Chip is a Managing Director in Protiviti’s Technology Consulting practice focusing on Data Security & Privacy. He presently leads Protiviti’s Data Security practice and focuses on Payment Card Industry and Healthcare Information Security as well as supporting clients via the broad spectrum of Protiviti cybersecurity offerings. Chip has worked specifically with complex organizations managing security compliance requirements in cloud-based environments including Amazon Web Services, Microsoft Azure, and Google Cloud Platform. For nearly 15 years, Chip has executed a variety of consulting engagements for clients across multiple industries with a focus on enabling IT organizations through effective strategy and strong security.
- Security & Privacy – Lead multiple network and application security assessments; lead engagements focused on assisting clients identify sensitive data and the business, contractual/regulatory, and customer requirements for securing this data; led teams that take data security requirements and develop solutions and strategies to achieve organizational goals via implementation of improved network and application architecture, security tools, and enhanced business processes.
- PCI Solutions – Provided a full range of PCI consulting services including assessments of PCI Compliance readiness prior to ROC and gap analysis; development of remediation roadmaps and strategies focused on effective compliance while minimizing scope and overall cost; execution of PCI compliance activities for merchants and service providers. Responsibilities included executing overall project management activities; identifying risks and controls for critical information technology processes; reviewing process-level documentation; and providing assistance with gap analysis, testing, and remediation efforts.
- Healthcare Information Security & Audit – Assessed HITRUST Common Security Framework readiness of a state’s largest healthcare provider organization over two year period; leading assessment of over 1000 applications aligned with HIPAA risk analysis requirements; multiple reviews associated with HIPAA Security Rule compliance and implementation of controls across a variety of industries; assist orgs with incident response for potential breach notification; provided HITRUST CSF Certification services to multiple organizations including a global managed hosting technology provider, biomedical technology company, payer organizations, and global business services organization; provided oversight and project execution for healthcare provider IT internal audit function for 10+ years.
- IT Strategy & Project Management- Provided project risk management oversight for $150 million EMR implementation; assisted $500 million retail organization with development of multi-year IT strategy emphasizing portfolio consolidation and IT organizational alignment with business strategy; assisted $6 billion manufacturing organization in architecture and business strategy behind global WAN optimization.
- Business Continuity Management - Assisted organizations (Fortune 500 and non-profit) in performing business impact analyses related to the loss of their IT systems; interviewed business representatives, IT professionals, and executives to determine required recovery time and point objectives; analyzed and evaluated potential recovery strategies including costs.
Areas of Expertise
- IT Consulting
- Security and Privacy
- IT Internal Audit
- Energy & Utilities
- Consumer Products & Services
- High Tech & Electronic
- Financial Services
- BS – Management Information Systems, Miami University
- BS – Management & Organizations, Miami University
Professional Memberships and Certifications
- Payment Card Industry Qualified Security Assessor (PCI QSA)
- Certified Information Systems Auditor (CISA)
- Certified Common Security Framework Practitioner (CCSFP)