Mark E.S. Bernard, Trusted Advisor to BoD and Executive Team

Fractional Field CISO, Cybersecurity, AI /ML Program Manager, and Project Manager.

Bernard Institute for Cybersecurity Excellence LLC · Austin, Texas Metropolitan Area

Jun 2019 – Present(6 yrs 11 mos)

“I partner with Boards, CEOs, and Executives to turn compliance headaches into permanent solutions—and unlock new revenue.” Fractional CISO & Cybersecurity Program Lead | US/CAD Cross-Border Contractor (C2C).

Sr. Cybersecurity Advisor, vCISO, Program Architect

Fellsway Group, LLC · United States

Jul 2020 – May 2025(4 yrs 11 mos)

• Partnered with customers to establish Incident Response and Crisis Management to meet regulatory and customer requirements. • Documented Policies, Procedures, and Standards, and Collected Records for certification. • Orchestrated the adoption of SOC 2, BCDR, ISO/IEC 27001, and ISO 22301 certifications for US Customers to meet new goals for revenue, risk management, and business continuity.

Cybersecurity Program Leader, CISO, Program Architect, AI

GHGSAT · Quebec, Canada

Mar 2024 – Apr 2025(1 yr 2 mos)

• Directed the establishment of the Cybersecurity Governance Committee and chaired meetings. • Orchestrated the adoption of ISO/IEC 27001 ISMS, SOC 2, CMMC certification to achieve customer requirements and new revenue opportunities. • Documented Policies, Procedures, and Standards, and Collected Records for certification. • Supervised risk management and continual improvement, resulting in enhanced client trust.

GRC Manager, Sr. Cybersecurity Architect, CISO, AI

Surgical Safety Technologies Inc. · Toronto, Ontario, Canada

Dec 2022 – Feb 2024(1 yr 3 mos)

• Directed the implementation of the AI Governance, Risk, and Compliance Program. • Documented Policies, Procedures, and Standards, and Collected Records for certification.

Sr. Cybersecurity Advisor, vCISO, Program Architect, AI

TAM-C Solutions · Philadelphia, USA

Jul 2021 – Oct 2022(1 yr 4 mos)

• Orchestrated the adoption of ISO/IEC 27001 ISMS, SOC 2, CMMC certification to achieve customer requirements and new revenue opportunities • Documented Policies, AI Procedures, and Standards, and Collected Records for certification.

Sr. Cybersecurity Architect, vCISO, Syniti. Hyannis, USA

Syniti · Hyannis, Massachusetts, United States

Feb 2019 – Sep 2021(2 yrs 8 mos)

• Orchestrated the adoption of ISO/IEC 27001 ISMS in compliance with IBM and SAP requirements, leading to new revenue opportunities. • Documented Policies, Procedures, and Standards, and Collected Records for certification. • Directed the ISO/IEC 27001 ISMS program, satisfying compliance with customer requirements.

Sr. Cybersecurity RFP Project Manager, Toronto Public Library, Ontario, Canada

Toronto Public Library · Greater Toronto Area, Canada

Jul 2017 – Jul 2019(2 yrs 1 mo)

• Guided the entire RFP process, publishing, evaluating, and onboarding of a new IPS vendor to replace the retired IPS and enhance the new IPS with decryption capabilities to control risks.

Cybersecurity Program Director, Digital Cloud Services, NTT DATA Inc. NS, Canada

NTT DATA, Inc. · Halifax, Canada Area

Aug 2016 – Feb 2017(7 mos)

• Supervised a team of 130 Cybersecurity professionals and five programs for Morgan Stanley, meeting the service delivery requirements while expanding on Fortune 50 capabilities.

SAP HANA HEC Cybersecurity Compliance Manager, Virtustream, Washington, USA

Virtustream · Bethesda, Maryland, United States

Oct 2015 – Aug 2016(11 mos)

• Orchestrated the adoption and certification of ISO/IEC 27001 ISMS, ISO 9001, and ISO 22301. • Documented Policies, Procedures, and Standards, and Collected Records for certification. • Directed the documentation of the PMO Methodology to satisfy customer requirements.

IM/IT Cybersecurity Threat Risk Analyst, Regional Health Authority BC, Canada

Island Health - Vancouver Island Health Authority · Victoria, British Columbia, Canada

Apr 2015 – Oct 2015(7 mos)

• Orchestrated the threat risk assessment of 19,000 clinicians, 130 facilities, and 30,000 assets in preparation for the migration of the legacy health information system to Cerner Millennium.

ISO 27001 ISMS Cybersecurity Specialist, Orange Parachute, Minneapolis, USA

Orange Parachute · Minneapolis, Minnesota, United States

Feb 2010 – Apr 2015(5 yrs 3 mos)

• Orchestrated the adoption and certification of ISO/IEC 27001 ISMS, ISO 9001, and ISO 22301. • Documented Policies, Procedures, and Standards, and Collected Records for certification.

Manager, Compliance and Reporting and Director, Technology and Operations, BC Gov, BC, Canada

BC Government and Service Employees Union (BCGEU) · Victoria, British Columbia, Canada.

Sep 2008 – Feb 2010(1 yr 6 mos)

• Orchestrated the adoption and certification of ISO/IEC 27001 ISMS, and ISO 20000 /ITIL to address 80 cybersecurity audit findings made by the BC Auditor General. • Documented Policies, Procedures, and Standards, and Collected Records for certification. • Directed the NRFP process, publishing, evaluating, and onboarding of a new Oracle eBiz Suite vendor to replace the vendor, reducing operational costs by $16 million.

Privacy and Security Compliance Officer, Central 1 Credit Union, BC, Canada

Central 1 Credit Union · Vancouver, British Columbia, Canada.

Feb 2007 – Sep 2008(1 yr 8 mos)

• Orchestrated the adoption and certification of ISO/IEC 27001 ISMS, to address 40 cybersecurity audit findings made by a client audit that led to a new $5 million contract. • Guided the integration of ISO/IEC 27001 ISMS into trade service and wholesale services. • Documented Policies, Procedures, and Standards, and Collected Records for certification. • Directed the privacy and security program for a $302 million annual operation.

Privacy and Security Compliance Officer, EDS Advanced Solutions, BC, Canada

Advanced Solutions, An HP Company · Victoria, British Columbia, Canada.

Oct 2005 – Feb 2007(1 yr 5 mos)

• Orchestrated the privacy and security program for a $30 million annual operation. • Directed the strategy to migrate citizens' private data from the government to a private company. • Guided the privacy and security workstream during contract negotiations. • Documented Policies, Procedures, and Standards, and Collected Records for certification.

Cybersecurity Trusted Advisor and Management Consultant

Independent Contractor · International

Dec 2002 – Oct 2005(2 yrs 11 mos)

Responsibilities: As the Senior Cybersecurity Consultant and Project Manager I am currently leading projects designed to help my clients improve the effectiveness and efficiency of their existing programs. I led the development of business plans including strategic, tactical, and annual budgeting. I develop contact lists and meet regularly with clients. I develop media contacts and press releases establishing TechSecure as the regional experts within our profession. Projects: • Provided Mid Range Expertise for Global Red Team against US Financial businesses • Led SOX /SAS 70 Audit Finding Resolution for US Bank • Led ISO 27001 Policy, Procedure, Standards for Major US Telecom • Led Security Awareness Program for Major Transportation System • Led Business Continuity project for US Telecom • Led SOX and SOC 1, 2, and 3 Audits for US Financial Services company

Information Security Specialist

McCain Foods · Florenceville, New Brunswick, Canada

Jul 2000 – Dec 2002(2 yrs 6 mos)

Responsibilities: As the Information Security Specialist I led the Information Security Business Unit (ISBU). I developed strategic, tactical and annual business plans in alignment with organizational business goals and objectives. I led the ISBU during the development and implementation of a multidimensional information security program. Projects: • Led Global Security Program and adoption of ISO 17799 in 16 countries • Security Policy project • Organization of Information Security project • Asset Management project • Human Resources project • Physical & Environmental Security project • Communications & Operations Security project • Access Control project • Information Systems, Acquisition, development and maintenance project • Information Security Incident Management project • Business Continuity Management project • Compliance project

Professor of Systems Engineering

Seneca College · Don Mills Campus

Jun 2000 – Dec 2000(7 mos)

OPS350 Offered Summer 2000 Title Introduction to AS400 (IBM System "i") Connectivity by Professor Mark E.S. Bernard 1. CODE: OPS350 OFFERED: SUMMER 2000 TITLE: INTRODUCTION TO AS/400 CONNECTIVITY SUBJECT DESCRIPTION:This subject will provide an introduction to the AS/400 architecture and user interface. Topics include 5250 emulation; IBMs PC support and Client Acess /400; file transfers between an AS/400 and a PC and file transfers between two AS/400s; the ability to use PC printers as AS/400 printers; storing PC data with shared folders and the integrated file system; file and database serving; CL commands; Working with Jobs; Device configuration; AS/400 security;backup and recovery; release updates and applying PTFs; and system maintenance and monitoring performance. CREDIT STATUS: 1 Credit for CNS & CTY Diploma Program PREREQUISITES: OPS240 SPECIFIC OUTCOMES: Upon successful completion of this subject, the student will be ableto: Link; http://www.slideshare.net/markb677/code-ops350-offered-summer-2000-title-introduction-to-as400-connectivity-professor-mark-e-s-bernard

Cybersecurity Trusted Advisor and Management Consultant

Independent Contractor · Greater Toronto Area, Canada

Apr 1997 – Jul 2000(3 yrs 4 mos)

Responsibilities: As the Senior Cybersecurity Consultant and Project Manager I am currently leading projects designed to help my clients improve the effectiveness and efficiency of their existing programs. During my work I meet with clients and provide expert advice on matters concerning compliance with US and Canadian legislation, EDI and IT Audit. I led projects conducting assessments such as Threat-Risk Assessments, Reassurance Assessments, GAP Analysis and assist my clients in adopting best practices to mitigate risks to information assets and systems resources. Projects: • Led onboard EDI Trading Partners for Manufacturing and Supply Chain • Red Team Penetration Testing for Global Technology company • Led Application Audit of Banking Wealth Management Systems • Led Application Audit of Telecommunications Systems • Sprint Canada Y2K Application Audit • Seneca College Professor of Applied Arts 3rd year Diploma Systems Engineering Course • Taro Pharmaceutical - ISO 9001 re-cert following ERP/BPCS centralization and hardware upgrade

Programmer Analyst II / Application Specialist

Hanes Companies, Inc · Mississauga, Ontario, Canada

Nov 1995 – Apr 1997(1 yr 6 mos)

Responsibilities: As the Information Technology Consultant I meet with clients and provide expert advice on matters concerning compliance with US and Canadian legislation, EDI and IT Audit. I led projects conducting assessments such as Threat-Risk Assessments, Reassurance Assessments, GAP Analysis and assist my clients in adopting best practices to mitigate risks to information assets and systems resources. Projects: • As the Programmer Analyst II / Application Specialist I managed the development and implementation of a project integrating JBA ERP systems with EDI ANSI X12 and EDIFACT standard transactions. • This included the implementation of Advanced Shipment Notices (ASN) utilizing the MH10 label thermal label process and Symbol handheld scanners. • Leading into this project I initiated a Request for Proposal (RFP) from which I created a Capital Expense Request (CER) for senior management’s endorsement. • A key to the success of this project was working with Sears Canada and Wall-Mart in establishing EDI trading partner relationships.

HRIS Manager, AS400 Guru, CISO

Zurich Insurance Company Ltd · Toronto, Ontario, Canada

Feb 1989 – Sep 1995(6 yrs 8 mos)

Responsibilities: As the HRIS Manager I administered the systems and network supporting the in-house payroll system and Human Resource systems including planning and budgeting. I collaborated with HR Business Units, Finance Department, Internal, Corporate and External Audit teams to establish best practices while mitigating risks Projects: • Infrastructure Upgrade and migration from S36 to AS400 • Mergers of two largest Ins HR databases • Design and develop custom Applicant Tracking • Design and develop custom Skills Inventory • Canadian Savings Bonds annual program • Cost of Living annual program