Submitted by: Jason R. Denny
1. Briefly describe your responsibilities at your employer, even if your employer is not your case study organization.
I report directly to the VP of Privacy & Security Governance; my job function is to act as the Security Compliance Manager within our Security Governance team. The overall purpose of my position is to implement the appropriate processes and procedures for auditing and assessing, ensuring proper compliance throughout various information security standards and controls; up to and including tracking and managing any corrective actions that may derive from the various audits and assessments.
I am an integral member of the team in regards to security program development, vulnerability management, physical security, and documentation development. In an effort to help bridge the gap between security and various business units I participate in various meetings and committees such as our Information Security Management Group (ISMG), Security Checkpoint, Change Management, and different IT Steering Committees. I also act as one of the primary liaisons between us and our parent-company where I participate in similar meetings and committees to ensure we are adhering and aligning ourselves appropriately with our parent-company.
2. …show more content…
In addition, we purposely chose to have one of the most respected and well-known accreditation firms perform our certification: BSI. We obtained our certification in 2011 and then renewed to the ISO 27001:2013 standard in 2015. Finally, we are in the midst of further strengthening our security program by also aligning ourselves with the HITRUST framework while continuing to adhere with ISO amongst other client and legislative demands (HIPAA, HITECH Act,