Nashville, Tennessee, United States
Innovative and results-driven business executive with a proven track record in leading the delivery of IT services that drive cost efficiency, enhance operational performance, and ensure secure technology solutions across the organization. Trusted advisor to senior leadership, board members, and cross-functional teams, specializing in the development and implementation of policies and procedures for operations, security, compliance, risk management, business continuity, and service delivery. Experienced in building and leading high-performing teams, fostering a culture of continuous improvement through coaching, mentoring, and targeted training to maximize service excellence.
Developed a strategic roadmap encompassing cybersecurity, business applications, and data management, establishing a strong foundational framework to enhance security posture, improve operational efficiency, and support core business processes.
• Identified gaps in the Information Security program and executed a remediation plan to address them • Built an Enterprise Security Risk management and mitigation process based on the NIST CSF, reporting to the Board Cyber Risk Committee. • Implemented a vulnerability management program, including cloud and endpoint scanning tools, prioritization, and remediation. • Integrated DAST, SAST, and SCA into the DevOps pipeline to ensure comprehensive application security • Collaborated with IT operations to establish a regular patching schedule for safeguarding information assets. • Designed and implemented internal control structures based on NIST, ISO, and HITRUST Common Security Framework to achieve HITRUST certifications. • Developed a Security Incident Response plan and process, incorporating breach readiness exercises • Launched a vulnerability management program that included CSPM and EDR endpoint scanning tools, along with prioritization and remediation processes. • Consolidated security tools to reduce redundancy and provide a unified view • Assist in internal and external customer assessment. • Revamped the security awareness, privacy, and compliance training program.
•Designed and implemented internal control structures aligned with NIST, ISO, and HITRUST Common Security Frameworks to achieve SOC 2 and HITRUST certifications. •Established comprehensive Information Security Programs to meet regulatory requirements, including HIPAA, NIST, FERPA, and COPPA. • Deployed governance, risk, and compliance (GRC) tools to manage policies, controls, assets, risk assessments, and mappings to SOC 2 and HITRUST criteria. • Implemented risk assessment processes for enterprise-level, asset, and third-party risks. • Created and implemented policies and procedures to mitigate company risks and ensure compliance with regulatory requirements and security best practices. • Led business process reviews and control validations to ensure operational efficiency and compliance. • Managed key information security domains, including vendor management, asset management, risk management, access management, information protection, human resources, business continuity, and data processing and validation. • Developed and maintained a security roadmap to drive the maturation of the security program. • Completed customer security and compliance questionnaires to support sales and account management. • Implemented a security awareness program and learning management system to foster a culture of security across the organization.
• Performed annual risk assessments and management interviews to create the annual internal audit plan for review and approval by the Audit Committee. • Administered the annual Sarbanes-Oxley (SOX 404) certification process, including narrative and control review and approvals process, risk ranking of control activities, testing of control activities, and reporting to management and the Audit Committee. • Contributed to HITRUST certification and conducted HIPAA Security and Privacy Risk Analysis. • Led efforts to design and secure an SSAE 18 SOC 2 report for critical business systems • Created the SOX and Security requirements to be included in an SSAE 18 SOC 1 report on the primary outsourced IT vendor. • Validated management’s compliance and effectiveness with the ISO 27001 standard to determine if the organization conforms to its information security management system requirements. • Led an RFP, vendor selection, and transition process to outsource the Internal Audit and SOX compliance functions. • Directed cross-functional teams to address business issues related to the legal use of data, real-time data, and data governance.
• Directed the selection, implementation, and upgrade of software through business need assessments and an RFP process. Established and maintained vendor relationships. • Facilitated training and support to operational personnel on the processes and technology that were developed and deployed. • Developed, maintained, and distributed all financial reports for internal and SEC reporting. Managed the creation and maintenance of Sales and HR dashboards utilizing Business Objects.