Profiles search

Jamie Nelson

Information Security and Risk Evangelist
Chattanooga, TN, United States

Details

Experience: For the last five years I have been building a corporate information security education and awareness program. I help create awareness materials and activities for IT, business, and patient care areas. This role lets me flex my creativity because security awareness can quickly get stale and we must always be looking for fresh ways to engage. Highlights so far :

• Development of IR Table Top Mini Exercise concept

• Production of Weekly Security Brief for IT Executive Leadership including relevant breaches and news, threats, government alerts, security metrics

• Implementation of Corporate Phishing Program

• Deployment of GRC tool for IT Risk and Compliance

2017 : Present

The Ohio State University Wexner Medical Center

Information Security Architect

As an IT Security Engineer for a relatively small security team in a complex environment I was able to be involved in all aspects of our information security program including :

• Framework selection and customizing controls

• Developing system level and organizational risk assessments for HIPAA and other regulatory compliance

• Implementing the PCI DSS

• Leading the Information Security Audit & Compliance Team

• Incident Response and Playbook creation

Expertise : HIPAA, NIST 800-53, FERPA, Incident Response, Security Audit, Security Compliance, Security Risk Management, Risk Assessments, Framework Implementation

2005 : 2017

The Ohio State University Wexner Medical Center

IT Security Engineer

This is where my career in Information Security started.

I began as an analyst in Identity and Access Management creating accounts, responding to audit requests, creating documentation, and training new staff on account creation procedures. As I progressed, my role expanded :

• Created some of our first HIPAA compliance assessments

• Conducted user access and activity audits

• Developed security policies and best practices

• Helped manage a team of five student employees

Expertise : Identity and Access Management, User Access Auditing, HIPAA Compliance, Security Policies and Best Practices

2000 : 2005

OSU Medical Center

Data Security Analyst
Company: The Ohio State University Wexner Medical Center

About

I am an experienced Information Security professional with a passion for helping create sustainable security programs that protect your most important assets. I'm driven by the belief that good security puts process before products and comes from consistently adhering to the basics before spending lots of money.



I help healthcare organizations design and implement security program components based on established frameworks to reduce risk, protect data, and ensure regulatory compliance:



• HIPAA and PCI expert

• Policy Development

• System and Organizational Risk Assessments

• IR/DR Table Top Exercises

• Corporate Phishing and Education and Awareness Programs



Expertise: HIPAA, PCI, Risk Assessments, Table Top Exercises, Phishing, Education and Awareness, GRC, Compliance, Auditing, CISSP, Risk and Compliance