Administered compliance programs to ensure the organization adhered to healthcare security standards (HIPAA, HITECH).Conducted risk assessments and audits of IT systems to ensure internal controls met regulatory requirements.Developed and implemented IT governance policies, ensuring alignment with data protection standards and industry regulations.Coordinated with internal stakeholders to track and remediate audit findings, reporting status to senior leadership.Performed third-party risk assessments, ensuring partners complied with HIPAA and security standards.Conducted periodic reviews of security controls to assess compliance and effectiveness across all systems.Key Achievements:Spearheaded a HIPAA compliance initiative, improving the organization’s readiness for annual audits.Led the development of a comprehensive incident response plan to enhance data breach preparedness.

Lead the development and implementation of security policies, standards, and guidelines to ensure compliance with SOC 1 & 2, ISO 27001, HITRUST, SOX, and other industry frameworks.Managed security compliance programs within GRC tools and compliance automation platforms.Collaborated with external auditors and internal teams to collect and provide audit evidence for IT systems during annual audits, ensuring regulatory compliance.Developed and enforced data governance policies to ensure adherence to privacy regulations (e.g., NYDFS).Conducted third-party vendor risk assessments, evaluating security practices and compliance with Transamerica’s standards.Supported the company’s response to regulatory bodies, client inquiries, and due diligence questionnaires.Led vulnerability scanning efforts and coordinated remediation activities across critical systems.Monitored and assessed information security risks related to networks, applications, and systems, ensuring controls were implemented effectively.Key Achievements:Reduced audit preparation time by 20% by automating evidence collection processes.Enhanced third-party risk management by developing a more rigorous vendor assessment process.

Supported the implementation of IT compliance policies, procedures, and controls across the organization.Assisted with internal and external audits by gathering evidence and ensuring compliance with ITGCs and security standards.Conducted vulnerability scans, identified security gaps, and worked with teams to implement remediation measures.Developed risk assessments for internal systems and collaborated with stakeholders to mitigate identified risks.Key Achievements:Played a key role in enhancing security compliance, leading to the organization’s first successful ISO 27001 certification.Automated the vulnerability scanning process, reducing manual effort by 30%.