David Pocrnic
Information Security Officer at Tulip Retail- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
-
English Native or bilingual proficiency
-
Croatian Limited working proficiency
-
French Elementary proficiency
Topline Score
Bio
William Browett
I worked with David over a 15 year period, including managing David's work over the last 9 years of his time at GSK. In this latter period we provided laboratory automation and information technology implementation, validation, and support services to GSK Preclinical Development both locally in Canada, and the global organization, in Europe and North America. David applied his experience as a scientist to his role as an IT Compliance Analyst. This breadth of experience combined: a strong customer focus; commitment to best practices; excellent organizational skills; and project management leadership to deliver useable and useful systems that have met the critical business needs and regulatory expectations. David embraced information technology best practices by integrating tools, practices, and team management to create multisite systems. He had the support and respect of staff and colleagues for his focus on customer service, knowledge scientific processes and systems, and his collaborative contributions to the department's goals.
Thomas Murray
David has tremendous IT knowledge and industrial experience that make him an outstanding asset.
William Browett
I worked with David over a 15 year period, including managing David's work over the last 9 years of his time at GSK. In this latter period we provided laboratory automation and information technology implementation, validation, and support services to GSK Preclinical Development both locally in Canada, and the global organization, in Europe and North America. David applied his experience as a scientist to his role as an IT Compliance Analyst. This breadth of experience combined: a strong customer focus; commitment to best practices; excellent organizational skills; and project management leadership to deliver useable and useful systems that have met the critical business needs and regulatory expectations. David embraced information technology best practices by integrating tools, practices, and team management to create multisite systems. He had the support and respect of staff and colleagues for his focus on customer service, knowledge scientific processes and systems, and his collaborative contributions to the department's goals.
Thomas Murray
David has tremendous IT knowledge and industrial experience that make him an outstanding asset.
William Browett
I worked with David over a 15 year period, including managing David's work over the last 9 years of his time at GSK. In this latter period we provided laboratory automation and information technology implementation, validation, and support services to GSK Preclinical Development both locally in Canada, and the global organization, in Europe and North America. David applied his experience as a scientist to his role as an IT Compliance Analyst. This breadth of experience combined: a strong customer focus; commitment to best practices; excellent organizational skills; and project management leadership to deliver useable and useful systems that have met the critical business needs and regulatory expectations. David embraced information technology best practices by integrating tools, practices, and team management to create multisite systems. He had the support and respect of staff and colleagues for his focus on customer service, knowledge scientific processes and systems, and his collaborative contributions to the department's goals.
Thomas Murray
David has tremendous IT knowledge and industrial experience that make him an outstanding asset.
William Browett
I worked with David over a 15 year period, including managing David's work over the last 9 years of his time at GSK. In this latter period we provided laboratory automation and information technology implementation, validation, and support services to GSK Preclinical Development both locally in Canada, and the global organization, in Europe and North America. David applied his experience as a scientist to his role as an IT Compliance Analyst. This breadth of experience combined: a strong customer focus; commitment to best practices; excellent organizational skills; and project management leadership to deliver useable and useful systems that have met the critical business needs and regulatory expectations. David embraced information technology best practices by integrating tools, practices, and team management to create multisite systems. He had the support and respect of staff and colleagues for his focus on customer service, knowledge scientific processes and systems, and his collaborative contributions to the department's goals.
Thomas Murray
David has tremendous IT knowledge and industrial experience that make him an outstanding asset.
Credentials
-
Certified Information Systems Security Professional (CISSP)
(ISC)²Jul, 2018- Nov, 2024 -
Business Analysis Certificate
University of Toronto School of Continuing StudiesMay, 2012- Nov, 2024 -
CISSP
(ISC)²Jul, 2018- Nov, 2024 -
Certified Information Security Manager® (CISM)
ISACADec, 2017- Nov, 2024 -
ITIL Foundation
Pink Elephant
Experience
-
Tulip
-
Canada
-
IT Services and IT Consulting
-
100 - 200 Employee
-
Information Security Officer
-
Jun 2019 - Present
Responsible for security policy and procedure development, maintenance, and implementation Create and manage the Security Awareness training program and ensure compliance targets are achieved Lead compliance effort to ensure Tulip successfully obtains a SAQ-D annually and to obtain an initial SOC 2 Type 2 report Leverage Rapid 7 Insight VM to perform internal vulnerability scans and CoalFire for external ASV scans to meet PCI-DSS requirements. Perform Dynamic Application Security Testing (DAST) using BurpSuite Monitor and review alerts from LogRhythm and take appropriate action to address the alerts Utlilize JIRA and AzureDevOps for issue tracking and story boards and Confluence for documentation Provide subject matter expertise when responding to client security questionnaires. Familiar with AWS and GCP platforms and maintain network diagrams for Tulip solutions hosted in AWS and GCP. Responsible for executing the annual Maturity Threat Assessment based on the CIS Top 20 Controls and OWASP SAMM Provide guidance on the Enterprise Risk Management process Manage the Third Party Risk Management process Show less
-
-
-
Davnic Compliance Solutions Inc.
-
Burlington Ontario
-
Independent IT Security and Compliance Consultant
-
Jan 2018 - Feb 2022
Working with clients to help them develop and implement an information security program and achieve desired industry certifications. Experience with ISO 27001/27002, NIST, PCI-DSS, SOX, HITRUST, and SOC2. Working with clients to help them develop and implement an information security program and achieve desired industry certifications. Experience with ISO 27001/27002, NIST, PCI-DSS, SOX, HITRUST, and SOC2.
-
-
-
TAB
-
United States
-
Retail Office Equipment
-
200 - 300 Employee
-
Independent Information Security and Compliance Consultant
-
Jan 2018 - Feb 2019
•Performed an audit of the current security posture of the organization and worked with the Chief Security Officer to develops TAB’s Information Security Strategy and Information Security Program. •Led the creation, development and implementation of Information Security Policies and Procedures to establish a structured and repeatable approach to Information Security to meet client and regulatory requirements. •Implemented formal processes Change Control, Information Security Incident Response, Vendor Management, Mobile Devices, IT Security Policy Exception, Risk Management, Business Continuity, IT Disaster Recovery, and Logical and Physical Security. •Prepared the organization to successfully pass a vendor audit by a major US financial institution. •Developed the 2019 Business Continuity Planning/Disaster Recovery Planning testing and Information Security Incident Response testing •Prepared TAB to obtain a SOC 2 Type 2 Report and HITRUST certification. Show less
-
-
-
Mapi Group: Health Research & Commercialization
-
France
-
Pharmaceutical Manufacturing
-
1 - 100 Employee
-
IT Security and Compliance Specialist
-
Nov 2015 - Oct 2017
•Developed and implemented the Information Security Program based on ISO 27001/27002 by authoring policies, procedures, and work instructions and collaborated with key stakeholders to implementing these policies throughout the organization. •Developed policies and procedures to ensure compliance with HIPAA and PIPEDA requirements •Coordinated vulnerability and penetration testing and the annual Disaster Recovery/Business Continuity testing. •Executed 3rd party vendor IT security assessments and audits using industry standards and prepared audits reports detailing results of the audit and provided recommendations for remediation and performed follow up review of corrective actions plans. •Acted the IT point of contact for client audits and developed remediation plans to address audit observations. •Ensured compliance to ITIL processes by managing the Change Control program and chairing the weekly Change Advisory Board (CAB) meetings. •Managed the computer validation program by developing Validation Plans, URS/FRS, IQ/OQ/PQ tests, Validation Reports, and Traceability Matrices to meet regulatory requirements and support data integrity. Show less
-
-
-
Tim Hortons
-
Canada
-
Food and Beverage Services
-
700 & Above Employee
-
Senior Analyst, IT Audit, Compliance, and Change Control
-
Jan 2013 - Oct 2015
•Championed the change management process by implementing a streamlined change management process, training staff on the change management process, chairing the Change Advisory Board (CAB) meetings, and ensuring compliance to the change management program by reviewing weekly and monthly metrics. •Executed SOX IT Controls testing related to IT Security, change management, data backup and recovery, and systems development lifecycle (SDLC) and presented reports to senior management and external auditors on a quarterly basis. •Fostered a security awareness organization by developing policies, procedures, and training on Information Security and monitored compliance by reviewing the training completion rate on a weekly basis. •Worked with key internal stakeholders to develop business process maps for Asset Management, Incident Management, Problem Management, and Change Management in order to leverage these process maps in the selection of a solution that would achieve efficiencies in these processes. •Coordinated functional and user acceptance testing for SAP upgrade to ensure controls and functionality has been maintained and to meet internal and external audit requirements. •Good understanding of SAP FI, SD, and MM modules as well as SAP transports and transactions codes. •Developed the Disaster Recovery Plan and coordinated annual disaster recovery testing. •Executed risk assessments associated with the internal, external, and PCI environments, prepared reports and remediation plans to senior management and implemented measures to reduce risk to an acceptable level. Show less
-
-
-
Apotex Pharmachem Inc.
-
Pharmaceutical Manufacturing
-
300 - 400 Employee
-
QA Computer Validation Specialist
-
Oct 2011 - Jan 2013
Worked with senior management to implement an IT Quality and Computer System Validation (CSV) program to ensure compliance with regulatory requirements and reduce or eliminate observations from audit from government agencies such as Health Canada for the Food and Drug Administration (FDA). Provided QA support for the change management process for GxP systems Provided Computer System Validation (CSV) expertise during Health Canada and FDA audits. Worked with senior management to implement an IT Quality and Computer System Validation (CSV) program to ensure compliance with regulatory requirements and reduce or eliminate observations from audit from government agencies such as Health Canada for the Food and Drug Administration (FDA). Provided QA support for the change management process for GxP systems Provided Computer System Validation (CSV) expertise during Health Canada and FDA audits.
-
-
-
Valeant Pharmaceuticals
-
United States
-
Pharmaceutical Manufacturing
-
700 & Above Employee
-
IT Computer Validation Manager
-
Jul 2010 - Oct 2011
Responsible for ensuring and maintaining compliance of all regulated systems at the corporate and manufacturing sites. •Lead the integration of policies and standard operating procedures from the legacy Biovail and Valeant organizations •Guided staff in developing requirements documents, validation protocols, and user acceptance test cases •Mentored manufacturing, laboratory and IT staff on computer validation and responsible for one (1) direct report •Collaborated with Corporate IT to manage and improve the change control process for SOX and GxP systems •Executed audits to ensure compliance with internal procedures and regulatory requirements was being achieved. •Performed vendor audits to ensure vendors were developing software solutions using an established software development lifecycle and to ensure the solutions supported the confidentiality, integrity, and availability of data. Show less
-
-
-
GSK
-
United Kingdom
-
Pharmaceutical Manufacturing
-
700 & Above Employee
-
Principal IT Compliance Analyst
-
Jan 1996 - Jul 2010
Led a cross functional and multi-national team that implemented a complex laboratory IT system Directed the implementation of harmonized best practices across global sites Worked with key stakeholders to develop business requirements Developed project plans and test plans to ensure the timely delivery of the laboratory IT system Coordinated and administered user acceptance testing Developed computer based training modules in preparation for the deployment of the new laboratory IT system across multiple sites Developed and delivered external training on computer validation Prepared validation documentation and standard operating procedures for computerized systems. Managed and coordinated local site activities during the implementation of different global software application. Provided administrative support for mission critical software application and ensured these systems met regulatory requirements. Implemented a Year 2000 strategy for mission critical business systems Collaborated with an external vendor to improve the functionality of the vendor's application Managed the lifecycle of laboratory equipment. Performed scientific testing on drug products Developed an excellent knowledge of scientific software Produced data to support the delivery of new products to the market Supervised a summer student Show less
-
-
Education
-
2002 - 2006
University of Waterloo
MMSc, Management of Technology -
1989 - 1995
University of Waterloo
Hons BSC, Applied Chemistry -
Sheridan College
Computer Programming
Community
