KEVIN R. THOMPSON
Atlanta,GA
Summary
SENIOR LEVEL INFORMATION PRIVACY & SECURITY / GOVERNANCE RISK & COMPLIANCE PROFESSIONAL An experienced, driven, and accomplished Information Security/Governance Risk and Compliance Professional and Leader, with a wealth of experience while working for leading, high-profile companies. Possesses strong healthcare privacy and compliance management expertise, has led many successful initiatives, and is proven in leading information security programs to their optimal potential.
Overview
19
19
years of professional experience
1
1
Certification
Work History
CISO Manager
Sunstone Secure | Virtual
04.2022 - Current
- Operate in a client-facing role in the development and implementation of AI-driven GRC platforms (e.g., JupiterOne and DRATA), driving integrations tasks, enhancing cyber asset visibility, streamlining evidence management for audits, enabling robust reporting capabilities, and facilitating automation processes
- Execute incident response and disaster recovery exercises, generating comprehensive after-action reports with detailed evidence exhibits, ensuring sufficient documentation for client audits
- Leverages compliance subject matter expertise (HIPAA, SOC, ISO, FEDRAMP) to develop and implement AI platforms, optimizing the effectiveness and efficiency of the organization's security program
- Conducts policy and procedure rewrites for clients, ensuring compliance with regulatory requirements and industry best practices.
GRC / HITRUST Manager
Cognizant
02.2021 - 04.2022
- Successfully led the Cognizant HITRUST Validated assessment project, overseeing the evidence management tasks from initiation to completion, ensuring compliance with HITRUST requirements and achieving validation
- Coordinated and ensured timely delivery of all projects/deliverables, ensuring adherence to scope and project deadlines
- Managed project documentation, including project plans, stakeholder communication, and stakeholder management, ensuring effective coordination and communication throughout the project lifecycle
- Utilized internal project tracking tools, including SharePoint, Excel, and other HITRUST evidence tracking spreadsheets, to monitor and manage project progress.
HITRUST Assessor/Advisor
Drummond Group
10.2020 - 04.2021
Healthcare Compliance Program Director
InComm
08.2014 - 05.2020
- Provided oversight for the establishment and maintenance of regulatory compliance practices, encompassing policy enforcement, program planning, and ensuring adherence to HIPAA and other regulatory requirements across all departments and business units
- Oversaw the implementation of the GRC oversight program for Corporate Security, ensuring the establishment of operational controls, procedures, and necessary resources to effectively manage risk across enterprise assets, including on-premises assets, COLO (Data Centers), and third-party/vendor management, promoting solid risk management practices and safeguarding organizational assets
- Developed and delivered compelling business cases for new compliance initiatives, including HITRUST certification, 508/ADA Compliance, and implementation of cross-functional audit platforms, resulting in the identification of new business development opportunities and significantly strengthening audit readiness capabilities
- Spearheaded and managed compliance project to achieve HITRUST Certification, solid client confidence, mitigating organizational risk, and generating new business opportunities
- Collaborated with legal counsel to ensure compliance with healthcare and privacy requirements, interpreting contractual language and aligning with documentation (BAA, RFP, MSA) for new and existing healthcare clients.
Business Analyst
3M Healthcare Information Systems
02.2014 - 08.2014
- Conducted stakeholder interviews to assess the implementation of security controls, ensuring client satisfaction and alignment with compliance requirements
- Performed meticulous data mapping of ICD-9/ICD-10 codes for claims data, ensuring precise interpretation and seamless integration into the relevant systems, optimizing claims processing efficiency and facilitating analysis for decision support.
Lead Sr. Business Analyst / Project Manager
Verizon Enterprise Healthcare Solutions
08.2012 - 01.2014
- Managed end-to-end maintenance of Business Requirements Documents (BRD) and Functional Requirements Documents (FRD) for healthcare and Medicaid/Medicare security information and privacy event monitoring systems, ensuring up-to-date documentation for effective system governance
- Led requirements gathering and documentation efforts for the Verizon Fraud Management implementation project, working closely with cross-functional teams to identify system modifications, developed interface control documents, and provided comprehensive training to end users, resulting in a seamless adoption of the updated Medicare/Medicaid fraud management system
- Conducted comprehensive HL7 GAP Analysis to assess data integrity, ensuring adherence to HL7 standards and validated the readiness of documentation for code integration
- Cataloged data elements within Verizon Fraud Management's cross-platform custom case management system, enabling efficient data retrieval and analysis for fraud detection and mitigation purposes.
Implementation Business Analyst
NCR
12.2009 - 07.2012
Public Health Project/Systems Manager
Fulton County Health & Wellness
11.2006 - 12.2009
Electronic Medical Records (EMR) Implementation Coordinator
Unisys Corp
03.2004 - 11.2006
Education
Bachelor of Science - Operations/Technology Management
DeVry University
GA Certified HIPAA Security Professional Accelerated (CHSPA) Certified HITRUST CSF Practitioner (CCSFP) - undefined
Skills
- Collaborate Cross-Functionally
- Coaching and Mentoring
- Procedural Streamlining
- Configuration and Management
- Managing Employee Relations
- Scheduling and Coordinating
- Team Leadership
- Employee Training
- Customer Relationship Management
- Business Analysis
- Business Planning
Certification
Information Security HIPAA Compliance HIRUST FEDRAMP ADA Compliance SOC Compliance
Compliance Audits/Assessments Requirements Documentation Policy & Procedure Management
Project Management Business Analyst Risk Management
Affiliations
The United States Naval Reserve | Healthcare Information & Management Systems Society (HIMSS) Member | Georgia Basketball Officials Association
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Quote
The first one gets the oyster, the second gets the shell
Andrew Carnegie
Timeline
CISO Manager
Sunstone Secure | Virtual
04.2022 - Current
GRC / HITRUST Manager
Cognizant
02.2021 - 04.2022
HITRUST Assessor/Advisor
Drummond Group
10.2020 - 04.2021
Healthcare Compliance Program Director
InComm
08.2014 - 05.2020
Business Analyst
3M Healthcare Information Systems
02.2014 - 08.2014
Lead Sr. Business Analyst / Project Manager
Verizon Enterprise Healthcare Solutions
08.2012 - 01.2014
Implementation Business Analyst
NCR
12.2009 - 07.2012
Public Health Project/Systems Manager
Fulton County Health & Wellness
11.2006 - 12.2009
Electronic Medical Records (EMR) Implementation Coordinator
Unisys Corp
03.2004 - 11.2006
Bachelor of Science - Operations/Technology Management
DeVry University
GA Certified HIPAA Security Professional Accelerated (CHSPA) Certified HITRUST CSF Practitioner (CCSFP) - undefined
Similar Profiles
NancyAnne SmithNancyAnne Smith
Chief Operating Officer at Sunstone WayChief Operating Officer at Sunstone Way
Sushant Sushant null
Cashier at Sunstone Liquor storeCashier at Sunstone Liquor store
Natalie OakleyNatalie Oakley
Certified Licensed Massage Therapist at SunStone Spa At Agua CalienteCertified Licensed Massage Therapist at SunStone Spa At Agua Caliente
Monet SaundersMonet Saunders
District Manager of Inside Sales at Republic National Distributing CompanyDistrict Manager of Inside Sales at Republic National Distributing Company
Samantha BostonSamantha Boston
Agricultural Commodity Consultant at Self Employed WebAgricultural Commodity Consultant at Self Employed Web