Ryan Stewart


RIMS-CRMP Certification
CISM-Certified Information Security
Security Program Services

Ryan Stewart

vCISO & IR Team


Knowledgeable professional with extensive experience in information security and risk management consulting, leading IT security remediation projects, and advising executive staff in information security and risk management. A proven leader capable of building and motivating high-caliber teams of professionals. Equipped with the knowledge, experience, education, and ability to provide results beyond expectation.


  • Serves as a Subject Matter Expert (SME) to represent the company in sales opportunities for Incident Response services as well as developing and delivering Incident Response services.
  • Serves as an internal SME for the organization’s virtual Chief Information Security Officer (vCISO) program services.
  • Supported 7 covered entities simultaneously, ranging from small to large hospitals, with between 300 to 360 professional hours annually as their designated virtual Chief Information Security Officer (vCISO).
  • Responsible for assisting executive- and director-level staff with information security program remediation, vulnerability management, and risk management.
  • Depended on to develop policies, standards, and procedures to support the business strategy utilizing frameworks such as HIPAA, NIST CSF, ISO 27001, COBIT, PCI, and HITRUST.
  • Responsible for creating Plans of Actions and Milestones used for corrective action and managing risk.
  • Advise senior leadership on information security risk, risk remediation, and industry best practices.
  • Develops education and training materials.
  • Conducts risk analysis and information program assessments to determine if covered entities are compliant with policies, standards, procedures, and federal and state laws.
  • Leads data collection interviews with process owners to understand current state systems, processes, and/or controls and assessing risk with minimal oversight and supervision.
  • Developed 11 Information Security Program Assessment (ISPA) 60-page reports from onsite data collections that provided covered entities with observations and recommendations for remediation to achieve HIPAA compliance and higher COBIT maturity ratings.
  • Developed over 10 Meaningful Use reports for stage 1 and 2 for covered entities that were attesting for Meaningful Use.
  • Assisted clients in ransomware and botnet attacks by providing Incident Response support through the discovery phase and remediation phase.
  • Identified as the “go-to” consultant for policy templates or questions regarding policy development.
  • Provided consulting services to over 20 company clients over a six-month period.
  • Guided and mentored new consultants on data collection techniques and report writing.



  • CGEIT-Certified in the Governance of Enterprise Information Technology, 2019
  • CRISC-Certified in Risk and Information System Control, 2018
  • CISM-Certified Information Security Manager, 2017
  • CISSP-Certified Information Systems Security Professional, 2012
  • ITIL 2011 Foundation Certification, 2012
  • Database Systems Technology Certification, 2010
  • CompTIA Security+ Certification, 2010
  • CompTIA Network+ Certification, 2010



    • Office


    • Email