| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name , MSc, MBA, CISM, CRISC, CDPSE, Assoc C CISOStreet Address
PHONE NUMBER AVAILABLE EMAIL AVAILABLEExecutive ProfileCyber security executive with 25+ years experience specializing in establishing and implementing mature cyber/information security programs. Proven ability to blend security, integrity and management while maintaining a business-first approach with executive management. Resolute and enthusiastic collaborator with excellent leadership and communication skills.EducationMaster of Science, Information Security (Class of 2009) Magna Cum LaudeConcentration in Governance, Risk Management and ComplianceUniversity of Fairfax, Vienna, VAMaster of Science, Business Administration (Class of 1990) Summa Cum LaudeBristol University, Bristol, TNBachelor of Science, Business Administration (Class of 1987)Tusculum College, Greenville, TNProfessional ExperienceDirector, Cyber SecurityCovenant Physician Partners, Nashville, TNMar. 2022 to May 2024As Cyber Security Director and reporting to the VP/Corporate Compliance Officer, my responsibilities involve securing the company network, systems, applications, and sensitive data. This involves collaborating with all departments within the company and managing third-party risk to company assets and plan any corrective actions necessary to remove or reduce risk to an acceptable level. My job extends to developing and implementing a secure framework and architecting a plan to execute the proper framework in support of company goals. In addition to all activities associated with protection and risk management, compliance is a major responsibility under my purview. Each quarter, I provide a status of the security program to the Internal Compliance Committee. HIPAA, CCPA, and PCI DSS are the major regulatory factors governing our operations. My responsibility is to ensure the company remains compliant with federal and state regulations by complying with NIST CSF, ISO/IEC 27001&27002, etc. To protect our efforts in securing our computing environment, negotiating, and procuring the Cyber insurance policy for the company falls under my purview.Cybersecurity and Compliance ConsultantItegriti, Client: Large Childrens Hospital, Remote Nashville, TNOct. 2021 to Mar. 2022Develop and implement cyber risk management strategy and posture related to regulatory compliance requirements, along with multiple cybersecurity and privacy frameworks.Manage project delivery and business development, along with mentoring and coaching others.Perform comprehensive risk assessments using regulatory compliance standards (e.g., NERC CIP, HIPAA, FedRAMP and PCI-DSS) and industry-accepted cybersecurity and privacy frameworks (e.g., NIST (RMF, CSF, 800-53 Rev 4, 800-171, IR-7628), ISO 2700x, FISMA and SOC 2) to help identify meaningful gaps, evaluate and prioritize risks, and develop mitigation action plans for remediation.Develop clear, legible, and actionable reports and PowerPoint presentations, delivering clear, concise content to technical and non-technical stakeholders at multiple organizational levels.Assist clients with designing, implementing, and testing security controls for effective measurement, monitoring, and reporting.Utilize industry leading practices for architecture and design to enhance robustness of security and compliance posture through industry across on-premises and cloud-hosted environments.Interface with vendors and support technical and non-technical client stakeholders, to drive widespread cybersecurity program adoption.Monitor upcoming security standards and in-flight changes during solution development to help anticipate future cyber needs.Advise clients on global, national and sector trends, collaborating with them to enhance cybersecurity and compliance capabilities, helping to mitigating risks.Security and Compliance Specialist and Advisor, (Consulting)Ascent, Client: Cancer Drug Research, Remote Nashville, TNMar. 2021 to Oct. 2021Collaborate with Senior Counsel and IT Security to develop and align privacy and security policies and standards with organizational and technical objectives of the client.Assist with response to and documentation of security incidents and remediation.Develop and implement a Security and Privacy Risk Management program focusing on HIPAA/PCI DSS/GDPR/CCPA/.Conduct privacy and security risk assessments, and determine risks associated with business activities related to data or privacy and recommend solutions as needed.Ensure that information security and data privacy requirements specified in agreements and contracts remain fulfilled.Execute and review completed Service Provider assessments and determine and advise on the risk associated with each vendor and their associated third-party processors.Maintain and revise data processing activities.Support and advise on security and privacy laws and regulations (i.e., GDPR, CCPA, HIPPA).Security and Compliance Advisor, (Consulting)DXC, Client: Healthcare Facility, Nashville, TNDec. 2020 to Mar. 2021Oversee the development and implementation of corporate-wide application security procedures in client environments to meet corporate and government regulations.Ensure application security procedures meet business requirements and protect sensitive data from unauthorized use, disclosure or modification, and damage or loss.Oversee the implementation of appropriate access controls to ensure restricted access to systems, data, and programs to authorized and trained users. Oversee the destruction of highly confidential information in accordance with policies and procedures.Develop and implement detailed security procedures. Oversee security administrator team to ensure compliance with client security procedures. Ensure compliance with program security requirements including personnel, physical and administrative security systems, and procedures.Serve as a subject matter expert concerning security procedures and audit compliance.Coordinate sensitive aspects of corporate security programs to ensure compliance with client, government and company security policies and procedures including verifying adherence to specific policies and ensuring policy compliance with government regulations.Provide leadership and work guidance to less experienced personnel.Develop, coordinate, and conduct security education programs to educate appropriate personnel about security systems and their importance.Investigate or oversee the investigation of losses and security violations and recommend corrective actions. Implement an approved course of action as appropriate. Provide summaries for senior management review.Research technological advancements to ensure that security solutions are continuously improved, supported and aligned with industry and company standards.National Manager/Sr. ISSM (Consulting)MAXIMUS, Nashville, TN Security Clearance: High Public TrustJuly 2019 to Dec. 2020Conduct regular site assessments of FISMA controls to support continuous monitoring.Perform computer security incident response activities for assigned site and coordinate with virtual security team to record and report incidents.Provide security expertise in FISMA, OMB, NIST and federal government requirements to support IT Security and Privacy compliance.Lead execution of ATO and POA&M activities at the site, developing all supporting documentation to demonstrate resolution.Support vulnerability management and respond to vulnerability reports for applicability at the site and performing remedial actions.Support implementation of physical and environmental as well as personnel security controls at the site.Support other assessment and authorization activities.Develop, implement, and lead incident response and investigations.Review Computer Security Plan and implement actions which accurately reflect the security protection measures for each unclassified information system.Implement site procedures for marking, handling, controlling, removing, transporting, sanitizing, reusing, and destroying media/equipment containing sensitive and unclassified information.Work with asset managers and facility security personnel to monitor changes in the unclassified system components, environment, and location, including temporary relocation to another unclassified area.Serve as an informational resource to users for all I.T. and physical security questions concerning site security.Perform security debriefing on behalf of Maximus.Information Security DirectorNumotion, Brentwood, TNDecember 2018 to July 2019Assessed information security program based on NIST Cyber Security standards.Developed a security roadmap designed to comply with HIPAA/HITECH and PCI DSS.Responsible for securing MS 365 during and following implementation.Implemented an internal vulnerability assessment program and remediation process.Established a process for reviewing current and future vendor associations.Leader of projects on third party risk assessments and remediation.Supplemented and implemented security policies and procedures.Implemented an internal Phishing Campaign with the goal of reducing the percentage of phishing incidents.Developed user provisioning to streamline user access, transfer and termination processes resulting in fewer errors and increasing ROI.Developing mature incident response plan and investigation processes.Development and testing for incident response, business continuity and disaster recovery programs allowing for more expedient and organized response.Accountable for contract and BAA review and approval.CISO & Privacy OfficerComprehensive Pain Specialists, Franklin, TNApril 2016 to April 2018Architected and implemented a mature enterprise security strategy and framework consisting of strategically integrated elements of NIST risk management and cyber security frameworks, SANS Critical Controls and ISO/IEC PHONE NUMBER AVAILABLE for Information Security and Privacy.Achieved 100% compliance with PCI DSS, HIPAA/HITECH, PII, Sarbanes-Oxley and GDPR.Established strong partnerships with business units, vendors, regulatory bodies, and law enforcement.Responsible for the secure transition to AWS and Azure cloud platforms.Key member of mergers and acquisitions (M&A) team charged with performing risk assessments and contributing to discussions regarding the risks associated with the M&A and providing recommendations as to reducing or eliminating identified risks.Dedicated time and effort into employee retention activities with a retention rate of 98% with departure from my lead occurring due to advancement in internal career opportunities.Sponsored internal and third-party risk assessments, remediation and SOC 1&2 reviews attaining 100% compliance with internal and external requirements.Developed and implemented security and privacy policies and procedures across the enterprise.Developed and implemented company-wide security and privacy education program achieving a 97% completion rate of employees and vendors, while reducing security events by 35%.Developed and implemented user provisioning to streamline user access, transfer and termination processes resulting in 75% less errors and saving $200k annually.Investigated and resolved 100% of security Hotline reports for registered violations of regulations and company policy.Established a process for reviewing and tracking vendor contracts and Business Associate Agreements, saving $1M in annual negotiations and renegotiations.Established and chaired the Executive Security/Privacy Committee for guidance and oversight of the security program.Led development and testing of incident response, business continuity and disaster recovery programs allowing for more expedient and organized response.Automated the monitoring of inappropriate access to medical records, creating immediate notification and savings of $750k in investigation activity.Information Security Director/CISOIASIS Healthcare, Franklin, TNMay 2005 to April 2016Architected and implemented a mature enterprise security strategy and framework consisting of strategically integrated elements of NIST risk management and cyber security frameworks, SANS Critical Controls and ISO/IEC PHONE NUMBER AVAILABLE for Information Security and Privacy.Prepared for requirements to meet certification.Achieved 100% compliance with PCI DSS, HIPAA/HITECH, PII, and Sarbanes-Oxley.Developed, implemented, and monitored the overall organizational strategic cyber security and privacy program.Coordinated efforts with IT operations to implement Data Loss Protection (DLP) for an 82% reduction in critical and confidential data loss.Served as central figure in the development and execution of the IT continuity and disaster recovery programs allowing for more expedient and structured response.Responsible for bi-annual security assessments of IASIS data centers and scrutinized according to SOC2 Type 2 requirements while ensuring a 100% remediation effort.Developed, communicated, and published security and privacy policies, standards, and procedures.Established and chaired the Executive Security/Privacy Committee for guidance and oversight of the security program.Key member of mergers and acquisitions team charged with performing risk assessments and contributing to discussions regarding the risks associated with the M&A and providing recommendations as to reducing or eliminating identified risks.Developed policies regarding security roles and responsibilities of personnel utilizing and maintaining computer resources, electronic communications, and Internet access in performance of their job duties.Dedicated time and effort into employee retention activities with a retention rate of 99% with departure from my lead occurring due to advancement in internal career opportunities.Continuous monitoring and auditing of SOX, PCI DSS and HIPAA/HITECH requirements for 100% compliance.Partnered with HR and Compliance to implement security training and phish testing software, resulting in a 60% decrease in incidents and 97% reduction in phishing susceptibility.Certifications/AffiliationsISACA:Certified Information Security Manager (CISM); Certified in Risk and Information Systems Control (CRISC); Certified Data Privacy Security Engineer (CDPSE)EC-CouncilAssociate Certified Chief Information Security Officer (Assoc. C CISO)Cyber Readiness InstituteCertified Cyber LeaderProofpointCertified Artificial Intelligence/Machine Learning (AI/ML) Specialist; Certified Ransomware Specialist; Certified Security Awareness Specialist; Certified Insider Threat Specialist; Certified Identity Threat Specialist; Certified Email Authentication Specialist; Certified in Cyber Security Readiness; Certified in Cyber Security Leadership; Certified Data Loss Prevention (DLP) SpecialistInfragard: Partnership between the FBI and the private sectorInformation Security Advisory Board for the Metropolitan Nashville and Davidson County Government: 2014 - 2015Community AssociationsThe Jason Foundation (Fighting teen suicide); St. Jude Childrens Research Hospital (Juvenile Cancer Treatment & Research); American Society for the Prevention of Cruelty to Animals (ASPCA) |
