Manchester, New Hampshire, United States
Meet Alexis Orivri, CISA, CDPSE — a detail-oriented Senior IT Security & Compliance Analyst and GRC professional with over 8 years of experience strengthening security postures, managing risk, and driving compliance across complex healthcare and enterprise environments. I specialize in risk assessments, ITGC and ITAC control testing, third-party risk management (TPRM), policy and procedure development, and compliance program enhancement. I’ve successfully led and supported initiatives involving SOX, PCI DSS, HIPAA, SOC 2 attestations, HITRUST, and ERP audits, while applying frameworks such as NIST, COBIT, ISO, and FFIEC to deliver measurable improvements in security and operational efficiency. My background also includes deep hands-on experience implementing and optimizing Epic (Willow, ClinDoc, CPOE, MyChart, Beacon, ADT, Prelude, Grand Central, Rovers) and Cerner PowerChart systems across 15+ major healthcare organizations. This unique combination of compliance rigor and clinical systems expertise allows me to bridge technical controls with real-world healthcare workflows. I bring a methodical, systematic approach to every project — identifying gaps, developing actionable recommendations, training teams, and ensuring controls operate effectively at scale. I thrive in collaborative, distributed environments and am passionate about helping organizations maintain the highest standards of security, privacy, and compliance. AI Quality Assurance Specialist | Healthcare IT & EHR Systems Expert Detail-oriented AI Quality Assurance Specialist with 8+ years of experience in systematic testing, evaluation, and optimization of complex healthcare IT systems and clinical workflows. Expertise in identifying errors, inconsistencies, and edge cases in EHR outputs and processes; developing test cases and SOPs; delivering structured, actionable feedback; and applying rigorous guidelines (NIST, ISO, HIPAA, COBIT) consistently at scale. Deep domain knowledge in Epic (Willow, ClinDoc, ADT, CPOE, MyChart, Beacon, Prelude, Grand Central, Rovers) and Cerner PowerChart across 15+ major healthcare systems. Proven ability to train end-users, configure systems, troubleshoot glitches, document findings, and collaborate asynchronously with distributed clinical and technical teams — ideally positioned to evaluate AI-generated clinical outputs, medication recommendations, documentation, and order sets for quality, safety, and compliance.
• Reviewed and evaluated complex vendor outputs, deliverables, and IT assets against detailed quality guidelines, identifying errors, inconsistencies, and edge cases through qualitative/quantitative assessments. • Performed systematic constraint-checking and gap analysis; documented findings with structured, actionable feedback to maintain quality benchmarks for audits, RFPs, and supplier reviews. • Developed SOPs and test protocols for Governance, Risk & Compliance; collaborated asynchronously with distributed teams across time zones using Jira and stakeholder evidence gathering. • Conducted risk assessments on IT assets and third-party vendors/suppliers, identifying vulnerabilities and compliance risks to inform strategic mitigation. • Performed comprehensive Security and Privacy Assessments as well as Criticality Impact Assessments to evaluate third-party risk exposure and support risk-based decision making. • Led Supplier Reviews and User/Privileged Access Reviews, validating access controls and ensuring alignment with security policies and regulatory requirements. • Conducted detailed policy and control gap analyses, delivering actionable recommendations that strengthened the overall control environment. • Drafted and reviewed Bridge Letters for SOC 2 Type 2 attestations, ensuring accurate representation of control effectiveness and timely stakeholder communication. • Reviewed and created policies, standards, and procedures as needed to support continuous compliance and operational excellence across the organization. • Liaised with key stakeholders across departments to gather evidence and documentation supporting internal/external audits and RFP responses. • Managed and triaged security and compliance tickets in Jira, prioritizing critical issues and coordinating timely resolution with cross-functional teams. • Created and published internal educational content on data privacy best practices, raising organizational awareness during National Data Privacy Day.
• Conducted qualitative and quantitative risk assessments on Information Technology assets, Third party vendors and other business and IT risks. • Tested ITGCs for operating effectiveness and design appropriateness. • Created SOPs for IT Security and Compliance team to guarantee that the organization remained consistently compliant with the industry business standards and regulations. • Trained Junior team members on completing various compliance assessments and testing controls against NIST standards. • Conducted Compliance Assessment for various clients, ensuring adherence to NIST 800-53 Controls and standards. • Gathered evidence from Stakeholders, Control, Application and System owners to support compliance to NIST, ISO, HIPAA, SOX, PCI DSS and GDPR Standards and Frameworks. • Performed backup and disaster recovery control testing to determine design adequacy and operating effectiveness. • Interviewed Application owners against NIST controls, providing comprehensive documentation of findings and recommendations. • Tested IT infrastructure – Databases, networks, AD, and Operating System to determine the risks to the organization and establish controls to mitigate the vulnerability. • Hosted kick-off meetings with Stakeholders and Application owners for Compliance Audits • Responsible for the evaluation of security and mitigation of risks associated with confidentially, integrity and availability of the company’s information assets. • Demonstrated a strong understanding of various compliance and regulatory areas (SOX, SOC, PCI, FERC, FFIEC) or the risk register, risk exposure, risk reporting, and handling of risk events. • Managed communication and coordination with key stakeholders in North America; in relation to IT Risk Management process.
15+ Hospitals Including: Tower Health, Orlando Health, NYP, NYU Winthrop, Bellevue, Mount Sinai, Vanderbilt, Barnes-Jewish, Mayo Clinic, Jupiter Medical, LCMC Health, and others • Trained hundreds of end-users (physicians, nurses, pharmacists, PCAs, unit clerks) on Epic modules (Willow, ClinDoc, ADT, Grand Central, Rovers, Prelude, CPOE, MyChart, Beacon, Optime, Cadence) and Cerner PowerChart/Surginet workflows — directly equivalent to developing and executing test cases for clinical system adoption and AI-assisted processes. • Identified, troubleshot, and resolved system glitches, smart link errors, workflow inconsistencies, and edge cases during go-live and cutover; escalated issues and provided structured feedback to command centers and vendors. • Configured and tested system components (scanners, printers, label printers, patient lists, favorites, smartphrases, treatment plans); documented custom workflows and delivered actionable elbow support and personalization training. • Ensured HIPAA compliance, data accuracy, and quality in clinical documentation (MAR, flowsheets, admissions/discharges/transfers, medication reconciliation, oncology protocols); applied rigorous standards consistently across diverse hospital environments. • Collaborated asynchronously with clinical staff, IT teams, and command centers across multiple time zones; created macros, encounter plans, and training materials to standardize processes and improve output quality.
• Conduct Information security control testing. Identify detective, preventive, corrective and compensating controls for design appropriateness and operating effectiveness. • Execute ITGCs and IT Application Controls testing (ITACs) on a risk-based approach, to identify process improvement prospects and conduct periodic comprehensive risk assessment to determine the adequacy of controls in place. • Liaise with external auditors to perform annual SOX compliance audit and conduct review of SSAE 18 reports, SOC I, II and III reports, SOC 1 type I audit. • Involved in pre and post implementation audits to ensure the System Development Life Cycle (SDLC) is followed through inclusion and implementation of adequate internal controls built into the system. • Hands-on utilization of COSO and COBIT frameworks, NIST, ISO, GDPR and FFIEC regulation. • Participate in IT audit process from planning to follow up phases, including financial, operational and technology audits and risk assessments.