Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Timeline
Healthcare Certifications
References Available Upon Request
Generic

Latrice Ochieng

Summary

Accomplished Cybersecurity & Compliance Leader with over 20 years of combined experience in healthcare governance and cybersecurity operations. Former Director of Medical Staff Services & Compliance (15+ years), where I ensured HIPAA, CMS, and Joint Commission readiness, managed compliance of physicians and allied staff, and led citywide governance meetings across multiple hospitals. Transitioned into cybersecurity as a Compliance/GRC Analyst, applying expertise in NIST RMF, ISO 27001, FedRAMP, HIPAA, PCI DSS, and SOX to strengthen organizational risk posture. Recently served as a Senior SOC Analyst / Incident Response Lead, specializing in SIEM, SOAR, EDR, IR, and threat hunting across enterprise and cloud environments (AWS, Azure, GCP). Recognized for reducing MTTD/MTTR, mentoring analysts, leading Purple Team engagements, and delivering executive-level risk reporting that bridges compliance governance with hands-on cyber defense.

Overview

23
23
years of professional experience
1
1
Certification

Work History

Senior SOC Analyst | CS Incident Response Analyst

KSE Consulting Group, LLC
05.2020 - 08.2025
  • Led end-to-end incident response investigations, including malware reverse engineering, phishing analysis, insider threat detection, and cloud security incidents across AWS, Azure, and hybrid environments.
  • Conducted proactive threat hunting using MITRE ATT&CK methodology, uncovering previously undetected lateral movement and privilege escalation attempts.
  • Performed in-depth network and host-based forensic investigations, including packet capture analysis (Wireshark), log correlation, and memory analysis to confirm scope and root cause of advanced attacks.
  • Acted as SOC escalation point and incident commander, coordinating containment, eradication, and recovery activities with IT, Cloud, and Risk teams to minimize business impact.
  • Developed and tuned SIEM detection rules (Splunk, Elastic, QRadar, Sentinel), fine-tuned correlation logic, and integrated SOAR workflows to automate repetitive IR tasks—reducing MTTD and MTTR by 30%.
  • Partnered with Red and Purple Teams to validate detection coverage, close gaps in visibility, and enhance SOC threat modeling.
  • Authored and maintained SOPs and IR playbooks aligned to NIST, MITRE ATT&CK, and CIS standards, strengthening SOC maturity.
  • Mentored and trained Tier 1 and Tier 2 analysts, building a culture of continuous learning and upskilling in malware analysis, log triage, and threat intelligence usage.
  • Delivered executive-level reports and threat briefings to senior leadership, translating technical data into clear risk narratives and measurable business impact.

Cybersecurity Compliance / GRC Analyst

Texas Scottish Rite Pediatric Sports Medicine Center
01.2018 - 04.2020
  • Applied healthcare regulatory knowledge (HIPAA, CMS, Joint Commission) to cybersecurity frameworks including NIST RMF, NIST 800-53, ISO 27001, FedRAMP, PCI DSS, and SOX, ensuring alignment of healthcare operations with security standards.
  • Conducted compliance gap analyses, risk assessments, and internal control audits, identifying vulnerabilities and producing remediation plans.
  • Partnered with IT Security and SOC teams to map compliance requirements to technical controls such as access management, encryption, logging, and incident response readiness.
  • Developed and maintained cybersecurity policies, procedures, and training programs, bridging healthcare compliance with IT security best practices.
  • Prepared bodies of evidence (BoE), audit documentation, and risk acceptance packages in support of Assessment & Authorization (A&A) and audit readiness.
  • Performed vendor and third-party risk assessments, ensuring external partners handling PHI complied with cybersecurity standards.
  • Delivered cyber risk dashboards and compliance reports to executive leadership, improving visibility and risk-informed decision-making.
  • Supported security operations by assisting with SIEM log reviews, participating in incident response tabletop exercises, and drafting IR playbooks, expanding technical exposure to SOC workflows.

Director of Medical Staff Services & Compliance

Texas Scottish Rite Hospital For Children
06.2002 - 12.2017
  • Directed enterprise-wide compliance programs, ensuring adherence to HIPAA, Joint Commission, CMS, and state regulatory standards, establishing a governance model that reduced audit findings year-over-year.
  • Managed compliance of medical staff, allied health professionals, and affiliated physicians, ensuring credentialing, privileges, and hospital policies were consistently enforced across multiple facilities.
  • Facilitated citywide medical staff meetings across multiple hospitals within the health system, aligning compliance practices, credentialing requirements, and governance initiatives. Served as a strategic liaison between medical staff leadership, hospital executives, and compliance boards.
  • Conducted internal audits, risk assessments, and root cause analyses to identify control gaps, implement corrective action plans, and strengthen compliance posture.
  • Oversaw policy development, implementation, and enforcement, ensuring operational practices met legal, ethical, and regulatory frameworks.
  • Collaborated with IT, Risk, and Legal to safeguard Protected Health Information (PHI) and maintain compliance with data privacy and security laws.
  • Chaired governance committees and provided compliance and risk reporting to executive leadership and the Board of Directors.
  • Maintained audit readiness for regulatory inspections, successfully guiding the organization through multiple Joint Commission and CMS audits with zero critical findings.
  • Designed and implemented compliance monitoring and corrective action systems, streamlining reporting and oversight across the enterprise.
  • Led compliance training and awareness programs for staff, physicians, and administrators, promoting a culture of accountability and continuous improvement.
  • Led strategic initiatives to enhance patient care pathways and operational efficiency across departments.
  • Collaborated with multidisciplinary teams to drive program development aligned with institutional goals and community needs.

Education

Bachelor of Arts - Business Administration And Management

University of Oklahoma
Norman, OK
05-1996

Skills

Cybersecurity Operations

  • Incident Response (IR) Lifecycle Threat Hunting Malware Analysis Forensics (Network, Host, Memory) Intrusion Detection MITRE ATT&CK

Compliance, Governance & Risk (GRC)

  • HIPAA CMS Joint Commission NIST RMF / NIST 800-53 / 800-30 / 800-37 / 800-39 FedRAMP ISO 27001 PCI DSS SOX Risk Assessments A&A / BoE Documentation Vendor Risk Management

Cloud, Tools & Leadership

  • Cloud: AWS, Azure, GCP SIEM: Splunk, Microsoft Sentinel, QRadar, Elastic EDR: CrowdStrike, SentinelOne, Microsoft Defender SOAR: Cortex XSOAR, Splunk SOAR, Logic Apps Nessus, Rapid7, Wizio, Burp Suite, Nmap, Kali Wireshark, Zeek Scripting: KQL, Python, PowerShell, Bash Incident Commander Playbooks Team Mentorship

Accomplishments

  • Directed multi-hospital compliance programs ensuring HIPAA, CMS, and Joint Commission readiness with zero critical audit findings.
  • Applied healthcare compliance expertise to NIST RMF, FedRAMP, CMMC, FIPS, ISO 27001, PCI DSS, and SOX to strengthen organizational risk posture.
  • Served as incident commander and escalation lead for high-severity incidents, reducing MTTD/MTTR by 30% through improved detections and automated workflows.
  • Led threat hunting, forensic investigations, and malware analysis across enterprise and cloud (AWS, Azure, GCP) environments.
  • Designed and optimized SIEM detections, IR playbooks, and SOAR automation to increase SOC efficiency and detection fidelity.
  • Delivered executive-level risk reporting and briefings that translated technical findings into business and compliance impact.

Certification

  • CISA
  • CISSP
  • ComTIA Security+
  • CISM
  • CEH

Timeline

Senior SOC Analyst | CS Incident Response Analyst

KSE Consulting Group, LLC
05.2020 - 08.2025

Cybersecurity Compliance / GRC Analyst

Texas Scottish Rite Pediatric Sports Medicine Center
01.2018 - 04.2020

Director of Medical Staff Services & Compliance

Texas Scottish Rite Hospital For Children
06.2002 - 12.2017

Bachelor of Arts - Business Administration And Management

University of Oklahoma

Healthcare Certifications

  • CHC
  • CPMSM
  • CPCS

References Available Upon Request

.

Similar Profiles

  • James Kennedy

    James KennedyJames Kennedy

    Information Technology Specialist at KSE ConsultingInformation Technology Specialist at KSE Consulting

  • KRISTINA SALCIDO

    KRISTINA SALCIDOKRISTINA SALCIDO

    Digital Account Manager at KSE - Outdoor Sportsman GroupDigital Account Manager at KSE - Outdoor Sportsman Group

  • DARLA BAKER

    DARLA BAKERDARLA BAKER

    Revenue Cycle Specialist - Cash Poster at MEDICAL CONSULTING GROUP, LLCRevenue Cycle Specialist - Cash Poster at MEDICAL CONSULTING GROUP, LLC

  • Profile Photo

    null null

    SOC Security Analyst / Incident Response SOC Analyst at Saic (Science Applications Int.)SOC Security Analyst / Incident Response SOC Analyst at Saic (Science Applications Int.)

  • Profile Photo

    null null

    SOC Security Analyst / Incident Response SOC Analyst at Saic (Science Applications Int.)SOC Security Analyst / Incident Response SOC Analyst at Saic (Science Applications Int.)

CREATE PROFILE
Latrice Ochieng