Atif Sheikh M. Email and Phone Number

CYBER SECURITY GRC CONSULTANT• IT Security Program: Contribute to IT Security Program maturity and compliance assessments based upon industry standards and best practices including HIPAA, ISO, NIST, and HITRUST Cert.• Policies and Standards: Identify, develop, implement, and maintain consistent and standardized international security processes and policies, to mitigate risk and safeguard the enterprise worldwide.• Risk Assessments: Assist with security risk assessments that are in line with our corporate policy to ensure that KP assets are properly protected.• Risk Assessments for M&A: Assist in ensuring appropriate due diligence is conducted for merger and acquisition activities by conducting a thorough risk assessment.• Data Governance: Proactively advise the business on how to maintain data privacy as they relate to regulatory requirements (e.g., EU GDPR, CCPA).• Compliances: Hands-on knowledge of regulatory compliance initiatives e.g., New York DFS cybersecurity regulation (NYDFS), Payment Card Industry (PCI), and Health Insurance Portability and Accountability Act (HIPAA).• Vendor Risk Management: Validate and monitor gaps identified during the vendor risk assessments, due diligence, and ongoing monitoring to support adherence to vendor risk management policies.• Cloud Security: Design the security governance for both hybrid and non-hybrid cloud solutions in Azure.• Vulnerability Assessments: Work with the Threat and Vulnerability Manager and the Security Operations team to develop and maintain a threat and vulnerability intelligence process that monitors for emerging systems vulnerabilities and cyber threats.• PCI Compliance: Experienced in leading projects related to PCI Compliance, including network security audits, access controls, and encryption audits.

• Manage Epic Applications Implementations & Program Governance.• Developed and maintained the Business Continuity and Disaster Recovery program to ensure critical applications and infrastructure have documented downtime/recovery procedures and are tested annually.• Developed and managed the enterprise security risk assessment program including penetration testing, application security, HIPAA/CSF security assessments, vendor security, biomedical device security.• Developed and maintained the security education and awareness program that delivers role-based security education, is based on gamification concepts and leads to measurable improvement in building a risk aware culture at all levels. Created and delivered information security concepts in simple and engaging manner through newsletters, social media, blogs, video, new employee orientation, townhalls and in person.• Understood the opportunities and challenges facing business, mission, IT, and operational groups and be able to balance institutional risk with business and mission objectives. Designed and implemented mechanisms to monitor adherence to strategies and policies and take corrective action as needed.• Adhered to NIST Cyber Security Framework, HIPAA, Joint Commission, Promoting Interoperability.• Responsible for implementing an GRC tool to manage cyber risks.• Maintained a formal risk register which drives security governance and ensures security funding is aligned with business objectives.• Worked collaboratively with the other Managers, Directors, CMIO, CIO, Service Line Leads, Steering Committees and other key partners to manage Cyber Security risks.

Build & Configuration of Clinical Applications. Implementations of Clinical Applications.Role-based Application security awareness