MERVYN CHAPMAN
Chief Information Security Officer
Lagrange,GA
Summary
Vigilant Information Security Management Professional with over 20 years of experience safeguarding information assets of companies in the IT, Healthcare, and Forestry sectors. Skilled at building programs providing Compliance and Risk management, Incident Response and Detection, and vulnerability management for Fortune 500 companies. Adept at building cross-organizational teams to ensure compliance with corporate information security policies and programs.
Overview
24
24
years of professional experience
Work History
vCISO/Practice Lead
Ahead
Chicago, IL
10.2016 - Current
- Governance, Risk and Compliance Responsible for designing and leading IT Risk Management efforts on behalf of customers, including policy development, security architecture design, and awareness training.
- Coordinates with external and internal partners to develop solutions to secure cloud and hybrid infrastructure.
- Creates strategic plans around Compliance and Risk Management, Identity and Access Management, Data Protection and other areas of concerns.
- Key Responsibilities:.
- Served as Virtual CISO for organizations of varying sizes and industries, in public and private sector.
- Provided strategic guidance for corporate IT projects, including evaluation of technical standards and controls.
- Recommended and developed Security and IT standards, policies and procedures.
- Created and implemented Incident Response plans, playbooks and testing procedures.
- Led Incident Response efforts on behalf of RoundTower and customers.
- Created and presented Investment Strategies based on assessment results.
- Developed and delivered cybersecurity related workshops, to include 3rd party risk management, risk assessment plan development and incident response management.
- Established and maintained relationships through magazine interviews and speaking engagements at customer and vendor conferences.
- Worked with internal and external auditors both before and after audit cycles.
- Built cross practice service offerings to meet specific client requests.
Director, IT Security/HIPAA Security Officer
Surgical Care Affiliates
Birmingham, AL
03.2013 - 10.2016
- Designed, implemented and managed the first Enterprise Information Risk Assessment program.
- Worked with external and internal stakeholder to ensure business alignment with risk management objectives.
- Built effective cross-organizational teams to ensure compliance with the overall Information Risk Management program.
- Key Accomplishments:.
- Implemented first organizational Incident Response, Threat Management and Security Awareness training programs.
- Designed Security and Compliance/Risk Management program for network of 200 facilities, including 6 surgical hospitals, including vendor risk assessment program.
- Created ‘Critical Controls’ and Cybersecurity Maturity Assessment program, to objectively measure security performance.
- Chaired Information Risk Management cross functional group (reporting to the Board), which was responsible for review and approval of Information Risk Management projects.
- Led group until acquisition by UnitedHealth.
Information Security Analyst
Wellstar/West Georgia Health
LaGrange, GA
03.2008 - 03.2013
- As the sole Information Security SME, worked directly with the CIO, Legal Counsel, and the executive team.
- Directed and developed guidelines and systems to safeguard corporate information assets.
- Chair of the Security Committee.
- Arranged and facilitated Risk Assessments, and assisted Application Support and Clinical teams in ensuring their programs supported corporate Information Security objectives.
- Key Accomplishments:.
- Recommended, educated and implemented risk mitigation products and technologies, reporting on compliance and overall risk posture to senior management and C-Level staff.
- Designed and supported IAM policies, procedures and systems.
- Conducted vulnerability assessments, interpreted results, and conducted remediation activities.
- Interpreted and applied principles of ISO 2700x, HIPAA, HITECH, and other related standards in technical and administrative controls.
- Supported security requirements of Active Directory/LDAP, ADCS/PKI, Citrix, SSO, desktop, server, and SaaS applications.
- Deployed and maintained desktop, email and mobile device encryption systems.
- Met with business units to facilitate secure business practices and project implementation.
- Held training and annual education events to help employees maintain continuous security awareness.
- Tracked compliance gaps, mitigating with administrative and/or technical controls.
Education
Ph.D. Student - Technology and Innovation Management
Northcentral University
Master of Science - Information Security and Assurance
Western Governors University
Bachelor of Science - Information Technology
Western Governors University
Skills
Strategy Development
Timeline
vCISO/Practice Lead
Ahead
10.2016 - Current
Director, IT Security/HIPAA Security Officer
Surgical Care Affiliates
03.2013 - 10.2016
Information Security Analyst
Wellstar/West Georgia Health
03.2008 - 03.2013
Ph.D. Student - Technology and Innovation Management
Northcentral University
Master of Science - Information Security and Assurance
Western Governors University
Bachelor of Science - Information Technology
Western Governors University
Similar Profiles
Jalea BerryJalea Berry
Associate Technical Consultant at AHEADAssociate Technical Consultant at AHEAD
SEAN BONDSEAN BOND
Principal Consultant at AHEADPrincipal Consultant at AHEAD
Lillian "Annie" CrowleyLillian "Annie" Crowley
Property Manager at AHEADProperty Manager at AHEAD
ZACHARY NOTTERZACHARY NOTTER
Client Director at AHEADClient Director at AHEAD
Leisa GilbertLeisa Gilbert
Student Support Team Chairperson at Troup County Board of Education - CVESStudent Support Team Chairperson at Troup County Board of Education - CVES