Provided guidance and oversight to GHC business units to ensure compliance with legal and regulatory requirements that included HIPAA, CMS, MAR and PCI-DSS.
- Worked with team to create vulnerability and risk assessment tools and procedures.
- Collaborated with multiple teams in IT and GHC business to step through business process and data flows to analyze security requirements.
- Conducted security reviews of Information Systems including Delivery, Health Plan, and Administrative systems and medical devices.
- Assessed the effectiveness of physical and environmental controls surrounding information processing facilities.
- Partnered with various GHC business departments to identify security risks and provided mitigation recommendations to minimize the threats.
- Managed and facilitated many security projects promoting ongoing security controls. Examples include: PACS & iSite, PACS CR, Lawson, Cobas Lab Instruments, and McKesson Horizon products.
- Performed information security incident investigations. Investigations included data gathering by running reports, checking system records, coordination with IT, Finance, Privacy and Legal, seizing PCs to preserve evidence, participation with NERD - Network Emergency Response and Defense team, and documenting the incident outcome.
- Provided corrective action/remediation recommendations to address sanctions related to security incidents or breaches.
- Worked through multiple technical problems alone and with teams including vendors, IT staff and business staff.
- Documented and managed security exceptions approved within the Information Security department.
- Assisted in the assessment, identification, and reporting on the effectiveness of existing security controls managed within ISD in order to recommend security safeguards needed for the infrastructure.
- Using LEAN methodology and common sense, created new processes to streamline and standardize work flow resulting in quicker turnaround time for assessments.
- Created LEAN Daily Management System and Visual System Board for the work group. Maintained tools to facilitate the ease of use of the Visual System Board.
Group Health Cooperative (GHC) Seattle, WA 1995 - 2011