Oversee the integration of security systems, operations, and technologies designed to protect the safety of employees, patients, and assets of Ardent Health Services. Serves as a principal point of collaboration, leadership, and expertise to both internal and external constituencies on operational matters pertaining to the mission, goals, objectives, and scope of the security program. Align with the business and information technology functions to enable the Information Security program. Define and execute the Security Operations strategy and roadmap. Manage vendor relationships to solve complex issues and reduce renewal costs. Lead the development of work scopes, operational procedures, security policies, and overall strategic planning for the multifaceted, integrated security activities. • Recommend, develop and establish Enterprise policy and procedures; implement short- and long-term departmental goals & objectives; monitor and evaluate program effectiveness; effects changes required for improvements.• Standardization of security platforms across the enterprise including next-gen AV, endpoint encryption, managed SIEM, AD and File Storage Auditing, DNS protection, and Vulnerability Management. • Prepares and conducts the information security council committee meetings. Also lead the cloud security committee with IT.• Serves as primary security liaison between Ardent and external regulatory agencies.• Post-acquisition restructuring of security operations team into two distinct business functions • Created 3rd party risk review process and governance structure to reduce risks of new solutions and services introduced to network or receive sensitive data. • Oversees daily operations of the department includes 2 small and efficient teams Architecture & Risk and Threat and Vulnerability Management.• Develops and manages forecasts of the annual budgets for the security department. • Prepares security awareness communications to educate others.

• Converted from Traditional AV to next-gen AV on all workstations and servers to provide better protection• Successfully implemented security infrastructure and provided user access for two new hospitals (Hackensack University Medical Center in New Jersey and Seton Medical Center in Texas)• Built role-based security access in McKesson Paragon and various other clinical applications to create standardization across multiple hospitals and advance SOX compliance• Identified and remediated IT security gaps through development of policies, procedures and processes for the Enterprise and the Access Control Group based on guidelines from HIPAA, SOX and NIST• Assisted CIO in board presentations for out of band capital budget improvements focused on ransomware prevention endpoints• Transition of Access Control Group from third party vendor to internal team. Developed internal access control policies and procedures, and created online access requests process with automated workflows• Improved Access Control turnaround times by 46% by implementing automation within ServiceNow and additional workflow process improvements• Implemented AD cleanup and auditing tool• Implemented MS LAPS for IT managed all workstations and servers to thwart potential lateral movement of malware• Performed quarterly and ad-hoc Security Audits and Vulnerability Assessments. Worked directly with internal and external auditors during yearly audits to inspire confidence with security process, procedures and platforms• Manage Information Security Incident Response Process • Implemented and managed endpoint security and encryption products• Managed implementation of Cisco IPS and Web content Filtering solution• Implemented Ironport Email encryption and DLP system• Helped design a secure shared workstation setup model that reduced logon times to 25 second, improving security and physician satisfaction• Authored quarterly IT newsletter “Security Corner”

Support all IT needs of the facility, and other management tasks.

More information available by request