Ryan StewartvCISO & IR Team
Knowledgeable professional with extensive experience in information security and risk management consulting, leading IT security remediation projects, and advising executive staff in information security and risk management. A proven leader capable of building and motivating high-caliber teams of professionals. Equipped with the knowledge, experience, education, and ability to provide results beyond expectation.
- Serves as a Subject Matter Expert (SME) to represent the company in sales opportunities for Incident Response services as well as developing and delivering Incident Response services.
- Serves as an internal SME for the organization’s virtual Chief Information Security Officer (vCISO) program services.
- Supported 7 covered entities simultaneously, ranging from small to large hospitals, with between 300 to 360 professional hours annually as their designated virtual Chief Information Security Officer (vCISO).
- Responsible for assisting executive- and director-level staff with information security program remediation, vulnerability management, and risk management.
- Depended on to develop policies, standards, and procedures to support the business strategy utilizing frameworks such as HIPAA, NIST CSF, ISO 27001, COBIT, PCI, and HITRUST.
- Responsible for creating Plans of Actions and Milestones used for corrective action and managing risk.
- Advise senior leadership on information security risk, risk remediation, and industry best practices.
- Develops education and training materials.
- Conducts risk analysis and information program assessments to determine if covered entities are compliant with policies, standards, procedures, and federal and state laws.
- Leads data collection interviews with process owners to understand current state systems, processes, and/or controls and assessing risk with minimal oversight and supervision.
- Developed 11 Information Security Program Assessment (ISPA) 60-page reports from onsite data collections that provided covered entities with observations and recommendations for remediation to achieve HIPAA compliance and higher COBIT maturity ratings.
- Developed over 10 Meaningful Use reports for stage 1 and 2 for covered entities that were attesting for Meaningful Use.
- Assisted clients in ransomware and botnet attacks by providing Incident Response support through the discovery phase and remediation phase.
- Identified as the “go-to” consultant for policy templates or questions regarding policy development.
- Provided consulting services to over 20 company clients over a six-month period.
- Guided and mentored new consultants on data collection techniques and report writing.
- CGEIT-Certified in the Governance of Enterprise Information Technology, 2019
- CRISC-Certified in Risk and Information System Control, 2018
- CISM-Certified Information Security Manager, 2017
- CISSP-Certified Information Systems Security Professional, 2012
- ITIL 2011 Foundation Certification, 2012
- Database Systems Technology Certification, 2010
- CompTIA Security+ Certification, 2010
- CompTIA Network+ Certification, 2010