GREG BASSETT

Basking Ridge, NJ · 908-***-****

ad0sme@r.postjobfree.com · https://www.linkedin.com/in/gregbassett/ · medstartcompliance.com Strategic, forward-thinking Information Security Leader with 20+ years of leadership in IT strategy, security and service delivery leadership and a proven ability to build, manage and lead high-performing teams that strengthen cybersecurity and regulatory compliance and reduce risk. Inspiring, committed servant leader and mentor with a talent for cultivating a vibrant, collaborative culture. Exceptional communication and people skills. Extensive experience in the healthcare industry working with people at all levels of an organization in large, remote populations. Master of Science in Technology Management. PMP/CISSP. EXPERIENCE

1/2023 – PRESENT

OWNER/PRINCIPAL, MEDSTART COMPLIANCE SERVICES, LLC Created HIPAA compliance and Cybersecurity programs for healthcare/health tech startup companies. Performed security, privacy and breach notification risk assessments, IT risk analysis, gap analysis and remediation plans. Developed policies and procedures, implemented tools and processes for gap remediation, coordinated penetration testing and remediation activities. Developed Vendor IT risk assessment processes and negotiated remediation activities and schedules. Provided vCISO services as needed by clients.

2020-2022

DIRECTOR, INFORMATION TECHNOLOGY & SECURITY, VAULT HEALTH, INC. Created Vault’s internal IT program, supporting all aspects of this healthcare startup during critical growth, onboarding over 3,000 new medical professionals and 200 new staff. Built initial team of IT professionals to support the organization’s organic and acquisition growth during which over 10 million COVID 19 tests were completed, 600,000 COVID-19 vaccinations were completed and implemented nationwide support for innovative COVID-19 antigen testing program. Developed information security program, including hiring initial staff, implementing policies and procedures for all aspects of information security (Identify, Protect, Detect, Respond, Recover). Successfully completely SOC2 Type 2 assessment and annual SOC2 program. Managed integration with acquired company, rationalized application portfolios, security architecture, security operations and GRC programs.

Managed all client security inquiries, including questionnaires, RFP responses and sales proposals. Migrated enterprise from Google Workspace to Microsoft365, improving security posture and reducing costs.

Implemented Zero-Trust platform for improved security & compliance on contract medical staff mobile devices.

2

Launched IAM synchronization program to improve onboarding & offboarding speed and compliance. Developed full NIST-based information security policy to cover current and planned business focus areas, including newly acquired companies, resulting in improved compliance, alignment with industry standards and Client expectations in highly regulated industries. 2016-2020

DIRECTOR, IT POLICY & COMPLIANCE, KPMG

Created and implemented the firm’s first NIST 800-171, HITRUST, PCAOB compliance programs. Expanded the firm’s SOC2 compliance program by 3x, covering $1.5BB in annual revenue. Led complete overhaul of firm’s IT Policies, simplifying language and reducing conflicting and contradicting sets of requirements, policies and standards.

Drove out stalled remediation plans, closing 95% of all internal audit/PCAOB inspection findings, and improving the firm’s general IT control posture.

Absorbed the firm’s stalled Archer GRC development and support program, accelerated key program expansions with security incident management functions, vendor management functions and application risk assessment functions and executive dash boarding. Developed staffing plans for recruitment and doubled size of team. Created and led firm-wide NIST 800-171 awareness and education efforts, supporting over $1BB in federal contract revenue

Coordinated with security architecture programs to align key programs with long-running remediation plans and security & compliance gaps.

2014 - 2016

VICE PRESIDENT, SERVICE DELIVERY, CLEARWATER COMPLIANCE Assembled and led national service delivery team to fulfill SaaS-based HIPAA Risk Analysis & Management, HIPAA Security & Privacy and Breach Notification, as well as HIPAA and HITECH Compliance consulting, implementation, and training services. Crafted and executed strategic plans in alignment with overarching organizational objectives.

Propelled exponential growth and next-level profitability, positioning Clearwater as premier information security and healthcare security provider by establishing scaled framework for service delivery. Realigned resources and engagement teams focused on risk analysis and risk management. Increased sales with optimized pricing models and simplified sales processes. Cultivated a culture of collaboration and service delivery excellence that boosted Net Promoter Score

(NPS) to benchmark-breaking 72, with 53/54 clients recommending. Grew team 50% with active strategy to expand into vulnerability scanning and penetration testing (Pen tests).

Instituted stringent information security program with detailed policies, procedures, and review processes. 3

2000 - 2014

SENIOR MANAGER, BISO, JOHNSON & JOHNSON

Managed the information security function as (BISO) for the global clinical pharmaceutical research and development and pharmaceutical supply chain organizations. Built a team to support all new application development for compliance with global pharmaceutical regulations as well as J&J corporate information security policies. Key projects included: Streamlined business partner and external application development risk assessments for clinical trial recruiting systems, resulting in a 50% cost reduction, 75% improvement in time-to-launch while improving overall information security posture for patient recruitment systems. Participated as information security officer for M&A projects involving new global R&D acquisitions. Developed streamline assessment processes, risk remediation tasks & technologies and oversaw cybersecurity improvement necessary to meet J&J standards, while accelerating ROI for the acquired assets.

EDUCATION

2011

MASTER OF TECHNOLOGY MANAGEMENT, STEVENS INSTITUTE OF TECHNOLOGY, HOBOKEN NJ

2007

BACHELOR OF SCIENCE, BUSINESS ADMINISTRATION, CENTENARY UNIVERSITY, HACKETTSTOWN, NJ

Summa Cum Laude

SKILLS

• Cybersecurity & compliance program

development

• Healthcare startup compliance

• Regulatory standards

• Risk Management

• Servant Leader

• Strategic Planning

• Coaching & Mentoring