Kiston Finney Email & Phone Number

• Responsibilities include:
• Working to identify new business for the Atredis Risk practice
• Scoping and developing proposals and statements of work
• Managing client relationships
• Oversight, mentoring, and development of members of the Risk practice team
• Risk advisory staff augmentation, vCISO, and mentoring client teams

Greater Salt Lake City Area

• Mature and implement Atredis Partners' HIPAA service offerings and serve as the SME for these offerings
• Mature and implement Atredis Partners' Risk Management Methodology service offerings and serve as the SME for these offerings
• Develop Risk Management Methodology programs and execute Risk Assessments that are founded on industry-regarded best practices including ISO 27001/27002 and NIST Special Publications, and tailor the control sets to.
• Conduct HIPAA Security and Privacy Program Reviews for clients, and provide an actionable score card for the remediation of safeguards and requirements gaps, with NIST guidance
• Conduct Security Program Reviews for clients and align recommendations with regulatory compliance drivers and industry-regarded best practices
• Review, develop and implement Policies, Standards, and Procedures for organizations in all verticals, incorporating industry-regarded best practice frameworks and global and federal regulatory compliance requirements

Greater Salt Lake City Area

• Responsibilities:
• Management and direct oversight of 2-3 senior staff, and 1-2 students.
• Coordination with peer managers within the department and University to effectively manage the GRC aspects of the security program Essential Functions:
• Working with the appropriate key University stakeholders to protect the confidentiality, integrity, and availability of the University's electronic data
• Work with the University technology governance groups and leadership committees representing the status of the information security program and representing the office of the CISO as needed
• Manage the development and implementation of institution-wide security Policies, Rules, Procedures, and Guidelines

• Mature and implement FishNet Security’s HIPAA, HITECH, Omnibus, and Meaningful Use service offerings and serve as the Subject Matter Expert for these offerings within the organization
• Mature and implement FishNet Security’s Risk Management Methodology service offerings
• Develop Risk Management Methodology programs and execute Risk Assessments that are founded on industry-regarded best practices including ISO 27001/27002 and NIST Special Publications, and tailor the control sets to.
• Conduct HIPAA Security and Privacy Program Reviews for clients, and provide an actionable score card for the remediation of safeguards and requirements gaps, with NIST guidance
• Conduct Security Program Reviews for clients and align recommendations with industry-regarded best practices including ISO 27001/27002 and NIST Special Publications
• Review, develop and implement Policies, Standards and Procedures for organizations in all verticals, incorporating industry-regarded best practice frameworks and global and federal regulatory compliance requirements

• Developed and published a comprehensive information security policy and associated standards, guidelines and procedures based on ISO 2700x series, NIST 800 special publications, and industry-regarded best practices
• Developed and implemented the data classification model that incorporates security and privacy requirements for both campus and hospital institutions
• Developed and implemented the risk assessment program based on ISO 2700x series and NIST 800 guidelines for campus and hospital systems that reports both inherent and residual risk to appropriate stakeholders
• Ensured all applicable regulatory compliance (HIPAA, GLBA, GRAMA, FERPA, PCI) control criteria is incorporated in assessments
• Developed and implemented the risk remediation program

• Information Security Architecture:
• Developed and executed the recurring risk assessment program
• Performed periodic risk assessment of applications and infrastructures within the program
• Analyzed and reported the residual risk of each application to technical and business personnel
• Interfaced directly with business, system and compliance owners for control failure remediation
• Worked in cooperation with the Information Security Compliance and Testing group for control assessments, security architecture reviews, and policy reviews and revisions

• Exchange Server Administration - Building servers, creating and managing all distribution lists, recipients and connectors, monitoring Norton Antivirus for the Enterprise updates and logs, creating and enforcing all.
• Windows 2000 Server administration - Building servers, creating policies, establishing security, building and maintaining Active Directory
• Active Directory Migration from Novell - Meeting with department heads to discuss workflow and security issues, serving on the Windows 2000 steering committee for Physiotherapy Associates’ parent company, designing.
• Network Administration - Establishing and enforcing network policies relating to user and group security for Novell, Windows NT 4.0 Server, Windows 2000 Server and Active Directory
• LAN/WAN Administration - Troubleshooting connection issues and TCP/IP, supporting frame network, opening trouble tickets with appropriate telecoms
• Cisco VPN 3000 Series Administration - Installing and maintaining software clients, maintaining 3002 hardware devices, monitoring 3030 concentrator