Dec 2022 – Feb 2024 · 1 yr 2 mos · Toronto, Ontario, Canada · Hybrid

• Directed the implementation of the AI Governance, Risk, and Compliance Program.
• Documented Policies, Procedures, and Standards, and Collected Records for certification.

Jul 2021 – Oct 2022 · 1 yr 3 mos · Philadelphia, USA · Remote

• Orchestrated the adoption of ISO/IEC 27001 ISMS, SOC 2, CMMC certification to achieve customer requirements and new revenue opportunities
• Documented Policies, AI Procedures, and Standards, and Collected Records for certification.

Jul 2020 – May 2025 · 4 yrs 10 mos · United States · Remote

• Partnered with customers to establish Incident Response and Crisis Management to meet regulatory and customer requirements.
• Documented Policies, Procedures, and Standards, and Collected Records for certification.
• Orchestrated the adoption of SOC 2, BCDR, ISO/IEC 27001, and ISO 22301 certifications for US Customers to meet new goals for revenue, risk management, and business continuity.

Jun 2019 – Present · 6 yrs 11 mos

• CEO of Bernard Institute and Senior Program Manager leading multi-million dollar cybersecurity, privacy, and quantum encryption workstreams with global impact.

Feb 2019 – Sep 2021 · 2 yrs 7 mos · Hyannis, Massachusetts, United States

• Orchestrated the adoption of ISO/IEC 27001 ISMS in compliance with IBM and SAP requirements, leading to new revenue opportunities.
• Documented Policies, Procedures, and Standards, and Collected Records for certification.
• Directed the ISO/IEC 27001 ISMS program, satisfying compliance with customer requirements.

Jul 2017 – Jul 2019 · 2 yrs · Greater Toronto Area, Canada · On-site

• • Guided the entire RFP process, publishing, evaluating, and onboarding of a new IPS vendor to replace the retired IPS and enhance the new IPS with decryption capabilities to control risks.

Aug 2016 – Feb 2017 · 6 mos · Halifax, Canada Area · On-site

• • Supervised a team of 130 Cybersecurity professionals and five programs for Morgan Stanley, meeting the service delivery requirements while expanding on Fortune 50 capabilities.

Oct 2015 – Aug 2016 · 10 mos · Bethesda, Maryland, United States · Hybrid

• Orchestrated the adoption and certification of ISO/IEC 27001 ISMS, ISO 9001, and ISO 22301.
• Documented Policies, Procedures, and Standards, and Collected Records for certification.
• Directed the documentation of the PMO Methodology to satisfy customer requirements.

Apr 2015 – Oct 2015 · 6 mos · Victoria, British Columbia, Canada · On-site

• • Orchestrated the threat risk assessment of 19,000 clinicians, 130 facilities, and 30,000 assets in preparation for the migration of the legacy health information system to Cerner Millennium.

Feb 2010 – Apr 2015 · 5 yrs 2 mos · Minneapolis, Minnesota, United States · Hybrid

• Orchestrated the adoption and certification of ISO/IEC 27001 ISMS, ISO 9001, and ISO 22301.
• Documented Policies, Procedures, and Standards, and Collected Records for certification.

Sep 2008 – Feb 2010 · 1 yr 5 mos · Victoria, British Columbia, Canada. · On-site

• Orchestrated the adoption and certification of ISO/IEC 27001 ISMS, and ISO 20000 /ITIL to address 80 cybersecurity audit findings made by the BC Auditor General.
• Documented Policies, Procedures, and Standards, and Collected Records for certification.
• Directed the NRFP process, publishing, evaluating, and onboarding of a new Oracle eBiz Suite vendor to replace the vendor, reducing operational costs by $16 million.

Feb 2007 – Sep 2008 · 1 yr 7 mos · Vancouver, British Columbia, Canada. · Hybrid

• Orchestrated the adoption and certification of ISO/IEC 27001 ISMS, to address 40 cybersecurity audit findings made by a client audit that led to a new $5 million contract.
• Guided the integration of ISO/IEC 27001 ISMS into trade service and wholesale services.
• Documented Policies, Procedures, and Standards, and Collected Records for certification.
• Directed the privacy and security program for a $302 million annual operation.

Oct 2005 – Feb 2007 · 1 yr 4 mos · Victoria, British Columbia, Canada. · On-site

• Orchestrated the privacy and security program for a $30 million annual operation.
• Directed the strategy to migrate citizens' private data from the government to a private company.
• Guided the privacy and security workstream during contract negotiations.
• Documented Policies, Procedures, and Standards, and Collected Records for certification.

Dec 2002 – Oct 2005 · 2 yrs 10 mos · International · Hybrid

• Responsibilities: As the Senior Cybersecurity Consultant and Project Manager I am currently leading projects designed to help my clients improve the effectiveness and efficiency of their existing programs. I led the development of business plans including strategic, tactical, and annual budgeting. I develop contact lists and meet regularly with clients. I develop media contacts and press releases establishing TechSecure as the regional experts within our profession.
• Projects:
• Provided Mid Range Expertise for Global Red Team against US Financial businesses
• Led SOX /SAS 70 Audit Finding Resolution for US Bank
• Led ISO 27001 Policy, Procedure, Standards for Major US Telecom
• Led Security Awareness Program for Major Transportation System
• Led Business Continuity project for US Telecom
• Led SOX and SOC 1, 2, and 3 Audits for US Financial Services company

Apr 1997 – Jul 2000 · 3 yrs 3 mos · International

• Responsibilities: As the Senior Cybersecurity Consultant and Project Manager I am currently leading projects designed to help my clients improve the effectiveness and efficiency of their existing programs. During my work I meet with clients and provide expert advice on matters concerning compliance with US and Canadian legislation, EDI and IT Audit. I led projects conducting assessments such as Threat-Risk Assessments, Reassurance Assessments, GAP Analysis and assist my clients in adopting best practices to mitigate risks to information assets and systems resources.
• Projects:
• Led onboard EDI Trading Partners for Manufacturing and Supply Chain
• Red Team Penetration Testing for Global Technology company
• Led Application Audit of Banking Wealth Management Systems
• Led Application Audit of Telecommunications Systems
• Sprint Canada Y2K Application Audit
• Seneca College Professor of Applied Arts 3rd year Diploma Systems Engineering Course
• Taro Pharmaceutical - ISO 9001 re-cert following ERP/BPCS centralization and hardware upgrade

Jul 2000 – Dec 2002 · 2 yrs 5 mos · Florenceville, New Brunswick, Canada

• Responsibilities: As the Information Security Specialist I led the Information Security Business Unit (ISBU). I developed strategic, tactical and annual business plans in alignment with organizational business goals and objectives. I led the ISBU during the development and implementation of a multidimensional information security program.
• Projects:
• Led Global Security Program and adoption of ISO 17799 in 16 countries
• Security Policy project
• Organization of Information Security project
• Asset Management project
• Human Resources project
• Physical & Environmental Security project
• Communications & Operations Security project
• Access Control project
• Information Systems, Acquisition, development and maintenance project
• Information Security Incident Management project
• Business Continuity Management project
• Compliance project

Jun 2000 – Dec 2000 · 6 mos · Don Mills Campus

• OPS350 Offered Summer 2000 Title Introduction to AS400 (IBM System "i") Connectivity by Professor Mark E.S. Bernard
• 1. CODE: OPS350 OFFERED: SUMMER 2000 TITLE: INTRODUCTION TO AS/400 CONNECTIVITY SUBJECT DESCRIPTION:This subject will provide an introduction to the AS/400 architecture and user interface. Topics include 5250 emulation; IBMs PC support and Client Acess /400; file transfers between an AS/400 and a PC and file transfers between two AS/400s; the ability to use PC printers as AS/400 printers; storing PC data with shared folders and the integrated file system; file and database serving; CL commands; Working with Jobs; Device configuration; AS/400 security;backup and recovery; release updates and applying PTFs; and system maintenance and monitoring performance.
• CREDIT STATUS: 1 Credit for CNS & CTY Diploma Program
• PREREQUISITES: OPS240
• SPECIFIC OUTCOMES: Upon successful completion of this subject, the student will be ableto:
• Link; http://www.slideshare.net/markb677/code-ops350-offered-summer-2000-title-introduction-to-as400-connectivity-professor-mark-e-s-bernard

Nov 1995 – Apr 1997 · 1 yr 5 mos · Mississauga, Ontario, Canada

• Responsibilities: As the Information Technology Consultant I meet with clients and provide expert advice on matters concerning compliance with US and Canadian legislation, EDI and IT Audit. I led projects conducting assessments such as Threat-Risk Assessments, Reassurance Assessments, GAP Analysis and assist my clients in adopting best practices to mitigate risks to information assets and systems resources.
• Projects:
• As the Programmer Analyst II / Application Specialist I managed the development and implementation of a project integrating JBA ERP systems with EDI ANSI X12 and EDIFACT standard transactions.
• This included the implementation of Advanced Shipment Notices (ASN) utilizing the MH10 label thermal label process and Symbol handheld scanners.
• Leading into this project I initiated a Request for Proposal (RFP) from which I created a Capital Expense Request (CER) for senior management’s endorsement.
• A key to the success of this project was working with Sears Canada and Wall-Mart in establishing EDI trading partner relationships.

Feb 1989 – Sep 1995 · 6 yrs 7 mos · Toronto, Ontario, Canada

• Responsibilities: As the HRIS Manager I administered the systems and network supporting the in-house payroll system and Human Resource systems including planning and budgeting. I collaborated with HR Business Units, Finance Department, Internal, Corporate and External Audit teams to establish best practices while mitigating risks
• Projects:
• Infrastructure Upgrade and migration from S36 to AS400
• Mergers of two largest Ins HR databases
• Design and develop custom Applicant Tracking
• Design and develop custom Skills Inventory
• Canadian Savings Bonds annual program
• Cost of Living annual program