SKILLS

• Information Technology
• IT Security
• Project Management Office
• Project Portfoli Management
• Product Management
• Business Analysis
• Business Process Development
• HIPAA Security Rule
• Risk Management
• Disaster Recovery
• Contract Negotiations
• SDLC
• Change Management
• Proficient in SharePoint, MS Project, and Eclipse PPM.

EXPERIENCE

Confidential

Director of IS Assurance and IT Security

• Manage enterprise-wide IT Planning processes, the Project Management Office, IT Security and Disaster Recovery/Business Continuity.
• Implement, manage and enforce information security derivatives within the regulatory mandates t protect Protected Health Information PHI as described within the Health Insurance Portability and Accountability Act HIPAA Security Rule, The American Recovery and Reinvestment Act provisions and Payment Card Industry Data Security Standards PCIDSS .
• Design and maintain security policies and procedures t support the ISSP.
• Implement security risk management program and ongoing risk assessments utilizing NIST 800-30 and PCIDSS methodology.
• Security audits of policies/procedures and systems security safeguards including assessment and application based on industry standards and best practices.
• Security voice on IT Security Oversight Committee.
• Supports requests for information services relating t incidents and investigations as directed by Corporate Compliance, Risk Management, Human Resources and Legal.
• Responsible for the annual IT disaster recovery and business continuity planning efforts.
• Leads the security incident response team in prevention, investigation, mitigation, and reporting activities ensures appropriate enforcement sanctions for information security breaches.
• Responsible for the security awareness and training initiatives t educate workforce about policies, procedures and information security risks.
• Responsible for budget related activities for the security program.

Accomplishments

• Successfully managed cross-departmental teams that directed and implemented various enterprise wide projects that support Telecommunications, Network Engineering and the IT Security program. Key initiatives include:
• Enterprise-wide firewall upgrade
• File share/SAN migration
• Patient TV/ telephone enhancements
• Transformation of unified communications infrastructure
• New vulnerability scanning system Nessus
• Identity management system MS Forefront
• Enterprise encryption and data loss prevention systems McAfee, HiSoft
• HIPAA EHR audit logging system Fairwarning, Siemens, All scripts
• Security Incident and Event Management system Nitro/McAfee
• Project Portfoli Management system Eclipse
• Enterprise Learning Management system that support HIPAA Privacy Security requirements WeComply
• E-discovery system Rational Retention
• Third party security enhancements for SharePoint Audit logging and encryption/DLP
• Enhanced IS Security Program that supports HIPAA Privacy and Security regulations, HITECH Meaningful Use, PCI Data Security Standards and NIST best practices.
• Initiated the PM and project portfoli management processes including implementation of enterprise portfoli software Eclipse t manage Information Systems projects and capital effort time reporting activities.
• Developed the IT risk management program that includes enterprise-wide systems business impact analysis, criticality assessment reviews, and systems risk assessment and associated mitigation activities.
• Completed first enterprise-wide risk assessment and associated remediation activities, as required by the HIPAA Security rule and HITECH Meaningful Use requirements, which resulted in over 1 Million in federal government payments t the medical center.
• Closed numerous HIPAA Security risks remediation activities preventing up t 1.5 Million in federal fines, per occurrence.
• Chaired the IT Planning Committee that supports the annual business case development process for IT Capital requests, averaging of up t 25 Million in approved capital.
• Decreased over 300K in annual operational expenditures while increasing overall quality and customer satisfaction through effective vendor management and by replacing several non-performing Telecommunication business affiliates.
• Implemented automated workflows that transform multiple outdated paper based processes t electronic paper-less processes resulting in a direct cost reduction savings of 1 FTE and 10K per process.
• Transformed change management procedures that support the IT security program using SharePoint workflows which include:
• Annual system auditing, risk assessments, network and system vulnerability scanning and remediation
• Enterprise-wide identity management
• Firewalls, elevated rights and VPN requests
• Interdepartmental incident response
• Investigation support and tracking Corp Compliance, Legal, Risk Management
• Annual infrastructure planning and roadmap development
• IT project portfoli review and approval

Confidential

Director of Project Management

• Provided software development, web development, integration development, new product development and professional services/consulting t the chemical and pharmaceutical markets that support regulatory and sustainability compliance.
• Led the product research, development and implementation teams.
• Managed and mentored a global team of department managers, software developers, integration engineers, regulatory specialists project managers.
• Implemented interrelated software development and implementation projects across the organization and global customer base.
• Continually supported pre-sales efforts with product and implementation demonstrations.
• Established best practices and operational policies and processes t ensure consistency standardization.
• Developed design and maintenance around inter-departmental processes utilizing various tools including MS SharePoint.