Summary
Overview
Work History
Education
Skills
Websites
Certification
Industryexperience
Timeline
Generic
Mamta Midha

Mamta Midha

Leawood,KS

Summary

Results-driven security compliance GRC leader with with over 20 years of diverse information security background. Deep and wide-ranging expertise in developing and implementing strategies for regulatory frameworks HITRUST ,ISO 27001/ ISO 27002 , PCI DSS ,HIPAA, NIST and HITRUST to name a few. Demonstrated expertise in developing new business proposals by identifying gaps in current security program, areas of improvement, and future technology needs. Collaborated closely with clients to understand their business requirements and effectively address their needs. Developed strong relationships with key stakeholders at the C-suite and middle management levels. Acted as a practice leader by fostering people development through motivation, diverse perspectives utilization, coaching team members, and encouraging innovation.

Results-driven with deep expertise in OCI & AWS as a baseline infrastructure for business entities providing application service offerings across multiple industries.

Overview

26
26
years of professional experience
1
1
Certification

Work History

Lead Analyst Governance, Risk & Compliance

Oracle Health
04.2020 - Current
  • Leading HITRUST assessment & certification efforts for contractual scope with key responsibilities managing core HITRUST team.
  • Extensive working on Archer environment for Audit repositories & engagement end to end process workflow
  • Additionally leading an effort on streamline security and compliance processes by adopting a set of unified common controls, rationalizing existing frameworks, and establishing a consolidated audit and compliance framework, thereby improving efficiency, reducing risk, and enhancing overall security with inclusion of 20+ authoritative sources
  • Critical success factors include Consolidated Control Framework and Compliance Monitoring, Effective Cybersecurity Measures and Incident Response and Comprehensive Audit Preparation and Participation
  • Lead & manage Oracle Health Common Controls Framework from scoping to deployment to runbook for maintenance.

Senior Manager – Technology Cyber Risk, Security & Governance

Techdemocracy LLC
12.2018 - 03.2021
  • Leading & managing effort for HITRUST certification for one of the electronic medical record solutions
  • Key responsibilities include: Monitor security landscape by identifying security gaps, recommending mitigations, and evaluating mitigation strategies based on current security threats and technologies
  • Migration of current on-prem solution to AWS environment to be duly compliant with HITRUST as per contractual commitments Extensive experience and understanding on how compliance fits into more modern AWS landscape
  • Determine security requirements by evaluating business strategies and requirements, researching information security standards, and applying applicable data protection regulations
  • Support and execute the HIPAA, PCI, NIST, HITRUST and Department of Defense compliance and processes within a Governance, Risk and Compliance (GRC) Management System
  • Monitor compliance with and develop or maintain security policies to ensure compliance with all applicable regulatory statutes, industry best practices and corporate business strategies

IT GRC Professional

Global Payments
04.2018 - 10.2018
  • Work with Global Payments stakeholders to identify PCI DSS controls that should be implemented based on the technology and selected cloud services (e.g., PaaS, IaaS, or SaaS)
  • This includes gathering information about the in-scope application(s) or technology operating in the cloud provider's environment
  • Leverage existing test plan documentation to assist with formally defining the artifacts each control owner must provide to the Compliance team throughout the fiscal year which includes efforts to ensure business as usual (BAU) practices are resulting in ongoing PCI DSS compliance, as well as specific artifacts required to substantiate PCI DSS compliance during the annual recertification process executed by an external PCI Qualified Security Assessor (QSA)
  • Collection & Analysis of compliance artifacts to ensure applicable development of metrics and status dashboard for executive management
  • Participation in security projects and program development
  • Paid attention to detail while completing assignments.
  • Excellent communication skills, both verbal and written.

Lead- Managed Security Services- Email Security & Enterprise Mobility

Computer Sciences Corporation (DXC Technology)
06.2004 - 09.2018
  • Worked on presales solutions development for email security & mobile security practice
  • Obtaining and collating information around information security risks and remedial action using risk mitigation plans
  • Maintaining on-going visibility of initiatives and prioritize information security risk
  • Documentation of processes, performing risk reviews and monitoring metrics to ensure compliance with the risk framework
  • Advise and support the business unit functions on performing self-assessment of controls
  • Consulting for Email Security practice in infrastructure projects
  • Coached and mentored 40+ new staff members, including conducting performance reviews
  • Successfully managed & delivered Email Security Projects for various customers across North America & Europe region

Sr Tech Services Engineer

Global Groupware Solutions
02.1999 - 06.2004
  • In house System Administrator, responsible for Lotus Notes Administration & internet gateway integration
  • Wrote, reviewed and edited technical document in accordance with template requirements.

Education

Bachelor's Degree -

Applied Electronics
Delhi, India

Post Graduate Diploma -

Global Business Management
Delhi, India

Skills

  • CCSFP (HITRUST) – Certified HITRUST CSF Practitioner
  • CISSP (ISC2)
  • CISM (ISACA)
  • PMP (PMI)
  • Training and mentoring
  • Report generation
  • Dashboard creation
  • Advanced Excel
  • Stakeholder management

Certification

  • CDPSE: Certified Data Privacy Solutions Engineer, 09/01/20
  • CISSP: Certified Information Systems Security Professional, 04/01/18
  • CISM: Certified Information Security Manager, 08/01/17
  • PMP: Project Management Professional Certified, 01/01/09

Industryexperience

  • Technology
  • Financial Services
  • IT services
  • Healthcare
  • Resources

Timeline

Lead Analyst Governance, Risk & Compliance

Oracle Health
04.2020 - Current

Senior Manager – Technology Cyber Risk, Security & Governance

Techdemocracy LLC
12.2018 - 03.2021

IT GRC Professional

Global Payments
04.2018 - 10.2018

Lead- Managed Security Services- Email Security & Enterprise Mobility

Computer Sciences Corporation (DXC Technology)
06.2004 - 09.2018

Sr Tech Services Engineer

Global Groupware Solutions
02.1999 - 06.2004
  • CDPSE: Certified Data Privacy Solutions Engineer, 09/01/20
  • CISSP: Certified Information Systems Security Professional, 04/01/18
  • CISM: Certified Information Security Manager, 08/01/17
  • PMP: Project Management Professional Certified, 01/01/09

Bachelor's Degree -

Applied Electronics

Post Graduate Diploma -

Global Business Management

Similar Profiles

  • WHITNEY PLUNKETT

    WHITNEY PLUNKETTWHITNEY PLUNKETT

    Principal Sales Consultant at Oracle HealthPrincipal Sales Consultant at Oracle Health

    View Profile
  • Daniel Haven

    Daniel HavenDaniel Haven

    Sr. Business Operations Analyst, Federal Consulting at Oracle HealthSr. Business Operations Analyst, Federal Consulting at Oracle Health

    View Profile
  • Mitchell Moorehead

    Mitchell MooreheadMitchell Moorehead

    Security Engineer II at Oracle HealthSecurity Engineer II at Oracle Health

    View Profile
Mamta Midha