Profiles search

Gregory Paik

Cybersecurity Governance, Risk, and Compliance
San Francisco, CA, United States

Details

Education: Rhetoric

University of California, Berkeley

1989 : 1994

Haddon Heights High School

1985 : 1989

Bay Islands College of Diving
Experience: • Cybersecurity Program advisory and implementation for ISO 27001/27005, CMMC 2.0, NIST 800-171, HIPAA, & GDPR.

2019 : Present

Symosis Security

Principal - Cybersecurity Governance and Compliance

• Advised companies on how to implement cybersecurity programs in compliance with international standards and best practices. This has included National and International companies with +$1B in revenue, companies being readied for acquisition/merger, as well as smaller organizations trying to comply with the complicated landscape of cyber governance.

• Cybersecurity Advisory, Compliance, and Implementation Services for ISO 27001, ISO 27017, ISO 27018, ISO 27005, SOC 2, HIPAA, HITRUST CSF, CMMC, NIST 800-181, GDPR, & PCI DSS

2019 :

Security Management Consultancy

Cybersecurity and Compliance Consultant

Security and Compliance Advisory Services for CMMC, NIST 800-181, and ISO 27001.

2020 : 2022

Ankura

Senior Director - Compliance, Risk & Resilience Group

• Cybersecurity Program implementation advisory for ISO 27001/27017, ISO 27005, SOC 2, & GDPR

• ISO 27001 auditor

2020 : 2022

Bay Mountain Security

Principal - Cybersecurity Governance, Risk, and Compliance

• As the company's first Cybersecurity and HIPAA Security Officer, I created a Cybersecurity program that aligned the Enterprise Security & Compliance road maps to sales initiatives and business requirements for commercial entry into the U.S., U.K./EU, and Japanese markets.

• Created a cross-functional Cybersecurity Committee that oversaw and approved enterprise security initiatives.

• Architect for the HeartFlow Cybersecurity program which covered a Multi-Region AWS Production infrastructure and international facilities in California, Texas, Japan, and U.K./EU.

• Created and managed the HeartFlow ISMS, Security Risk Management, Vulnerability Management, and Security Incident Response programs.

• Responsible for security audit and compliance program for HIPAA, HITRUST CSF, ISO 27001, SOC 2 Type 2, GDPR, and Business Continuity.

• Oversight review for security and privacy product roadmap requirements as part of the Product Committee.

• Worked with a cross-functional team to improve and implement 3rd party/supplier security risk management.

• Communicated Heartflow’s roadmap for security and patient privacy with internal leadership and external partners/customers as part of the Product Sales cycle.

2016 : 2019

HeartFlow, Inc

Director of Security Compliance
Company: Symosis Security
Years of Experience: 18

Skills

Business Continuity, Change Control, Cisco Technologies, Cloud Computing, Compliance Management, Data Privacy, Disaster Recovery, Enterprise Architecture, Enterprise Software, Firewalls, Healthcare Compliance, hipaa, HITRUST, Information Security, Integration, ISO 27000, iso 27001, ISO Standards, IT Management, Linux, NIST, PCI DSS, Risk Assessment, Risk Management, SaaS, security audits, Security Compliance, Servers, Storage, System Administration, Unix, Virtualization, VMware, VoIP, Windows Server, Infrastructure Planning, Systems Monitoring, Inventory Control, Enterprise Backup, SOX, Google Apps, vSphere, Nagios, Solaris, RedHat, Clustering, Active Directory, Snort, IDS, F5 BigIP, Sendmail, Juniper, Ubuntu, LAMP, JIRA, Confluence, Microsoft SQL Server, DNS, Apache, iso 13485, iso 27005, u.s. health insurance portability and accountability act (hipaa), network security, information security management, payment card industry data security standard (pci dss), supplier risk management, it risk management, enterprise project management (epm), it strategy, cyber-security, Security Management

About

Experienced security and compliance leader with a diverse background in software to biotech, seed round startups to international enterprises with +100k users, +$1B/yr. revenue, and $10B in processed yearly transactions.



Strengths: Security Governance and Compliance, Enterprise Architecture & Integration, Infrastructure Planning, Enterprise network & security management