Profiles search

Lisa Potter, CRISC

Sr. Information Security Risk and Compliance Manager at Tufts Health Plan
Taunton, MA, United States

Details

Experience: Responsibilities include :

• Third party risk management through initial vendor assessments, annual vendor assessments

• Vendor risk monitoring through Risk Recon risk rating software

• Oversight of a high performing network security administration team

• Risk and Vulnerability Management

• IT Risk Management Utilizing Galvanize (formerly RSAM)

• Phishing Testing

• Maintain ISO 27001 : 2013 certification

• Security Awareness Management

• Development and Maintenance of Corporate Security Policies

• SIRT Management

2015 : Present

Tufts Health Plan

Sr. Information Security Risk and Compliance Manager

Responsibilities include :

• Risk and Vulnerability Management team chair

• Network Administration manager

• Disaster Recovery information security lead

• Vendor Assessments

• Support all ISO 27001 : 2013 initiatives

2012 : 2015

Tufts Health Plan

Information Security Risk Manager

• Collaborated with all teams that managed accesses to consolidate to one single point.

• Organized training on all applications to manage access

• Developed an authorization model to ensure accesses were authorized by the manager

• Managed the deployment and placement of all printers including approval process

• Vendor Security Assessments

2010 : 2012

Tufts Health Plan

Central Administration Supervisor

Responsibilities Include

• Configured and deployed PCs

• Customer support of PCs and applications

• Developed an administration team to give access to the network

• Supported large company moves of departments

1995 : 2010

Tufts Health Plan

PC Support, Network Administrator Team Lead
Company: Tufts Health Plan
Years of Experience: 29

Skills

Business Analysis, Business Process Improvement, Change Management, Communication, Healthcare, Healthcare Information Technology, Healthcare Information Technology (HIT), Health Insurance, Health Policy, HIPAA, Information Security, Information Technology, Insurance, ISO 27001, IT Governance, Managed Care, Management, Medicaid, Medicare, Problem Solving, Process Improvement, Program Management, Provider Relations, Risk Management, Security Awareness, Strategic Planning, Team Leadership, U.S. Health Insurance Portability and Accountability Act (HIPAA), Vendor Management, Healthcare Information

About

CRISC certified information security risk management professional with over 20 years of progressive experience in the information security field and healthcare industry. Concentrations include Vulnerability Management, Vendor Risk Management and ISO 27001certification