Hired to be the Senior SME for all technical security and privacy compliance and risk frameworks. I have been involved in the extensive content update and work for the company including Framework, Assessment, Mapping, and Task review/update/creation. Using my GRC, Cyber, technical, and IT experience to further the value of the product through continuous involvement and input in the development of the product. Some of my frameworks expertise includes: NIST (all 800 series security versions), CIS v7.1 and 8, PCI 3.2.1, 4.0, 4.0.1, NYDFS 2017/2023, CMMC (v 1.1 and 2.0), DFARS (NIST 800-171 (including the a expanded framework) rev 2&3), HITRUST, CCPA,SOC 1&2, ISO 27001 ISO 27002. Also using my expertise in Fedramp,HIPAA, general security (corporate and federal requirements), and many other technical and other controls/frameworks that have requirements that are either regulatory or general and include security or Cyber. Highly skilled in the HIPAA security and privacy rule as well as the HICP 405(d) Cyber components.. Privacy frameworks such as GDPR, CCPA, CCPR and others are also included in my experience. I also provide Senor Customer Success Manager skills to assist clients in their GRC efforts and help the clients ensure they are conforming to compliance requirements and ensuring they have secure environments. As an SME, work also includes working with development, product, and security to continue to develop the best product available for continuous compliance. Also hired to be a leader in the GRC field by providing thought leadership by speaking at conventions, webinars and other avenues. Working on a training program to use my experience and training in education to educate internal and external stakeholders in the field of GRC, Security, IT, etc.

I have now closed down this company, but am always open to opportunities to develop both my own and developing companies skill sets. Security Compliance positions, and contracted assessments in fields such as HIPAA, NIST CSF, DFARS (NIST 800-171 Rev 2 &3), NYDFS (2017 and 2023), FFIEC, NIST 800-53, CIS-18, and any other control framework that is needed. I can perform gap assessments against regulated frameworks as needed.Christopher has over 20 years of experience conducting Assessments against all of the top frameworks and can help your business in assessment against industry Cyber standards, Regulated standard assessments, gap assessment, and remediation efforts.Expert at:*CISO experience including Fractional vCISO to smaller enterprises*Tabletop tests*In person and remote training for security requirements such as HIPAA, general security training, and other training requirements.*Recommendations for remediation of risks for compliance requirements*SME recommendations for most Cyber and IT security frameworks*Expert experience in developing Cyber programs to expand the level of compliance with required elements of Compliance programs as well as securing the corporate network against the future trend of bad actors.

Subject Matter Expert (CISO and Director responsibilities) in Security and Cybersecurity for Genzeon and CompliancePro Solutions.. * Developed a HIPAA compliant Security and Privacy training and deployed it to a `400 person company using a 3rd party partner.* Rolled out multiple new security programs including assessments, penetration testing, vulnerability scanning, etc.* Updated policy and procedure for multiple areas.*Conducted internal Security Risk assessment for both Genzeon and CompliancePro Solutions.*Wrote multiple blog topics on current trends in the HIPAA security environment and the 405(d) Cybersecurity best practices.*Published several Security Articles in a highly regarded HIPAA Compliance Magazine and Online Portal* Conducted live Webinars for multiple companies such ast HCCA, SCCE, etc.*Scoping of all projects including time requirements and cost* Helped develop a SDLC, Vulnerability assessment program, Training program, and other requirements for security.*Provided Sales support for all security programs.*Conducted over a dozen assessments for multiple clients including HIPAA with 405(d) best practices, NIST-CSF, DFARS, FINRA Cybersecurity checklist, and other assessments.* Sold over 90% of the security servicess for the company (not an up front sales person)

Senior Security Consultant at GuidePoint Security. Senior consultant(senior position) with HIPAA privacy and security including 405(d) experience, PCI 3.2.1, 4.0, 4.0.01, NIST 800-171a rev 2 & 3, GDPR, CMMC v1.1 & v2.0, HITRUST, CIS v7.1 &8.0, and other compliance experience. Consultant Knowledge with Director experience including Budget, SOW, Junior consultant mentoring. Essential member of the team providing senior experience with assessing and developing compliance controls for clients. Only member of the team HITRUST certified for over 6 1/2 years. HIPAA compliance expert conducting 90% of the HIPAA compliance (Including implementing the Cyber HICP 405(d) elements) assessments along with updating and adapting the program to fit the current environment to incorporate HIPAA with current trends and requirements that need to be implemented to not only be compliant, but also incorporating security to actually secure ePHI. Instrumental in the following:* PCI QSA conducting assessments, scoping exercises, and gap assessments.* HIPAA expert conducting 90% of the HIPAA assessments with 90% return rate (including 405(d)).* HITRUST expert (over 6 years of experience)* CIS expert V 7.1 and 8.0* NIST expert 900-53, 800-`171 rev 2 &e* Ability to work a majority of compliance framework jobs as gap assessments including SOC1&2, ISO 27001, SANS, PCI, and others.* Expert at scoping projects based on the requirements

Director of PCI Risk and Compliance Department. Conducting Payment Card Industry (PCI) assessments including RoC's, AoC's, SAQ's, PCI compliance gap assessments and SOC II security assessments.Directed a team of QSA and AQSA employees including mentorship and leadership of junior and senior members of staff.Work closely with members of the sales team to scope, price, and sell new and ongoing assessments. Full budgetary responsibility of the department.

Hired to provide security consulting services including Healthcare, PCI compliance (QSA), HITRUST compliance (CSF), NIST compliance, HIPAA Compliance, Training and overall compliance results.Providing security and privacy risk assessments for companies of all sizes. Compliance for Healthcare, Financial, PCI, HITRUST, NIST, PCI, and other business areas. Writing, reviewing, and editing corporate security and privacy policies and procedures. Provide remote as well as onsite security reviews for companies including Healthcare, Financial, Healthare, Government, and companies concerned with compliance and security of data. Areas of compliance include, HIPAA Compliance, NIST, HITRUST, COBIT, and PCI compliance. Enterprise security assessments, Virtual Chief Security Officer services for enterprises across multiple business units. Chief Compliance work for companies of all sizes and all disciplines.• Project Management• Junior Staff Mentoring• Client Satisfaction• HIPAA Risk Assessments• HIPAA Gap Analysis* NIST 800-53 Low, Moderate, and High compliance* PCI-DSS QSA Compliance* HITRUST Certified Professional• Policy & Procedure Creation• Enterprise Security Assessments• Compliance Training, creation, and implementation• Technology Consulting* Established Speaker for Technology education including Regional and National Speaking engagements for PCI, HIPAA, NIST, HIMSS, etc.• Virtual Chief Security Officer for Customers

Complete Academic responsibility for the campus. Instructing students and serving on the campus senior leadership team. Managed 50+ employees with various level degrees from Bachelor to PHD. Retention responsibilities as well as extensive experience and responsibility for ACICS accreditation leadership for the campus including auditing and direct development of accreditation documents for three programs.Developed technology integration in curriculum for all general education, business, and network engineering programs. Responsibility for networking department budget. Participate in curriculum review and adoption of textbooks. • Recruitment, Hiring, and Training of all Faculty and Staff• Develop and manage the quarterly master schedule.• Teaching 3-4 Business and IT classes per quarter• Manage the recruitment, selection, training, evaluation, retention, and success of an outstanding faculty and academic staff of over 50 employees.• Administer the campus curriculum development and review process • Observe instructors, formally and informally and provide regular coaching to instructors. • Organizing resources, establishing priorities, plan and evaluate programs.• Develop financial plans and manage resources. • Administer the College’s program for professional growth and development, in-service programs, faculty meetings and program director meetings. • Achieve program attendance, retention, placement, and certification exam pass rate goals. • Administer the instructional programs of the College in a fully compliant manner according to company, state, ACICS, programmatic and state board standards. Maintain accurate and complete academic files for faculty in accordance with the company and compliance criteria. • Oversee Program Directors, Student Services, LSC, and Library operations. • Budget preparation and fiscal management.• Re-engineering operations and procedures, formulating policy, and developing and implementing new strategies and procedures.