Information Security Technology

Resume of Janice Clauer

MS, MBA, CISSP, CISA, CISM, CRISC, CIPP, CIPM, CHC, ITIL

Del Rio, Tennessee LinkedIn: https://www.linkedin.com/in/janice-c-b638512/ Mobile: 203-***-**** Email: **********@*****.*** Summary

Accomplished and goal-driven senior security leader with more than 15 years of experience in strategic and tactical leadership. Expertise includes utilizing governance, risk, and compliance to provide value to the business by enabling risk-aware decisions and tailoring solutions to align with business goals and strategic objectives.

Professional History

Director, Business Information Security Officer

Regeneron Pharmaceuticals Feb 2022 to present

Head of Information Security Governance, Risk, and Compliance and Data Privacy for a genetics research subsidiary of a major biotechnology organization

• Maintained and scaled a secure and privacy-compliant cloud-based research environment by evaluating risks (data, system, and vendor-related risks), developing policies, processes, and controls, and supporting legal contracting efforts with research collaborators

• Championed the regulatory, corporate security, and privacy obligations by supporting collaborations and ensuring successful assessments of major business and IT platforms

• Liaise with business and governance teams to advise and recommend risk-based solutions designed with the business goals in mind

• Identified and documented technical and organizational measures (TOMs) relating to security and privacy baselines for core systems and trusted research environments (TREs) Director, IT Security Governance and Risk

Nuvance Health Jan 2019 to Feb 2022

Head of Information Security Governance, Risk, and Compliance for a large healthcare system.

• Developed GRC roadmap, strategies, and tactics to provide value to the organization, and tailor solutions to align with business goals and strategic objectives

• Pioneered consistent tools and methodologies to effectively evaluate, measure and manage internal and third-party security risk

• Evaluated and implemented an IT GRC application, as well as a third-party security ratings & cybersecurity risk management program

Head of Privacy and Security Compliance as a Senior Compliance Officer/HIPAA Privacy and Security Officer & Administrative Director, Information Governance

• Defined, documented, communicated, and measured compliance to a standard set of security and privacy policies, ensuring alignment and compliance with a variety of Federal and State regulations, including HIPAA

• Led incident response and breach notification actions, including interfacing with external Legal counsel and Federal and State regulatory entities and Attorneys General

• Developed monthly metrics for reporting to Leadership and to the Board of Directors

• Created and facilitated security and privacy awareness training, including general training, targeted training, and phishing simulation exercises Vice President, Information Security and Risk

News America Marketing (a division of News Corp) Jun 2016 to Jan 2019 Head of Cybersecurity & Risk for a multi-national media marketing company (an operating unit of NewsCorp)

• Transformed the security team from a technical focus into a partnership with the business; developing a roadmap to propel significant change to both business and IT practices

• Established measurable and repeatable processes for incident management and response, 3rd-party risk assessment, and event log management

• Partnered with web, mobile, and traditional development teams (using DevOps/CI-CD, Agile, and waterfall project management methodologies) to establish and educate on secure development practices, including the use of threat modeling, static application security testing

(SAST), dynamic application security testing (DAST), penetration testing, etc.

• Evaluated and selected an IT GRC tool and implemented GRC processes across the enterprise, including a third-party Vendor Risk Management program Director, Information Security

Daymon Worldwide Aug 2015 to May 2016

Head of Information Security and Risk for a sales and marketing private label consumer products company

• Created an Information Security Office in an environment based primarily on an outsourced IT model

• Spearheaded the creation and implementation of Information Security policies and processes, including the development of the overall policy framework and Information Management criteria

• Optimized standard reporting criteria and metrics tailored to business concerns

• Established Information Security and Risk strategy and ongoing communication to Senior and Executive leadership

Manager, Information Systems Security Risk

Cotiviti Aug 2013 to Jul 2015

Head of Information Security Risk for a leading provider of payment accuracy and analytics-driven solutions primarily focused on the healthcare and retail industries, including as a CMS sub- contractor

• Established the Information Security Risk Office for a leading provider of payment accuracy and analytics-driven solutions primarily focused on the healthcare and retail industries; ISSO for major government organization (sub-contractor for CMS)

• Developed standard reporting criteria and metrics (e.g. KPIs, KRIs)

• Ensured alignment to a variety of standards, regulations, and control frameworks, such as Sarbanes- Oxley, NIST, HIPAA, ISO 27000 & 31000 families, COSO, and Cobit

• Created and directed a risk management and assessment program aligned with a project management lifecycle; Ensured alignment to a variety of standards, regulations, and control frameworks, such as Sarbanes- Oxley, NIST, HIPAA, ISO 27000 & 31000 families, COSO, Cobit

• Assumed role as ISSO for a contractor of a US government organization (CMS), responsible for ensuring ATO, adequate security artifacts, POA&Ms, and addressing each security control for NIST 800-53

Education And Professional Certifications

Master of Business Administration (MBA), Technology Management Colorado Technical University, Colorado Springs, CO 2008-2010, GPA 3.96

Master of Science (MS), Information Security

Colorado Technical University, Colorado Springs, CO 2005-2006, GPA 3.94

Bachelor of Science (BS), Computer Science

Charter Oak State College, New Britain, CT

1995-2001, GPA 3.67

Professional certifications including: CISSP, CISA, CISM, CRISC, CIPP, CIPM, CHC, ITIL, and more Skills

management, governance, risk, compliance, security GRC tools, security assessments, vendor management, 3rd-party assessment, regulations, frameworks, controls, NIST, ISO 27001, PCI, CIS, CSA, HiTRUST, HIPAA, SOX, FedRAMP, NY 899-aa and 899-bb, security, privacy, security awareness and training, technical and organizational measures (TOMs), trusted research environments (TREs), strategic planning, SSDLC, CI/CD, DAST, SAST, Jira, Confluence, SharePoint, agile, waterfall, metrics, KPIs, KRIs, ITIL, service delivery, policies and procedures, communication, cloud, active directory, AWS, G-Suite

Contact this candidate