Jones Mene

• Implemented and managed network security measures, including firewalls, intrusion detection/prevention systems, and VPN
• Conducted regular vulnerability assessments and penetration testing to identify weaknesses
• Developed and updated security policies, procedures, and standards
• Provided security awareness training to employees
• Collaborated with third-party payment card industry (PCI) compliance partners.
• Worked with other teams to enforce security of applications and systems.
• Conducted security audits to identify vulnerabilities.
• Assisted in development and implementation of disaster recovery and business continuity plans
• Monitored security events and alerts using SIEM tools, investigating and responding to potential security incidents
• Participated in incident response activities, working closely with IT teams to minimize impact and prevent future occurrences.
• Performed risk analyses to identify appropriate security countermeasures.

Conducting risk assessments and analyzing potential threats to organization

• Developing and implementing GRC frameworks and strategies
• Monitoring regulatory changes and ensuring compliance with relevant laws and regulations
• Assessing and documenting internal controls and making recommendations for improvement
• Conducting audits and evaluations of processes, policies, and procedures
• Identifying gaps in risk management and compliance and proposing remediation plans
• Collaborating with cross-functional teams to develop and enforce GRC policies
• Analyzing data and generating reports on risk, compliance, and control performance
• Assisting in development and delivery of GRC training programs
• Staying informed about industry trends and best practices in GRC
• Establishing internal control mechanisms to safeguard assets and prevent fraud.
• Identified and resolved problems through root cause analysis and research.
• Queried databases for information needed for report processing.

• Conduct thorough vendor risk assessments to identify potential vulnerabilities, threats, and impacts on patient safety and privacy
• Ensure compliance with regulatory requirements, such as HIPAA and HITECH Act
• Evaluate security controls and safeguards implemented by vendors to protect sensitive healthcare data, including PHI
• Assess vendor's ability to meet industry-specific security standards, such as HITRUST, CSF
• Collaborate with internal stakeholders, such as IT, business, compliance, and legal teams, to align vendor risk management with healthcare regulations and standards
• Monitor and track performance of vendors against established security and compliance metrics, including incident response capabilities and breach notification procedures.
• Reviewed contracts and agreements to identify potential risks and ideal mitigation strategies.
• Established strategy for operations reporting and analytics, identifying key needs for deliverables.