SUMMARY:

• Results - oriented professional with in-depth healthcare business and technology acumen.
• Strong leader with management style and reputation for building consensus, collaboration, and highly motivated teams. Successful execution of business/clinical needs at an enterprise level.
• “C” Level suite and Board Level experience
• HIPAA Security & Confidential Compliance
• Cybersecurity Management & Mitigation
• IT Risk Management & Mitigation
• Multimillion Dollar Budget Management
• Leader of depts. over 150 FTEs
• Guest Speaker at Seminars and Conferences on HIPAA Security & Privacy
• IT Process Improvements of EHR
• Member of the FBI Infraguard
• Strong experience and knowledge in Security Frameworks (COBIT, NIST 800-53, ISO 27001)
• Guest Lecture at Universities on IT Security and HIPAA Compliance
• Panelist for Healthcare IT News webinar
• SOC Leadership & Management

PROFESSIONAL EXPERIENCE:

Confidential, Marquette, MI

Chief Information Officer (CIO) & Information Security Officer

Responsibilities:

• Responsible for the planning, designing and installation of a new IT environment for a new Level II Trauma hospital (550,000 sq. ft.).
• Designed and implemented a new Medical Informatics and Business Intelligence program.
• Responsible for 2019 IT budget and 15% cost reduction plan.
• Member of the Medical Executive Committee and the executive leadership team.
• Implemented a new IT security and compliance program.
• Planned and implemented the new IT Strategic plan alignment with Confidential IT support model.
• Designed and implemented the new IT Staff reorganization to align with the Confidential IT support model.
• Guest lecture at Confidential Informatics and IT security curriculum.

Confidential, Poughkeepsie, NY

Chief Information Security Officer

Responsibilities:

• Overhauled system security architecture, set policies & procedures and implemented new security platforms to ensure compliance with HIPAA Security & Privacy Rules.
• Developed a full operational Security Operations Center (SOC) with policy enforcement and incident response services to respective areas of the business and technical areas.
• Introduced and updated the IT Security Risk Assessment Model to include Business Associates entity assessments to ensure HIPAA compliance with the OMNIBUS Rule.
• Transformed the segmented IT security programs into enterprise-wide data protection system.
• Redesigned Security Incident Response Management Plan.
• Reengineered the Confidential Security Information Event Management (SIEM) from defensive to preemptive approach against cyber threats and vulnerabilities without any interruption to daily clinical and administrative functions.
• Developed a system-wide “Security Operation Center (SOC)” solution, new “security cloud” based service that provides the latest generation e-mail and WEB SPAM filters integrated into the SIEM re-deployed application for single pane view of threats & vulnerabilities.
• Implemented new firewall and Intrusion Prevention/Detection Systems, WEB SPAM filter, “cloud” email protection and with cloud SPAM service protection.
• Trained entire Confidential community on the HIPAA IT Security Rules.
• Inaugurated an integrated IT Risk Management Program with quarterly presentations to executive management and board members.
• Designed and launched the Data Governance/Management Model for the Clinical Content Committee comprised of department chairs.
• Instituted the “Role-Based” Identify Access Management system with auto-provisioning of business and clinical end-users.
• Formulated Business Continuity Plan, Data Loss Prevention and Disaster Recovery Plan.
• Facilitated the Business Intelligence and Enterprise Analytics for Risk Management Department.
• Leadership Team member - acquisition and integration of Hudson-Valley Diagnostics
• Executive Committee member - new Hospital expansions and acquisitions strategy and budgeting for new EHR System build-outs.
• Managed entire data migration, compliance and security of a hospital acquisition in Sharon CT.
• Mentored the new Dyson Cancer Center Director of Imagining on the system wide “Refresh Imaging Project” covering new MRIs, CTs, Ultrasounds equipment, etc.
• Executive Compliance Committee (ECC)
• Clinical Applications Change Control/Management Committee member
• Safety and Quality meetings as the IT representative
• Hospital emergency response and recovery team (responsible for the IT disaster recovery plan)
• Management of a multimillion-dollar budget (operational & capital).
• Re-build, mentored, and manage IT groups and IT Security department.
• Responsible for all internal system audits and external reviews by regulators and outside auditors.
• Monitoring Confidential New York State Health Information Exchange requirements and requests.
• Built out external reporting relationships with the NY Confidential .
• Obtained the “Meaningful-Use” Stage 3 Certification for Confidential .
• Assessed new technologies for senior clinical members on its use and clinical data requirements.
• Built and maintained relationships with legal, finance, compliance, and senior clinical staff.

Confidential, Burlington, MA

Global IT Security, Privacy and Risk Manager

Responsibilities:

• Started Confidential ’s Global Confidential ’s Security, Privacy and Compliance program.
• Reported to the Sr. VP of Operations/COO and managed 10 FTEs.
• Responsible for overall IS security, Privacy Reporting, Risk Management, PHI Data Governance for HIPAA, Confidential, FISMA, FedRAMP, SOX security and compliance reporting requirements.
• Implemented a SOC program to support the newly cloud services.
• Implemented Confidential ’s HIPAA security and privacy policies and procedures as a Healthcare Business Associate to ensure its compliance with the Federal Gov’t Confidential the Omnibus Rule.
• Streamlined new Confidential “Cloud” Healthcare security architecture re-design effort.
• Collaborated and reviewed with several AMCs on Confidential ’s new “cloud” PHI security and privacy program.
• Cultivated a team of IS security, privacy, and risk management professionals.
• Moved Healthcare providers & payers from the Confidential Corporate IT Domain to Confidential Healthcare “Cloud” Domain as member of senior leadership team.
• Conducted all Healthcare IT security & privacy critical incident responses and investigations.
• Guest speaker for Healthcare Seminars (FAHIMA) representing Confidential on PHI Data Management and Governance.

Confidential, Boston, MA

Senior IT Audit & Security Manager

Responsibilities:

• Direct report to the Sr. VP of Audit, Compliance and Business Integrity who reported to the Board of Directors and to the CEO.
• Established and managed a team that performs Partners system-wide IT integrated system security and IS operational reviews.
• Provided executive level system security assessments, HIPAA compliance status, and value-added services to the Confidential and its affiliates on new and existing technologies.
• Apprised Board Members, Senior Management and Clinicians on: IT security, patient data governance & security, HIPAA, PCI, PII, Confidential, role base security.
• Identified, developed, and recommended to senior Confidential management the creation of Chief Information Security Officer (CISO) position to lead the Confidential IS Security and Governance program, and to ensure HIPAA, PCI, and PII compliance.
• Assisted with external year-end IT/S audit activities, outcomes and Confidential management responses with Board Members and Senior Management.
• Chaired the Confidential IS Security Policy and Privacy’s Oversight and Operating committees.
• Frequently requested by senior management and clinicians to lead, broker and participate in program/project management in for re-designing of business and clinical system processes.
• Leadership group that re-designed and implemented ERP solutions for Confidential ’s Development, Grants & Contract, and Research departments.
• Spearheaded extensive security reviews resulting in the development and implementation of new data governance model.
• Advised Senior Management on ACO initiatives on data governance and its management for patient care outcomes for clinical and financial members.
• Facilitated the adoption of best practices to meet the new Confidential HIPAA security requirements including its WEB-based patient and physician portals and its referral and information exchange from the ambulatory clinical application.
• Initiated the project to establish the Confidential Business Continuity Plan and the Disaster Recovery Plan Oversight Committee.
• Massachusetts “Advance Cyber Security Center ( Confidential )” representing the healthcare sector. Selected by Confidential ’s CIO, John Glaser.
• Senior member of the EPIC Implementations Oversite Committee (ensure applications controls).
• Senior Leadership Group for 5010 and the ICD -10, Meaningful Use (MU) incentive program for Confidential Hospitals and Physicians Group.
• Lead member for Confidential Architecture and Technology Evaluation Review Councils for IS strategy updates, security compliance, new applications and ICD 10 compliance.
• Awarded the “Partners in Excellence Award” (5 X’s).
• Nominated and completed the Confidential Management Develop Initiative (MDI).