Chris is a Director in the Technology Consulting Security & Privacy practice who graduated from the University of Georgia with a bachelor’s degree in Management Information Systems and an associate’s degree in Art History in December 2005. Since his employment with Protiviti he has been a valuable team member in projects ranging from Information Security Strategy, Risk Assessments, IT Regulatory Audits, and Medical Device Assessments and program developments. He has 14+ years of consulting experience and maintains top ranking certifications in security and audit.
Performed IT Cybersecurity & Risk Assessments at organizations within various industries (Healthcare, Financial Services, Manufacturing, Communications, etc.) to specifically identify key risks and areas of opportunity and improvement leveraging frameworks such as the NIST Cybersecurity Framework (CSF), HIPAA Security & Breach Notification, NIST 800-53, ISO 27001/2, etc. Managed teams of consultants and managers to perform interviews, review documentation, and perform specific testing efforts in order to fully evaluate the operating effectiveness of the IT Departments in their mission to serve the needs of the Business and successfully complying with regulatory requirements.
Designed client-specific work programs and led teams of consultants through executing numerous medical device security risk assessments for both healthcare providers and medical device manufacturers. In the provider space we mainly focused on the medical device lifecycle, including but not limited to 1.) planning & requirements, 2.) contracting, 3.) implementation, 4.) maintenance, and 5.) decommissioning. At manufacturers we targeted technical reviews to ensure product security and safety including, but not limited to, secure code analysis, vulnerability scanning, and penetration testing. Helped both types of organizations design and implement remediation roadmaps to focus on building governance committees and enhancing processes and capabilities related to medical device security and maturity.
Performed numerous HIPAA Security Rule Risk Assessments on various clients (covered entities and business associates alike) in order to document and test technical and administrative controls for safeguarding sensitive information. Deep experience in performing both Gap Assessments (benchmarking companies against HIPAA Security Rule standards) and executing Risk Analysis projects by inventorying key client assets and mapping them to vulnerabilities, threats, and safeguards. Additionally, performed assessment for major healthcare providers and systems related to the security of their medical devices. Assessed current state medical device security compliance with HIPAA Security standards, FDA guidance, and other benchmarks and industry best practices.
Medical Device Security (Healthcare Providers & Device Manufacturers)
Information Security, Governance and Compliance
IT Risk Assessment
Healthcare / HIPAA Compliance
Payment Card Industry
SAP Security & Compliance
Healthcare and Life Sciences
CISSP – Certified Information Systems Security Professional
GIAC GSEC – Security Essentials
QSA – PCI DSS Assessor
CISA – Certified Info. Sys. Auditor
Active Members of ISACA & ISSA