Chad Gary Email and Phone Number

Lead Internal Audit Department for publicly traded healthcare company, covering IA, SOX, and IT Audit.Implemented a GRC Solution to assist with planning, testing, SOX questionnaires and Risk Management.Implemented Oracle Risk Cloud (Advanced Transactions & Advanced Controls) to address SOD, Sensitive Access, and high risk transaction monitoring.Assisted IT with General Computer Control Narratives and as the IT Liaison for external auditorsPolicy Review Committee Member

Ensuring appropriate IT Compliance and IT Governance throughout the global enterprise, including Information Security, SOX ITGCs, GDPR, and Data Protection. Guided and performed NIST CSF Self Assessments for Global IT Dept.Revamped IT Policy and Procedures to align to NIST CSF.IT Team Lead for GDPR AdoptionIT Team Lead for Data Protection InitiativeSOX ITGC Liaison for Internal and External AuditorsResponsible for Third Party Vendor/Technology ReviewAssisted SAP implementation team with design of SOX ITGCs & SOD controls.Updated/Improved IT Change Management Process for in-house systems

Information Security, IT Compliance, and ERM ConsultantPerformed NIST CSF Risk AssessmentsPerformed HIPAA Risk Assessments, Policy & Procedure consulting, and applied controls to assist with HIPAA complianceIT Change Management ConsultingBuilt IT ERM Roadmap for NIST adoptionAssisted companies with incident and vulnerability managementSOX ITGC consulting for global company

Responsible for the Information Assurance Group, consisting of IT Compliance and Information Security Department.Responsible for the management of the Information Security Program and Policy.Responsible for Security Risks and Gap updates to the Executive Information Security Steering Committee, the Information Security Sub Committee, and Enterprise Risk Management committee.CMB Voting member and owner of processes and controls.

Continued IT Compliance role, but taking on additional Information Security tasks. Coordinating HITRUST CSF adoption and closing Information Security Gaps from all previous assessments.

(Promoted to Director in Oct. 2011)Reported to ISO, facilitating Change Management processes, controls, and Change Board agendas and meetings. Evaluates IT business processes, systems and design for the purpose of making recommendations to enhance the control environment, and improve operating efficiency and productivity.Researches and remains current with regulations and guidelines for compliance within the Amedisys IT department.Makes recommendations to improve process controls in alignment with industry best practices.Serves as liaison for the IT Department with Corporate Internal Audit, Compliance, and SOX departments of Amedisys along with the external auditors. This role also will assist other Corporate Departments with special projects when scope of third party consultants or auditors involve Information Technology or Information Security.Assisted ISO with rollout of Information Security Program and Policy. Worked with IT departments to build SOPs and Processes to meet ISP guidelines. Assisted ISO in reporting gaps and risk updates to executive committees.

Performed Management's Testing for SOX 404 around all Corporate and Field Controls.Was able to take on Application Control testing, to reduce cost of outsourced testers.Worked closely with all process owners to identify risks, controls, and map out processes.

SOX 404 EngagementsITGCC TestingFinancial Controls Mapping and TestingOil & Gas, Information Technology, and HealthCare clients

Governmental Consultant -Worked for a contract-lobbying firm representing several energy companies in the Louisiana and Mississippi Legislatures. Worked with various state agencies, trade associations, and state legislators to best serve our clients. Duties included lobbying state officials in LA & MS, research of proposed legislation, office management, and client correspondence/relations.