Roger Russell

Senior Director Information Security and CISO

Plano, TX, United States

Details

Experience: Brought in to build and mature the Information Security Program for Paragon Healthcare. Built new security policies and procedures based on NIST and aligned with HITRUST controls. Created multiyear staffing and budget planning. Deployed monthly Security Awareness Program and weekly phishing tests. Building out new Risk Management, and Vendor Management Programs to mature the security program using GRC tools. Updating Incident Response Plan and playbooks. Built out SOC2 controls and working toward SOC2 Type II audit in 2022. Brought IBM QRADAR SIEM into the organization to build out security foundations. Brought in Rapid7 for Vulnerability Management program.

2021 : Present

Paragon Healthcare, Inc.

Senior Director Information Security and Chief Information Security Officer

Created and managed the information security budget with a three-year security road map that included staffing, security infrastructure, compliance programs. Hired and trained security professionals on new technologies.

Built out the Security Operations Center (SOC) for managing and monitoring security events for the organization.

Chairman of the Information Security Steering Committee, directing the security program and provide updates to the Executive Leadership Team.

Rebuilt the security infrastructure including Qualys for Vulnerability Management, IBM QRADAR as a new enterprise SIEM solution, RSA User Access Governance for Identity / Access Management, Cisco Umbrella for enhanced content filtering, advanced malware protection and secure DNS. Installed and configured Milestone video management (security cameras and video management servers), Symantec DLP including CASB for Office 365. Added automated tools for firewall and switch configuration compliance reviews. Deployed cloud compliance tools for Discovery’s AWS hosted solutions for Security, Cost Optimization, Performance, and Operational excellence.

2018 : 2021

Discovery Health Partners

Senior Director Information Security - Head of Information Security

Worked on updating the ISO 27001 : 2013 program and build out a new SOC2 governance program. Enhanced the security infrastructure for Apervita. Brought in new Vulnerability Management solution (Qualys) for AWS EC2 instances and laptops. Performed ROI to replace managed SIEM with AWS solution.

Responded to client security assessments and client presentations.

Lead the Information Security Committee with the Executive Leadership Team (ELT).

2017 : 2018

Apervita, Inc.

Information Security Officer - Head of Information Security

Leading the information security program for Zelis Healthcare and Zelis Payments.

Updating the Information Security Program to ISO 27001 : 2013 standards to meet and exceed our customer’s expectations. Upgrading security and infrastructure architecture with industry leading technology from Cisco, IBM, RSA, and Qualys.

Enhancing the SOC 2 audit program for the enterprise to meet Trust Services Principle (TSP) controls for security, availability, privacy, confidentiality, and processing integrity.

2016 : 2017

Zelis Healthcare

Information Security Officer - Head of Information Security

Assisted with the oversight and management of the overall information security program with the VP of Information Security. Defining strategy and programs for exceeding the base requirements for clients and contractual compliance. Developed, implemented and managing organization’s policies, procedures and guidelines related to information security and technology. Identified client needs in the areas of information security, data privacy, and technology infrastructure and championing the initiation and delivery of appropriate solutions products and services to meet client requirements. ‬‬‬‬‬‬‬‬‬‬‬‬‬

Managed a mixed team of employee and contractors for both information security and client infrastructure operations.

Participated in the VoIP project as the local SME for implementation in the Chicago office. Managed the data migration for an end of life collaboration tool (eRoom) to a cloud-based solution (Huddle) for customers and an internal solution (SharePoint) while maintaining the content metadata. ‬‬

2015 : 2016

Leo Burnett

Director Information Security and Infrastructure Solutions

Company: Paragon Healthcare, Inc.

About

Over two decades of hands on information security and information technology experience in healthcare, banking, advertising, and consulting services.

Experience includes: Enterprise Security, Security Engineering, Vulnerability Management, Security KPI's, Compliance, Risk Management. Reglatory, compliance, and audit frameworks such as HIPAA / HITRUST / NIST / ISO / SOX / SOC2 . In addition to information security, I have over 20 years of Information Technology experience including datacenter management, email, active directory, networking, encryption, VPN, telecommunications, firewalls, WAF's, intrusion detection/prevention, operations, change management, database, disaster recovery, business continuity.

Prior to joining Paragon Healthcare, I held the following positions

Senior Director of Information Security for Discovery Health Partners

Information Security Officer and HIPAA Security Officer at Apervita

Information Security Officer and HIPAA Security Officer at Zelis Healthcare

Director of Information Security and Infrastructure at Leo Burnett

Director of Information Security and HIPAA Security Officer at bswift

Director of Information Security and HIPAA Security Officer at Viant

Security Consultant with Plante Moran

Global Security Manager at Covansys.

Holding a BA degree in Art from Northern Illinois University, and the CISSP, CISA, AWS CCP, CCNP, CCDA, MCSE, MCSD, MCDBA, and MCT certifications.