As a Virtual Chief Information Security Officer (vCISO) and Senior Principal Consultant at Clearwater, I lead cybersecurity and HIPAA compliance initiatives for healthcare organizations. I develop and execute strategic, long-term cybersecurity programs working closely with hospital leadership to manage risk and ensure regulatory compliance. Leveraging Clearwater’s ClearAdvantage® and ClearConfidence® managed services, I provide expert guidance and thought leadership while helping clients safeguard their critical information assets. My role also involves mentoring teams, developing new solutions, and enhancing processes to deliver high-quality results for healthcare customers.

Leading and implementing the information security program for numerous healthcare entities, ensuring regulatory compliance, and managing security controls.Responsibilities • Managing enterprise-wide information security programs for hospitals, labs, foundations, and medical groups, including ensuring comprehensive HITRUST compliance while navigating HIPAA regulations daily.• Representing Information Security at executive leadership, governance, and Board committees, collaborating with CEOs to department managers and supervisors to address critical information security matters.• Evaluating, educating, and implementing security practices to meet policies and standards, assessing risk levels across the organization's infrastructure, and reporting variances.Successes• Decreasing risk by maintaining HIPAA & HITRUST compliance by resolving 50+ security incidents / potential security incidents in the last year. Reduced security vulnerabilities by 25% by implementing robust and penetration testing processes.• Creating secure, managed-care solutions to ensure data protection and privacy (integrity, confidentiality, and availability). Continually evaluating innovative technologies, e.g., securely leveraging artificial intelligence (AI) in healthcare.

Spearheaded the development of cloud-native security solutions for Azure-based SaaS platforms, ensuring real-time data protection. Implemented security sales enablement processes, empowering the sales team with security insights and toolsResponsibilities • Design and delivery of global security compliance initiatives and messaging to win multimillion-dollar contract bids and awards. Sales enablement via the RFP process and customer security negotiations.• Creation, implementation, and delivery of secure Azure-based SaaS cloud solutions for commercial and governmental entities.• Management of cross-functional cybersecurity teams and projects targeting defense and energy sectors.Successes • Achieved global compliance for NIST 800-53, NIST-171, ISO 27000, SOC 1, & SOC 2. Reduced organizational risk by an estimated 15% while aligning with enterprise risk management (ERM) requirements• Educated IFS security teams on the optimal strategy to achieve FedRAMP Moderate compliance. Created and drove IFS’ inaugural CMMC compliance initiative, which allowed IFS eligibility for future US Government bids.

Led distributed information security teams for a $2B US government contract, responsible for modernizing a nationwide Security Operations Center (SOC) and implementing cloud-native architectures involving multi-source data integrationResponsibilities • Modernization and operationalization of a global US Government SOC while also managing security monitoring, vulnerability assessments, incident response, forensics, PKI, and Information Security Officer teams.• Implementation of multiple cloud-native architectures, technologies, and solutions. Migration of 125 applications to AWS.• Delivery of services to hospitals and healthcare entities, targeting security policy compliance and medical device security while ensuring HIPAA compliance.Successes• Migrated 125 on-prem applications to the cloud (AWS), resulting in a cost saving of $300,000 annually.• Developed, marketed, and delivered healthcare-related professional services in the Southwest. Resulted in net client growth of $2.5M in revenue within 2 years.

Created and led the inaugural global information security function at World Vision. Primary point of contact and key decision maker for World Vision’s worldwide cybersecurity initiatives. Responsibilities • Design and formation of an award-winning information security program while establishing global vision, strategy, and capabilities. Targeted organizational design, process improvement, and establishing a ‘security-first’ culture. Heavy focus on secure software development lifecycle (SDLC) leveraging OWASP.• Creation and policy standardization in 125 countries of ISO and NIST-based security principles, policies, standards, and procedures. • Deployment of cloud-based security services to 125 countries/40,000 users. Decreased overall security spend by 20% while maximizing embedded capabilities. Yielded three-year comprehensive security strategy and roadmap.• Managed a security budget of $5M and led a team of 12 security professionals, focusing on strategic hires and staff development, resulting in a 15% increase in team efficiency.Successes• Created and drove the global adoption of an integrated identity and access management (IAM) solution for 40,000 users, allowing for seamless global communication and real-time data sharing.• Developed and implemented a globally adopted function and risk management framework that protected the organization resulting in savings of $3M per year.• Managed audit teams for PCI, ISO-27001, SOC1, SOC2 and GDPR compliance, resulting in global regulatory compliance year over year.• Selected and implemented a global security training and awareness program, decreasing phishing click rates from 15% to less than 4% in 18 months.

• Led national resources in the identification, pursuit, and delivery of information security professional services and solutions for national/international Fortune 100 organizations. • Developed teams with capabilities of performing business case development, project planning and management, technology options analysis, business process analysis, IT compliance and risk analysis, and technology implementation. Efforts fulfilled client requirements for performance enhancements, budget reductions, audit readiness, and capacity building.

• Planned, defined, and delivered infrastructure-focused information security, business continuity, and disaster recovery processes and technologies. Drove the creation, socialization, and implementation of business-focused security operational processes and security operation support issues. • Recognized and mitigated security violations and ensured governance and standards alignment. • Performed reviews, maintenance, and improvements consistently focusing on security posture improvement.