Gary Holverson, CISM, CCSFP
Details
Business Administration and Management, General
Stephen F. Austin State University
2021 : Present
risk3sixty
Information Security Consultant
Consulting as a security advisor and internal assessor to a large healthcare organization on HITRUST compliance security assessments, policies, and evidence collection. Using HITRUST CSF and MyCSF portal to define needs and evidence for validated assessment. Collaborating with subject matter experts from the assessed entity to understand, identify, and provide over 330 elements of audit evidence to the external assessor to demonstrate data protection assurance. Modifying policies, processes, standards, and procedures to create compliant controls described in ISO 27001, ISO 27002, and NIST to mitigate threats. 2021 attestation included 40% fewer gaps than the previous assessment.
2020 : 2021
GDT - General Datatech
Consultant | Information Security Advisory Services
Consulting as a security advisor to a financial services and software development client, involving quantitative and qualitative risk analysis, risk assessment, risk mitigation, Federal and State STAR (Security, Trust, Assurance & Risk) compliance audit aligned to Security Technology Implementation Guide (STIG) to meet Industry regulations. Technical writing IT Security Policies, Procedures, and Guidelines to reflect compliance requirements, security requirements, and CIS benchmark hardening best practices. Executing internal audits of on-premises and cloud environments. Managing and documenting security control implementations during a move to Amazon Web Services (AWS) environment. Building Factor Analysis in Information Risk (FAIR) analytical models to prioritize the Corporate Risk Register and Plans of Action and Milestone (POAM) documents.
2019 : 2020
Wavestone
Information Security Consultant
Consulting as security advisor to a private security technology client, responsible for managing information security projects as a subject matter expert. Managing the move of an out-of-state financial services data center to Dallas and ensuring its compliance with PCI DSS (Payment Card Industry Data Security Standard) controls. This project was completed successfully and 17% ahead of schedule. Managing the FISMA (Federal Information Security Management / Modernization Act) compliance attestation auditor team. Using project planning, project status reports, and presentation skills for weekly communications reports to the Information Security Officer / CISO / VP of Audit and Compliance. Presenting metrics and PPT slide deck in the weekly director's meeting. Working with network operations, cybersecurity office, developers, and third-party vendors on compliance audits and IT security initiatives to meet Industry regulations.
2019 : 2019
Odyssey Information Services
Information Security / IT Compliance Project Manager
Reporting to executive leadership providing IT strategic direction, IT governance, IT process, documenting IT risk management and regulatory compliance reporting, policies and procedures, security standards, change management controls, version maintenance, information security standards & IT audit/review, HIPAA and PCI DSS frameworks/standards, budget and financial controls, information systems operations, IT project management, mentoring staff, vendors, contracts, clients, researching & evaluating InfoSec / Cyber Security products, programs and organizations, configuration management, product selection & services procurement for business requirements and manage multiple projects.
• Directing IT team in problem-solving, PCI DSS, HIPAA & healthcare regulations data privacy compliance program, risk assessment, disaster recovery (BC/DR) and incident response strategy, documentation, business impact assessment (BIA), and business continuity plan (BCP)
• Delivering Cerner Community Works EMR, wireless medical device integration, EDI projects
• Led email migration and access control from Exchange 2016 to Office 365 (O356) Azure ADFS (Active Directory Federation Services) for integrity and availability
2016 : 2019
First Baptist Medical Center
Director of Information Security and Technology
Skills
active directory, Certified Information Security Manager (CISM), cloud computing, Cloud Security, Communication, Cybersecurity, disaster recovery, ehr, Governance, Risk Management, and Compliance (GRC), Healthcare Information Technology, healthcare information technology (hit), hipaa, HITRUST, hospitals, Incident Management, Incident Response, Information Security, Information Security Management, Information Technology, it audit, itil foundations certified, it management, it operations, Leadership, Lean Six Sigma, managed services, Management, network administration, Networking, Network Security, NIST, Payment Card Industry Data Security Standard (PCI DSS), Presentation Skills, Problem Solving, Process Improvement, Project Management, Risk Assessment, Risk Management, Security Audits, Security Awareness, Security Incident Response, servers, software documentation, software project management, system administration, team leadership, team management, Training, Troubleshooting, vendor management, microsoft exchange, vpn, cisco technologies, enterprise software, Healthcare Information, his, meaningful use, hl7, technical support, dicom, software installation, Software Project, change management, customer service, software troubleshooting, linux, cisco voip, continuous process improvement, informatics, radiology
About
I help CEOs, CFOs and CISOs with PAIN on a deadline. This often requires a subject matter expert to manage a project.
It may be a technology rollout, migration, audit, compliance attestation or policies, and procedures project.
I’m the leadership’s communications connectivity between network operations, development, database administration, compliance, audit, governance, the legal department, and third parties.
I make an impact by natively speaking IT Operations and Information Security and translating it to the leadership of other business units.
Since 2003, I have managed Information Technology projects and production systems in regulated IT environments such as healthcare, federal contracts, and payments.
In 2019 I had the opportunity to lead a PCI DSS (Payment Card Industry Data Security Standard) compliance project and a FISMA (Federal Information Security Modernization Act) compliance audit.
In 2016, I was asked to lead the IT implementation and integration for a greenfield boutique acute care surgical hospital in North Dallas.
In 2009, I was recruited to help implement a Computerized Provider Order Entry (CPOE) system to help an award-winning hospital attest to CMS Meaningful Use and improve patient outcomes and community health.
In 2003, I served as the Network Manager for the Osteopathic Medical Center of Texas and have focused on Healthcare IT ever since.
In the past, I served as President of the Arlington Junior Chamber and completed the Leadership Grapevine program of the Grapevine Chamber of Commerce.
I earned my Bachelor of Business Administration degree from Stephen F. Austin State University
STRENGTHS:
• Directed Information Security, Policies and Procedures, and IT HealthCare Regulations for a new hospital
• Managed Healthcare IT Security, Operations, Staff, Projects, and Budget since 2003
• Leadership for staff and new employees in IT Security, Compliance, and Operations
• Lead conversion to new EMR software, and interfaces across all departments
• Certified ITIL Foundation in IT Service Management # 5494810.20455142
• Lean Six Sigma Yellow Belt – Texas Health Resources – December 15th, 2015
J. Gary Holverson
Information Security and IT Operations Leader
817-223-4769
75033
gary_holverson@outlook.com
linkedin.com/in/garyholverson
Profile Photo
