Profiles search
Nick Rubenstein
Information Security Analyst at Abandoned Property Advisors
Philadelphia, PA, United States
Details
Experience:
2020 : Present
Abandoned Property Advisors, LLC.
Information Security Analyst
Keane Unclaimed Property is the number one unclaimed property recovery and reporting firm in the country.
Kept Keane breach-free in 2018.
Researched and suggested updates to Keane's information security endpoint agents and managed service providers.
Interfaced weekly with MSPs and coordinated efforts with internal and external teams to remediate detected vulnerabilities.
Performed internal network scans and threat assessments, updating and maintaining an active risk register.
Monitored official channel vulnerability reports, and tweets, podcasts, and social media for up-to-the-minute updates on known exploits and vulnerabilities pertinent to Keane's operational environment, and regulatory changes which may effect Keane's business procedures to ensure consistent ongoing statutory compliance.
Ensured Keane's workforce was up-to-date and well prepared to spot and report the small handful of phishing attempts that were able to evade Keane's spam/malware filtering messaging gateway.
Planned and executed Keane's employee phishing training campaign leveraging KnowBe4's extensive and comprehensive phishing training engine and educational tools/videos.
Managed and coordinated Keane's SSAE 18 / SOC 1 Type ii and ISO 27001 audit efforts, gathering and assessing evidence in advance of the auditing firms' on-site engagements, and liaised between auditors and departmental heads to gather additional evidence while auditors were on-site. Kept on top of firms' after-engagement evidence assessment, report-writing progress, and requests for additional clarifying follow-up evidence.
Coordinated internal audit efforts to generate accurate risk-assessments.
2018 : 2020
Keane Unclaimed Property
Information Security Analyst
Meditology Services LLC is the top-rated professional information security service company with an exclusive focus on healthcare IT risk and compliance consulting (*KLAS 2018). Meditology's reputation for client service excellence is based on quality combined with professionalism, approach, and innovative solutions.
Performed various security related assessments such as HIPAA, HITRUST and SOC 2 Type II for covered healthcare organizations.
Generated Risk Registers and Reports including executive summary sections to communicate security metrics to upper management.
Performed on-site client interviews and facility security walkthroughs at hospitals and other covered organizations to identify both logical and physical security weaknesses and potential HIPAA compliance violations.
Conducted client-facing risk assessment progress update meetings.
Identified clients’ exposure to internal external vulnerabilities by performing penetration testing using the Nessus vulnerability scanner.
Created penetration test risk reports, including identification and redaction of sensitive PHI from screenshots gathered during internal and external client hacking engagements.
Developed client information security and privacy policies and procedures.
Spearheaded advanced research efforts assessing security issues around active implantable medical devices to shape Meditiolgy’s Medical Device Security & Strategy service line.
Edited episodes of Meditology’s CyberPHIx podcast featuring healthcare information security industry leaders.
2018 : 2018
Meditology Services, LLC
Healthcare IT Risk Management Consultant [Intern]
LUMA is one of the top projection arts festivals in the world, and is upstate NY's biggest visual arts event, drawing over 50K attendees annually. I have been an integral member of this organization helping grow this annual event from its inception.
Managed art direction, liaisoned with animation teams, and graphic/motion design teams.
Served as the central point of contact for all technical and business issues and questions related to project activity under assigned projects.
Monitored monthly cost for assigned projects and ensured adherence to budget.
Established and monitored project schedules.
Analyzed business needs and prioritized resource allocation to ensure adherence to project timelines.
Functioned as the liaison between technical personnel and business partners.
Served as the central point of contact for technical and business issues related to project activity under assigned projects for technical staff and artistic teams.
Developed and maintained productive working relationships with management, external clients and team members.
2015 : 2018
LUMA Projection Arts Festival
Senior Project Manager
Curator and gallery director. I managed a team of volunteers and organized events with multiple organizations around the greater Binghamton area.
JungleScience was one of the premier art galleries operating in the Southern Tier.
2014 : 2017
JungleScience Art Laboratory and Gallery
Managing Director / Curator
Abandoned Property Advisors, LLC.
Information Security Analyst
Keane Unclaimed Property is the number one unclaimed property recovery and reporting firm in the country.
Kept Keane breach-free in 2018.
Researched and suggested updates to Keane's information security endpoint agents and managed service providers.
Interfaced weekly with MSPs and coordinated efforts with internal and external teams to remediate detected vulnerabilities.
Performed internal network scans and threat assessments, updating and maintaining an active risk register.
Monitored official channel vulnerability reports, and tweets, podcasts, and social media for up-to-the-minute updates on known exploits and vulnerabilities pertinent to Keane's operational environment, and regulatory changes which may effect Keane's business procedures to ensure consistent ongoing statutory compliance.
Ensured Keane's workforce was up-to-date and well prepared to spot and report the small handful of phishing attempts that were able to evade Keane's spam/malware filtering messaging gateway.
Planned and executed Keane's employee phishing training campaign leveraging KnowBe4's extensive and comprehensive phishing training engine and educational tools/videos.
Managed and coordinated Keane's SSAE 18 / SOC 1 Type ii and ISO 27001 audit efforts, gathering and assessing evidence in advance of the auditing firms' on-site engagements, and liaised between auditors and departmental heads to gather additional evidence while auditors were on-site. Kept on top of firms' after-engagement evidence assessment, report-writing progress, and requests for additional clarifying follow-up evidence.
Coordinated internal audit efforts to generate accurate risk-assessments.
2018 : 2020
Keane Unclaimed Property
Information Security Analyst
Meditology Services LLC is the top-rated professional information security service company with an exclusive focus on healthcare IT risk and compliance consulting (*KLAS 2018). Meditology's reputation for client service excellence is based on quality combined with professionalism, approach, and innovative solutions.
Performed various security related assessments such as HIPAA, HITRUST and SOC 2 Type II for covered healthcare organizations.
Generated Risk Registers and Reports including executive summary sections to communicate security metrics to upper management.
Performed on-site client interviews and facility security walkthroughs at hospitals and other covered organizations to identify both logical and physical security weaknesses and potential HIPAA compliance violations.
Conducted client-facing risk assessment progress update meetings.
Identified clients’ exposure to internal external vulnerabilities by performing penetration testing using the Nessus vulnerability scanner.
Created penetration test risk reports, including identification and redaction of sensitive PHI from screenshots gathered during internal and external client hacking engagements.
Developed client information security and privacy policies and procedures.
Spearheaded advanced research efforts assessing security issues around active implantable medical devices to shape Meditiolgy’s Medical Device Security & Strategy service line.
Edited episodes of Meditology’s CyberPHIx podcast featuring healthcare information security industry leaders.
2018 : 2018
Meditology Services, LLC
Healthcare IT Risk Management Consultant [Intern]
LUMA is one of the top projection arts festivals in the world, and is upstate NY's biggest visual arts event, drawing over 50K attendees annually. I have been an integral member of this organization helping grow this annual event from its inception.
Managed art direction, liaisoned with animation teams, and graphic/motion design teams.
Served as the central point of contact for all technical and business issues and questions related to project activity under assigned projects.
Monitored monthly cost for assigned projects and ensured adherence to budget.
Established and monitored project schedules.
Analyzed business needs and prioritized resource allocation to ensure adherence to project timelines.
Functioned as the liaison between technical personnel and business partners.
Served as the central point of contact for technical and business issues related to project activity under assigned projects for technical staff and artistic teams.
Developed and maintained productive working relationships with management, external clients and team members.
2015 : 2018
LUMA Projection Arts Festival
Senior Project Manager
Curator and gallery director. I managed a team of volunteers and organized events with multiple organizations around the greater Binghamton area.
JungleScience was one of the premier art galleries operating in the Southern Tier.
2014 : 2017
JungleScience Art Laboratory and Gallery
Managing Director / Curator
Company:
Abandoned Property Advisors, LLC.
About
Keeping your private information private and your business running smoothly.
Specialties include: Third Party Risk Management (TPRM) / Vendor Assessment, ISO Compliance, Audit Management and Oversight, Policy Writing, Governance, Employee Education, Incident Response, Anti-Phishing Campaigns, Security Architecture Deployment, MSSP Interface
I am an (ISC)2 member with a CC certification, and I’m currently studying for the CISSP certification.
Years of Client facing interactions have made forging trust based relationships second nature. I'm at my best leading mission critical teams when clients know that real security isn't just about check box compliance, often coming down to an understanding of safely keeping a business running smoothly while maintaining information confidentiality and keeping data available right when it's needed.
Active member of Philadelphia's ISACA chapter.
Profile Photo
