AeroLeads people directory · profile

Kiston Finney Email & Phone Number

Chief Risk Officer (CRO) at Atredis Partners
Location: Atlanta Metropolitan Area, United States 9 work roles
1 work email found @atredis.com 4 phones found area 801, 435, and 800 LinkedIn matched
✓ Verified Jul 2026 4 data sources Profile completeness 86%

Contact Signals · 1 work email · 4 phones

Work email k****@atredis.com
Direct phone (801) ***-****
LinkedIn Profile matched
3 free lookups remaining · No credit card
Current company
Role
Chief Risk Officer (CRO)
Location
Atlanta Metropolitan Area, United States
Company size

Who is Kiston Finney? Overview

A concise factual answer block for searchers comparing this professional profile.

Quick answer

Kiston Finney is listed as Chief Risk Officer (CRO) at Atredis Partners, a with 31 employees, based in Atlanta Metropolitan Area, United States. AeroLeads shows a work email signal at atredis.com, phone signal with area code 801, 435, 800, and a matched LinkedIn profile for Kiston Finney.

Kiston Finney previously worked as Director of Risk and Advisory at Atredis Partners and Risk Practice Manager at Atredis Partners.

Company email context

Email format at Atredis Partners

This section adds company-level context without repeating Kiston Finney's masked contact details.

{first}@atredis.com
89% confidence

AeroLeads found 1 current-domain work email signal for Kiston Finney. Compare company email patterns before reaching out.

Profile bio

About Kiston Finney

I have over 25 years of information technology and information security experience working in multiple industries including healthcare providers, hospitals, insurance companies, financial institutions, manufacturing, energy trading, law firms, and higher education institutions, with a demonstrated ability to align business strategic goals with a myriad of regulatory compliance and internal policy requirements. I am skilled at accurately assessing security risks and communicating analysis results, both verbally and in writing, to technical and non-technical business personnel. Over the past twelve years, I have focused my career on the risk management, regulatory and contractual compliance, and policy areas of information security. While experienced in some of the more technical information security areas, my passion lies in building mature security programs, analyzing and assessing risk, and explaining risk management methodology to business personnel in a way that enables them to make informed decisions as to how to appropriately apply resources to remediate those risks. I enjoy interfacing with all levels of stakeholders on the remediation plan and helping the stakeholders prioritize their efforts.

Listed skills include Information Security, Information Security Management, Security, Risk Assessment, and 17 others.

Current workplace

Kiston Finney's current company

Company context helps verify the profile and gives searchers a useful next step.

Atredis Partners
Atredis Partners
Chief Risk Officer (CRO)
saint louis, missouri, united states
Website
Employees
31
AeroLeads page
9 roles

Kiston Finney work experience

A career timeline built from the work history available for this profile.

Risk Practice Manager

Responsibilities include:• Working to identify new business for the Atredis Risk practice• Scoping and developing proposals and statements of work• Managing client relationships• Oversight, mentoring, and development of members of the Risk practice team• Risk advisory staff augmentation, vCISO, and mentoring client teams• Maintaining all Managing Principal Risk Consultant responsibilities

Managing Principal Risk Consultant

Greater Salt Lake City Area

• Mature and implement Atredis Partners' HIPAA service offerings and serve as the SME for these offerings • Mature and implement Atredis Partners' Risk Management Methodology service offerings and serve as the SME for these offerings• Develop Risk Management Methodology programs and execute Risk Assessments that are founded on industry-regarded best practices including ISO 27001/27002 and NIST Special Publications, and tailor the control sets to incorporate global and federal regulatory compliance requirements• Conduct HIPAA Security and Privacy Program Reviews for clients, and provide an actionable score card for the remediation of safeguards and requirements gaps, with NIST guidance• Conduct Security Program Reviews for clients and align recommendations with regulatory compliance drivers and industry-regarded best practices • Review, develop and implement Policies, Standards, and Procedures for organizations in all verticals, incorporating industry-regarded best practice frameworks and global and federal regulatory compliance requirements• Create client executive summaries and in-depth remediation report deliverables, identify security risks, and create a roadmap for each client’s information security program

May 2016 - Sep 2018

Manager, Grc And Hipaa Security Specialist

Greater Salt Lake City Area

Responsibilities:• Management and direct oversight of 2-3 senior staff, and 1-2 students. • Coordination with peer managers within the department and University to effectively manage the GRC aspects of the security program Essential Functions :• Working with the appropriate key University stakeholders to protect the confidentiality, integrity, and availability of the University's electronic data• Work with the University technology governance groups and leadership committees representing the status of the information security program and representing the office of the CISO as needed• Manage the development and implementation of institution-wide security Policies, Rules, Procedures, and Guidelines• Lead efforts in industry-regarded best practice standards and regulatory compliance with ISO 27001/27002, FISMA, PCI DSS, HIPAA, FERPA, etc.• Review risks, threats, vulnerabilities and oversee the development of corrective action plans in partnership with executive management, the office of general council, IT personnel, and other relevant groups.• Maintain ongoing diligence, updating and adapting to changing risks, to proactively guard against evolving and emerging threats.• Communication of the University’s security stance and risk tolerance, including compliance issues, risks, and incidents to key stakeholders to enable those key stakeholders to make informed decisions about risk and risk management• Consult on other types of security (e.g., security architecture, secure development lifecycle, physical security issues) as needed. • Collaborate with appropriate IT teams, the Compliance Office, and the Office of General Counsel to mature the University’s information security incident response plan and practicing execution of the plan• Develop and conduct information security training and awareness activities

Apr 2014 - Apr 2016

Managing Principal Consultant - Governance, Risk & Compliance

• Mature and implement FishNet Security’s HIPAA, HITECH, Omnibus, and Meaningful Use service offerings and serve as the Subject Matter Expert for these offerings within the organization• Mature and implement FishNet Security’s Risk Management Methodology service offerings• Develop Risk Management Methodology programs and execute Risk Assessments that are founded on industry-regarded best practices including ISO 27001/27002 and NIST Special Publications, and tailor the control sets to incorporate global and federal regulatory compliance requirements• Conduct HIPAA Security and Privacy Program Reviews for clients, and provide an actionable score card for the remediation of safeguards and requirements gaps, with NIST guidance• Conduct Security Program Reviews for clients and align recommendations with industry-regarded best practices including ISO 27001/27002 and NIST Special Publications• Review, develop and implement Policies, Standards and Procedures for organizations in all verticals, incorporating industry-regarded best practice frameworks and global and federal regulatory compliance requirements• Create client executive summaries and in-depth remediation report deliverables, identify security risks and create a roadmap for each client’s information security program

Nov 2009 - Mar 2014

Senior Information Security Analyst

• Developed and published a comprehensive information security policy and associated standards, guidelines and procedures based on ISO 2700x series, NIST 800 special publications, and industry-regarded best practices• Developed and implemented the data classification model that incorporates security and privacy requirements for both campus and hospital institutions• Developed and implemented the risk assessment program based on ISO 2700x series and NIST 800 guidelines for campus and hospital systems that reports both inherent and residual risk to appropriate stakeholders• Ensured all applicable regulatory compliance (HIPAA, GLBA, GRAMA, FERPA, PCI) control criteria is incorporated in assessments• Developed and implemented the risk remediation program

Nov 2008 - Nov 2009

Information Security Analyst

Information Security Architecture:• Developed and executed the recurring risk assessment program • Performed periodic risk assessment of applications and infrastructures within the program• Analyzed and reported the residual risk of each application to technical and business personnel• Interfaced directly with business, system and compliance owners for control failure remediation• Worked in cooperation with the Information Security Compliance and Testing group for control assessments, security architecture reviews, and policy reviews and revisions• Worked in cooperation with the Corporate Compliance group for reporting risk to the Executive Board• Ensured all applicable regulatory compliance (SOX, PCI, GLBA, HIPAA, FDIC, OCC) control criteria was incorporated in assessmentsInformation Security Compliance and Assurance:• Coordinated application, infrastructure, and network security reviews between the testing teams (both internal and outsourced) and the business/system owners• Participated in annual reviews of controls tested based on inherent risk score and policy revision• Facilitated and participated in security review meetings between the testing teams and the business/system owners to review security findings, with an emphasis on correlating the test findings with actual risk to the business/systems and overall security awareness and education• Briefed security review findings to executive management, followed up on all required findings with the business/system owners, and reported these metrics to executive management• Assisted business/system owners with drafting Exception to Policy requests, reviewed those requests, and met with executive management and the audit department to approve or deny as appropriate

Jun 2004 - Nov 2008

Systems Engineer

• Exchange Server Administration - Building servers, creating and managing all distribution lists, recipients and connectors, monitoring Norton Antivirus for the Enterprise updates and logs, creating and enforcing all policies, training and supporting all clients• Windows 2000 Server administration - Building servers, creating policies, establishing security, building and maintaining Active Directory• Active Directory Migration from Novell - Meeting with department heads to discuss workflow and security issues, serving on the Windows 2000 steering committee for Physiotherapy Associates’ parent company, designing Active Directory structure, proposing new structure to CFO and CEO, building a test network, building live servers, performing the migration, documenting the migration, supporting all migration issues, presenting the migration success to the parent company and to the CFO and CEO• Network Administration - Establishing and enforcing network policies relating to user and group security for Novell, Windows NT 4.0 Server, Windows 2000 Server and Active Directory• LAN/WAN Administration - Troubleshooting connection issues and TCP/IP, supporting frame network, opening trouble tickets with appropriate telecoms• Cisco VPN 3000 Series Administration - Installing and maintaining software clients, maintaining 3002 hardware devices, monitoring 3030 concentrator• Level 3 Support - Training and mentoring help desk analysts, co-writing the IT Desk Reference Manual, solving third tier support issues for remote users utilizing pcAnywhere, troubleshooting and repairing Compaq and Dell servers, desktops, and laptops

Aug 1997 - Jul 2002
Team & coworkers

Colleagues at Atredis Partners

Other employees you can reach at atredis.com. View company contacts for 31 employees →

FAQ

Frequently asked questions about Kiston Finney

Quick answers generated from the profile data available on this page.

What company does Kiston Finney work for?

Kiston Finney works for Atredis Partners.

What is Kiston Finney's role at Atredis Partners?

Kiston Finney is listed as Chief Risk Officer (CRO) at Atredis Partners.

What is Kiston Finney's email address?

AeroLeads has found 1 work email signal at @atredis.com for Kiston Finney at Atredis Partners.

What is Kiston Finney's phone number?

AeroLeads has found 4 phone signal(s) with area code 801, 435, 800 for Kiston Finney at Atredis Partners.

Where is Kiston Finney based?

Kiston Finney is based in Atlanta Metropolitan Area, United States while working with Atredis Partners.

What companies has Kiston Finney worked for?

Kiston Finney has worked for Atredis Partners, University Of Utah Hospitals And Clinics, Fishnet Security, University Of Utah, and Zions.

Who are Kiston Finney's colleagues at Atredis Partners?

Kiston Finney's colleagues at Atredis Partners include Shaun Mirani, Jennifer Childs, Colby Gray, Bryan C. Geraghty, and James Cook.

How can I contact Kiston Finney?

You can use AeroLeads to view verified contact signals for Kiston Finney at Atredis Partners, including work email, phone, and LinkedIn data when available.

What skills is Kiston Finney known for?

Kiston Finney is listed with skills including Information Security, Information Security Management, Security, Risk Assessment, Cissp, Risk Management, Security Awareness, and Hipaa.

Find 750M verified contacts

Search by job title, company, industry, location, and seniority. Export verified B2B contact data when you need it.