Profiles search
Arthur Staff
Information Security Governance, HITRUST Subject Matter Expert, CCSFP, CISA
Denver, CO, United States
Details
Experience:
Manage a service-oriented team focused on policy development/management, documentation management, Engagement Data Security Plan (EDSP) management, and travel security program management. Accountable for ensuring the day-to-day operations of security governance, maintaining, and protecting sensitive data to the NIST SP 800-171 standards, managing Engagement Data Security Plan (EDSP) implementation and execution, and managing the compliance and execution of the IT Travel Security program.
2023 : Present
Guidehouse
Information Security Governance Manager
Quality Professional – Monitor and enforce quality standards. Provide feedback on material deficiencies and provide necessary support and training. Monitor HITRUST QA feedback and coordinate responses. Track internal and external QA findings and document trends, HITRUST rulings, and precedents.
Practice Leadership – Manage and coordinate escalations to and from HITRUST. Coordinate and align HITRUST processes and standards across the organization. Represent Coalfire on HITRUST Councils and feedback groups. Drive education of compliance and controls methodology.
Subject Matter Expert – Own and maintain a repository of guidance and training materials for HITRUST consulting services. Assist sales teams in responding to customer queries about product security and organizational controls. Interpret the impact of HITRUST Advisories on the practice. Host weekly guidance forums. Review audit plan preparations.
2018 : 2023
Coalfire
Principal - HITRUST
Advisor - Manage the development and implementation of client compliance programs (HITRUST, HIPAA, NIST, etc.) through audits, gap assessments, and continuous monitoring. Guide and coordinate remediation with leadership and cross-functional stakeholders. Prepare organizations of all sizes for HITRUST certification. Scope system boundaries and produce documentation to meet regulatory requirements. Perform evidence collection and document mapping. Present compliance and risk mitigation concepts, and interpret security requirements to internal and external stakeholders.
Consultant - Engage with clients and auditors to manage customer and compliance audits, conference calls, and meetings. Apply risk assessment frameworks (HITRUST, NIST, HIPAA, FedRAMP, GDPR, PCI-DSS, and SOC 2) to assess security risks in relation to client business objectives and risk tolerance. Assess control operation and design effectiveness, including risk mitigation, through security assessments, penetration testing results, and vulnerability assessments. Examine documentation and evidence and score against the HITRUST Rubric. Submit assessments to HITRUST via the MyCSF portal.
2015 : 2018
Coalfire Systems, Inc.
Consultant
Assess organizations against a variety of security frameworks and regulatory requirements such as NIST, ISO, HIPAA, FedRAMP, PCI-DSS, and SOC 2. Perform risk assessments and develop correction action plans. Assess call centers, data centers, and cloud providers against the requirements of the PCI-DSS. Assist senior resources with developing System Security Plans (SSP) for organizations seeking FedRAMP ATO.
2014 : 2015
Coalfire
Associate Consultant
Maintain appliance and cloud-based solutions to protect client networks from threats perpetrated through email messaging, including data mining, research, threat evaluation, rule creation, shell scripting, SQL and appliance updates.
2010 : 2013
Intel Security
Security Researcher
2023 : Present
Guidehouse
Information Security Governance Manager
Quality Professional – Monitor and enforce quality standards. Provide feedback on material deficiencies and provide necessary support and training. Monitor HITRUST QA feedback and coordinate responses. Track internal and external QA findings and document trends, HITRUST rulings, and precedents.
Practice Leadership – Manage and coordinate escalations to and from HITRUST. Coordinate and align HITRUST processes and standards across the organization. Represent Coalfire on HITRUST Councils and feedback groups. Drive education of compliance and controls methodology.
Subject Matter Expert – Own and maintain a repository of guidance and training materials for HITRUST consulting services. Assist sales teams in responding to customer queries about product security and organizational controls. Interpret the impact of HITRUST Advisories on the practice. Host weekly guidance forums. Review audit plan preparations.
2018 : 2023
Coalfire
Principal - HITRUST
Advisor - Manage the development and implementation of client compliance programs (HITRUST, HIPAA, NIST, etc.) through audits, gap assessments, and continuous monitoring. Guide and coordinate remediation with leadership and cross-functional stakeholders. Prepare organizations of all sizes for HITRUST certification. Scope system boundaries and produce documentation to meet regulatory requirements. Perform evidence collection and document mapping. Present compliance and risk mitigation concepts, and interpret security requirements to internal and external stakeholders.
Consultant - Engage with clients and auditors to manage customer and compliance audits, conference calls, and meetings. Apply risk assessment frameworks (HITRUST, NIST, HIPAA, FedRAMP, GDPR, PCI-DSS, and SOC 2) to assess security risks in relation to client business objectives and risk tolerance. Assess control operation and design effectiveness, including risk mitigation, through security assessments, penetration testing results, and vulnerability assessments. Examine documentation and evidence and score against the HITRUST Rubric. Submit assessments to HITRUST via the MyCSF portal.
2015 : 2018
Coalfire Systems, Inc.
Consultant
Assess organizations against a variety of security frameworks and regulatory requirements such as NIST, ISO, HIPAA, FedRAMP, PCI-DSS, and SOC 2. Perform risk assessments and develop correction action plans. Assess call centers, data centers, and cloud providers against the requirements of the PCI-DSS. Assist senior resources with developing System Security Plans (SSP) for organizations seeking FedRAMP ATO.
2014 : 2015
Coalfire
Associate Consultant
Maintain appliance and cloud-based solutions to protect client networks from threats perpetrated through email messaging, including data mining, research, threat evaluation, rule creation, shell scripting, SQL and appliance updates.
2010 : 2013
Intel Security
Security Researcher
Company:
Guidehouse
About
Security Governance Manager and HITRUST subject matter expert with over 20 years in the tech industry. Authoritative knowledge of the HITRUST framework and testing requirements. Extensive experience with policy development and documentation management.
Profile Photo
