewels” assessment methodology based on CIA (confidentiality, integrity, availability) security triangle that enables CISO to have tiered rankings of all enterprise key assets.
• Global Employee Recognition Gold Award. July 2022, for improvements in the Removable Media Exception process.
• Global Employee Recognition Gold Award. August 2021, leadership in the Removable Media Exception process.

Brentford, Middlesex, GB

• Led Database Encryption pilot and contract negotiations, which allowed GSK to implement its first-ever database encryption.
• Authored GSK’s first Security Architecture Principles, which provided developers with security goals for their applications.
• Created Operational Technology Risk Matrix employed by OT Program Board to prioritize strategic initiatives.
• Global Employee Recognition Gold Award. December 2020, for establishing new Data Security Architecture team.
• Global Employee Recognition Silver Award. November 2019, for leading Data Loss Prevention efforts.

Brentford, Middlesex, GB

• IT Security consultation on supplier assessments and contract negotiations involving high impact information handling, assurance visits of high impact suppliers post- contract to assure contract compliance and to.
• Global support of contracts in North America, Europe, India, Asia, Africa, and South America.
• Led Information Security Assessment for the corporate external-facing web hosting service hosted by Amazon and monitored by Rackspace, recommending critical security architecture changes that saved over $200K.
• Assessed the company’s three strategic Contract Research Organization (CRO) partners, driving key improvements in security of patient data.
• IT Silver Recognition Award. April 2017, for key contributions to the 2020 Internet Hosting migration project.

Brentford, Middlesex, GB

• Third party security assessment, quality assurance for GxP validated and non-validated project documentation; risk management; audit preparation, response; and continuity planning for R&D IT.
• Provided third party security and privacy assessment on over 230 engagements from 2013 through mid-2015.
• Planned onsite audits at third party suppliers for IT security and privacy, coordinating with multiple QA groups.
• Managed three direct reports with accountability for quality, risk, and compliance on over 60 concurrent IT projects. My team was awarded several individual awards for their contributions on successful projects.

Brentford, Middlesex, GB

• Established the strategy for risk management and continuity planning in R&D IT.
• Established the R&D IT Risk Management framework, recruiting risk managers and implementing risk registries for eight de-partments. Chartered R&D IT Risk Operations Board, escalation and review focal point for R&D IT.
• Led the R&D IT Project Safeguard, which significantly enhanced protection of R&D’s most important information assets. Di-rected more than 30 application support teams in developing remediation plans.
• Led the R&D IT Web App Development Standards (WADS) Remediation Project, directing the remediation projects of more than 60 systems, development of training, and establishment of steady-state processes. Managed.

Brentford, Middlesex, GB

• Led all risk management, continuity planning, and license management activities for Molecular Discovery Research (MDR) IT.
• Line managed a risk consultant, gaining valuable experience in staff development.
• Established a business continuity plan for MDR IT, working with the VP, directors, management, and staff from across the de-partment to identify requirements and develop the plan.
• Established the R&D IT License Managers Forum to share information and processes across R&D IT.
• IT Silver ImpacT Award. December 2007, for leading decommissioning workstream that exceeded goal by £1M and champi-oned use of the Decommissioning Service in IT.

Ms, Computer Engineering

Bs, Computer Engineering

Education record

Education record