Frank Cindrich

Email: abp7eu@r.postjobfree.com

Address: *** ***** ****** **, #****

City: Arlington

State: VA

Zip: 22203

Country: USA

Phone: 703-***-****

Skill Level: Management

Salary Range: $175,000

Primary Skills/Experience:

See Resume

Educational Background:

See Resume

Job History / Details:

FRANK CINDRICH, JD, CGEIT, CIPP, CIPP/G

818 North Quincy Street Arlington, VA 22203 703-***-**** abp7eu@r.postjobfree.com

CORPORATE COUNSEL FOR PRIVACY AND DATA PROTECTION

GOVERNANCE RISK MANAGEMENT COMPLIANCE

Privacy, data protection, and cyber security legal subject matter expert. Valued partner who leads teams and aligns strategies to protect classified and highly confidential information. Applies a hands-on approach, and diverse planning and negotiation skills to manage risks and comply with applicable US and international laws, rules and regulations, company practices and standards, and best practices in a changing privacy regulatory environment. Leads by example and build consensus with internal stakeholders and external third parties. Trusted counsel to C-level leadership and Boards of Directors. Evaluates and issues recommendations in connection with developing privacy and security programs. Demonstrates ongoing knowledge of privacy laws and regulations, as well as the transfer, management, and monitoring of sensitive and classified data. Teaches governance, risk management, and risk mitigation for privacy, data protection and security to officers, directors, and auditors.

Professional Strengths & Knowledge

E Government Act (FISMA) The Privacy Act HIPAA HITECH Safe Harbor GLBA

Regulatory & Compliance Oversight Requirements Rationalization Privacy & Security Risk Assessments

Enterprise Risk Management Strategy Policy & Procedure Development Business Process & Strategy Implementation

Legal Advisory, Mentoring & Leadership Awareness & Training Contract Negotiations & Third-party Oversight

EXPERIENCE & ACHIEVEMENTS

DELOITTE & TOUCHE, LLP, Arlington, VA 2011-Present

Specialist Manager Privacy / Data Protection and Cyber Security

Serves as a subject matter expert (SME) for the US Department of Health and Human Services (DHHS), and Office of the National Coordinator (ONC) for Health Information Technology (IT). Guides the development of ONC Health IT cyber security strategy. Supports ONCs role with the White House privacy and security work group. SME to the Veterans Administration (VA) for privacy program improvement and privacy communications strategy.

Analyzed and issued recommendations regarding privacy and security issues with wireless devices, apps, and cloud computing. Supported initiatives for DHHS, ONC for Health IT. Addressed security for mHealth (mobile health), cloud computing with healthcare regulators, and security requirements for electronic health records (EHR).

Developed tools to enable small healthcare practices assess risk associated with adoption EHR and Health IT. Authored a whitepaper that demonstrates the need for a similar tool for security among Health Information Exchange (HIE) grantees.

Led outreach across government and other stakeholders to identify security (cyber security) strategic needs for Health IT.

Featured panelist and speaker for cyber security, data protection, and privacy.

Won new business with the VA and expanded existing relationships with the DHHS, ONC, OCPO, with sales in excess of $2M annually.

INVIZION, INC., McLean, VA 2009-2010

Corporate Counsel and Strategist

Managed legal affairs and negotiated and drafted agreements for this $34M professional services firm that provides linguistic and logistic services for defense and intelligence industry clients in the US, Iraq, and Afghanistan, and for IT security (cyber security) in Costa Rica. Led team to align strategies among human resource, finance, and compliance.

DELOITTE & TOUCHE, LLP, Washington, DC 2006-2009

Manager, Center of Excellence

Developed methodologies and frameworks to drive consistency and quality of data, and global privacy protocols. Guided the creation and implementation of policies and procedures in connection with the firms cyber security program. Assigned as a privacy, data protection, and cyber security SME for the US DHHS, ONC for Health IT. Demonstrated relationship between and among risk assessment, risk management strategy, policy, enterprise architecture strategy, mitigation, and the development life cycle of business processes and systems.

FRANK CINDRICH, JD, CGEIT, CIPP, CIPP/G PAGE TWO

703-***-**** abp7eu@r.postjobfree.com

Deloitte and Touche Continued

Contributed to more than $2M in new business development with commercial and civil entities, expanding the firms presence at the US DHHS, ONC, OCPO and the Federal Aviation Administration (FAA).

Served as a key leader and mentor to consultants developing a privacy and data protection program for the DHHS, the DHS, and the US Internal Revenue Service (IRS).

Served as SME developing and delivering privacy training for members of the IRS privacy office.

Created the framework of an IT security governance program for the US Department of Justice (DOJ). Created the vision, mission statement, and charter to design procedures that would facilitate informed risk-based decisions for mitigating security risks for various agencies.

Analyzed financial services industry regulations for the BITS organization, providing observations and recommendations for improved efficiency and effectiveness of privacy and security regulations (GLBA/Red Flags).

Featured speaker for information and information technology governance, risk management, and compliance.

BOOZ ALLEN HAMILTON, McLean, VA 2004-2006

Associate

Provided ongoing advisory and assistance to federal agencies as part of aligning business goals and facilitating the development of enterprise risk management strategies, policies and procedures, enterprise architecture, capital planning, budgeting, and acquisitions. Identified key synergies among all resources as part of streamlining and driving consistency with all agency stakeholders.

Led an initiative to guide integrated privacy and security requirements into the enterprise architecture and system development lifecycle for the DHS. Efforts were supported by the Executive Office of the President (EOP) Office of Management and Budget (OMB), and the Federal Chief Information Officer (CIO) Council.

Directed efforts of lawyers and security specialists polling international and domestic privacy and data protection laws, rules and regulations, and creating a jurisdiction and industry-neutral privacy framework released by the OMB and the Federal CIO Council.

Conceptualized strategies to integrate enterprise-wide requirements for the Federal Information Security Management Act (FISMA) into an enterprise risk management strategy, which reduced negative inspector general findings by 30%.

Recommended chain-of-trust provisions for vendor and contractor FISMA-compliant oversight for the US Office of the Secretary of Defense (OSD) designed to help reduce loss of sensitive data.

Developed follow on business at the Department of Homeland Security (DHS) in excess of $0.5M.

TRIGON BLUE CROSS / BLUE SHIELD (Now Anthem/WellPoint), Richmond, VA 1998-2003

Corporate Counsel and Senior Policy Analyst

Contributed to the creation of an eBusiness strategy for this multi-billion dollar health insurance company. Forged internal partnership with Information Security Officer, Privacy Director, and business (process) owners to align goals and strategies and integrate privacy and security into the development life cycle of business processes and systems. Negotiated software license and maintenance agreements, nondisclosure agreements, independent contractor agreements, and other agreements for the acquisition of hardware, software and professional services. Ensured compliance with HIPAA, GLBA, SOX and Virginia security and privacy requirements. Guided the development and accountability for security and privacy of customer medical and financial records. State-certified continuing professional education (CPE) instructor for security and privacy.

MELLON BANK NA (Now BNY Mellon), Pittsburgh, PA 1996 - 1998

Assistant Director of Communications for Y2K

Led development of Web-based communication initiative for Y2K disclosures, recognized by CBS News as most timely and forthcoming.

FRANK CINDRICH, JD, CGEIT, CIPP, CIPP/G PAGE THREE

703-***-**** abp7eu@r.postjobfree.com

EDUCATION

Juris Doctor DRAKE UNIVERSITY LAW SCHOOL, Des Moines, IA

Bachelor of Science Political Science; Minor in Finance OLD DOMINION UNIVERSITY, Norfolk, VA

CREDENTIALS

Bar Admission

Commonwealth of Pennsylvania Bar

Certifications & Affiliations

Member and Certified Information Privacy Professional (IAPP CIPP, CIPP/G)

Frameworks Committee Member (ISACA)

Certified in the Governance of Enterprise Information Technology (ISACA CGEIT)

Advisor, Cyber Security Forum (CSFI)

Public Speaking

Privacy & Data Protection Instructor/Featured Speaker, ISACA (2012)

Security and Mobile Health Panelist, HealthTech Council (2012)

Cyber Security Governance Speaker, CSFI & Hacker Halted Speaker (2010)

On Camera Interviewer, HSTV (2010)

Privacy & Security Governance Speaker, CSFI Washington (2006)

Clearance

Top Secret

Contact this candidate