Chris is an Associate Director in the Atlanta Information Technology Effectiveness and Controls practice who graduated from the University of Georgia with a bachelor’s degree in Management Information Systems and an associate’s degree in Art History in December 2005. Since his employment with Protiviti he has been a valuable team member in projects ranging from IT Governance, Risk, and Compliance Assessments primarily focusing on IT Security Projects, IT Regulatory Audits, and Data Analysis projects. He has 12+ years of consulting experience and maintains top ranking certifications in security and audit.
- Performed numerous IT Cybersecurity & Risk Assessments at organizations within various industries (Healthcare, Financial Services, Manufacturing, Communications, etc.) to specifically identify key risks and areas of opportunity and improvement leveraging frameworks such as the NIST Cybersecurity Framework (CSF), HIPAA Security & Breach Notification, NIST 800-52, ISO 27001/2, etc. Managed teams of consultant and management to perform interviews, review documentation, and perform specific testing efforts in order to fully evaluate the operating effectiveness of the IT Departments in their mission to serve the needs of the Business and successfully complying with regulatory requirements.
- Performed numerous HIPAA Security Rule Risk Assessments on various clients (covered entities and business associates alike) in order to document and test technical and administrative controls for safeguarding sensitive information. Deep experience in performing both Gap Assessments (benchmarking companies against HIPAA Security Rule standards) and executing Risk Analysis projects by inventorying key client assets and mapping them to vulnerabilities, threats, and safeguards. Additionally, performed assessment for major healthcare providers and systems related to the security of their medical devices. Assessed current state medical device security compliance with HIPAA Security standards, FDA guidance, and other benchmarks and industry best practices.
- Performed extensive work related to IT Audits of varying natures within a wide range of client industries (Financial Services, Healthcare, Insurance, Manufacturing, Airlines, Software Development, Higher Education, Real Estate, Retail, etc.) including, but not limited to, policy and procedures, application audits, database / data warehouse audits, privileged / user access, business continuity and disaster recovery, cloud computing, data privacy, and Sarbanes-Oxley. Deep experience in all phases of IT Audit execution and supervision.
- Performed Enterprise-Wide Information Security Risk Assessments specifically focusing on data privacy and IT asset / mobile device vulnerabilities. Experience in utilizing Data Loss Prevention (DLP) tools such as Websense to capture and analyze incidents related to sensitive and/or private data transmission.
Areas of Expertise
- Information Security, Governance and Compliance
- IT Risk Assessment
- Healthcare / HIPAA Compliance
- Payment Card Industry
- SAP Security & Compliance
- Financial Services
- Healthcare and Life Sciences
- Software Development
- BBA Management Information Systems, University of Georgia, ‘05
- Associates Degree in Art History, University of Georgia, ‘05
Professional Memberships & Certifications
- CISSP – Certified Information Systems Security Professional
- GIAC GSEC – Security Essentials
- QSA – PCI DSS Assessor
- CISA – Certified Info. Sys. Auditor
- ISACA Member – Information Systems Audit Control Association
- ISSA Member – Information Systems Security Association