John Herttna is a distinguished Information Security and Compliance Executive with over 25 years of experience architecting and leading enterprise-wide security, risk management, and compliance programs. As Manager of Governance, Risk, and Compliance/Cybersecurity at MRI Software, John leads initiatives for a global technology company with 4,500 employees and 180+ products across multiple international markets. 

John has established himself as a strategic compliance leader by transforming regulatory requirements into business enablers that create competitive advantages. He currently oversees a comprehensive compliance program encompassing 18 SOC 1, 3 SOC 2, 7 ISO 27001 certifications, Cyber Essentials, and PCI-DSS compliance across a diverse product portfolio. His innovative approach to consolidating compliance frameworks has delivered significant cost efficiencies while maintaining rigorous standards. 

Prior to his current role, John served as an IT Security Program Manager for Eagle Alliance, a National Security Agency contractor, where he maintained full scope & Poly TS/SCI clearance while directing cross-functional engineering teams in global security system deployments. As a core member of NSA's Information Security Incident Response Team, he managed critical threat response and mitigation efforts. 

John's career foundation includes technical operations and infrastructure management at the United Way of Greater Cleveland, where he led security enhancement initiatives and system optimization projects. During his academic years, he gained valuable experience through various technical support and administrative positions that complemented his studies. 

John holds a Bachelor of Arts in International Studies, Political Science and Government from Towson University, where he graduated with a 3.87 GPA. His education also includes specialized training from the Department of Defense Cyber Investigations Training Academy. 

Throughout his career, John has demonstrated exceptional ability to balance strategic vision with tactical execution, developing enterprise-wide risk management frameworks while ensuring alignment with business objectives. His expertise spans incident response leadership, data privacy protection, third-party risk management, and cross-functional team leadership.