Brian C. Clippard
Details
ProQuest
Chief Information Security Officer
2013 : 2019
AlixPartners
Chief Information Security Officer
My primary focus is developing and supporting security program initiatives for our clients. I have more than 12 years of security and compliance management experience in high profile industries including healthcare, insurance, and automotive manufacturing. My expertise includes IT and security process improvement and strategy, policies, auditing information systems, building and maintaining security and regulatory compliance programs, security analysis, and risk management.
2011 : 2013
VioPoint Inc
Security Consultant
Charged with the creation of new role to partner with Business Units
Role :
-Plan, implement and oversee the operation of the Enterprise and Business level Information Protection Plans
-Consult with Business leaders to ensure that corporate information protection policies are being adhered to at the design stage of the SDLC
-Play an educational, risk management and advisory role to the Business Unit
-Provide ongoing risk management support to the Business Units
Guiding Principles
-Promote consistent application of Information Security requirements across the business units
-Take a risk-based approach; protect high risk assets while providing the freedom and flexibility to execute one’s job
-Incorporate leading security practices through the use of industry standards, and repeatable processes
-Design solutions to ensure adequate measures are implemented
2010 : 2011
Blue Cross Blue Shield of Michigan
Business Security Solutions Engineer
1.Monitors regulatory environment for impact on security programs and initiatives.
2.Develops policies, procedures and standards to ensure and enhance security.
3.Educates customers on security policy and practices.
4.Perform information security risk assessments based upon approved methodology.
5.Assists in development of annual information security risk assessment plan.
6.Responsible to lead internal regular information security risk assessments.
7.Responsible for developing, follow through and monitoring of any information security responses to audits.
8.Keeps abreast of the latest in security, risk, and compliance related to data assets. Makes appropriate recommendations regarding the purchase of new monitoring, auditing, security tools.
9.Monitors and ensures compliance for all appropriate regulatory requirements including Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry and NAIC-MARS.
10.Optimize the Security Compliance and Governance strategy and direction
11.Develop and implement an information security awareness program.
12.Develop, manage and continually review information security policies and standards.
13.Perform self assessments as required by regulatory and industry compliance initiatives.
14.Implement management reporting and metrics for security compliance. This includes metrics development and reporting of security incidents and security awareness training.
15.Implement process and tracking to monitor compliance to policies and standards. Work with subject matter experts to ensure policies and standards are comprehensive, current and appropriate to meet regulatory and security requirements
16.Coordinate policy exception requests and tracking
2008 : 2010
Blue Cross Blue Shield of Michigan
Security Governance Manager
About
Brian Clippard is Chief Information Security Officer at ProQuest. His position entails the following roles:
Strategist
Drive business and cyber risk strategy alignment, innovate and instigate transformational change to manage risk through valued investments
• Collaborates with the business units to identify, prioritize and respond to risk components, developing security architecture in support of the business strategy
• Direct initiatives related to Information Security and Privacy strategic planning
• Set and manage the budget for Information Security and Privacy
• Build and maintain the Information Security and Privacy Team by the development of internal staff, acquisition of additional members, and through innovative use of outside providers
• Develop the Security and Privacy Roadmap and communicate as necessary
Advisor
Lead the firm in providing the structure, processes, necessary technologies and Thought Leadership related to all aspects of the business to educate, advise, and influence activities related to cyber risk and privacy through:
• Security and Privacy Training and Awareness
• Monitor and Report: changes in the threat, technical, legal, and regulatory landscape
• Consult with senior management in times of an Information Security and Data Breach crises
• Security and Privacy Standards: lead efforts to create and enhance standards and hardening procedures, and work to ensure that IT management understands and supports them
Guardian
Provide the central point of contact for all information security and privacy issues and concerns. Manage and investigate security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation. Protect business assets by understanding the threat landscape and managing the effectiveness of the cyber risk and privacy program.
Technologist
Assess and implement security and privacy technologies and standards to build organizational capabilities by collaborating with end-users, business leadership, and IT team colleagues.
Profile Photo
