Lisa Satchel
**.*********@*****.*** 224-***-**** Elgin, IL 60120
IT AUDIT SECURITY GOVERNANCE & RISK COMPLIANCE
EDUCATION
Associates of Art in Business Administration-– American InterContinental University Certification in Business Management/Administration-–Washington Business Institute Certification in Computer Science-– Chicago Alliance of Business Areas of Experience
HITRUST HIPAA Business Continuity Sarbanes-Oxley Act (SOX) HITECH PCI-DSS ISO 27001/ISO27002 Penetration Testing Security Assessment & Authorization (SA&A) Network Security Controls Remediation Internal Controls Design COSO/COBIT Risk Assessment Management SAS-70 NIST SP 800-60 NIST 800-53 NIST SP 800-171 Asset Security Security Testing Identity Management Vendor Risk Management PROFESSIONAL EXPERIENCE
CERNER CORPORATION – Chicago, IL 02/2018 to present Sr. Security Governance and Compliance Analyst
Help clients Write/update programs, policies, and procedure documents in compliance and readiness for HITRUST and HIPAA certification.
Lead formulation and assessment of vendor SIG Questionnaire using GRC tools RSA Archer, Zen GRC etc.
HIPAA Privacy & Security Rule Audits, PCI Audit,
Developed audit and testing program for HITRUST Common Security Framework (CSF) nineteen Domains for certification, using HITRUST MyCSF tool to document responses to control requirements.
Coordinate and manage vendor risk review functions for multiple assigned vendors which includes evaluating the quality of controls in the areas of business continuity planning, disaster recovery, network security, security architecture, and change management.
Develop IT audit methodology and compliance requirements for clients, as well as design, document, and implement control framework for IT processes and infrastructure.
Lead remediation efforts, to support various compliance and regulation requirements - HITRUST and HIPAA for a variety of clients. Conduct security control assessment to assess the adequacy of management, operational privacy, and technical security controls implemented.
Review policy, procedure, evidence, and artifacts with clients and offer remediations for all HITRUST domains and requirements.
Represent and submit the client’s evidence into the HITRUST CSF Portal for HITRUST certification.
Manage Vendor relations and responses for RFP within IT security, controls, and compliance domains.
Collaborated with members of the GRC team as well as external stakeholders and their teams to deliver an audit program compliant with security goals and regulatory requirements.
Managed the planning, implementation, execution, and success of internal/external audits via the ServiceNow platform to attain evidence of compliance controls, certifications, and attestations such as Soc 2, ISO 27001, and per security policy, risk management process, organizational standards, and NIST regulatory guidelines.
Provided internal security consulting for product development and IT operations projects across client organizations.
SWERVEPAY HEALTH LLC – Chicago, IL 02/2015 to 02/2018 Cybersecurity and Compliance Analyst
Worked with cross-functional teams to provide current Payment Card Industry Data Security Standard (PCI DSS) regulations to ensure proper deployment of applications in the environment.
Assisted information security analysts and application & service owners with PCI-DSS compliance tasks such as evidence preparation, gathering, and submission to the PCI-DSS assessor for annual compliance.
Delivered evidence and feedback recommendations to assist the client with review of the audit.
Managed Service Organization Control (SOC) examinations SOC2 in compliance with SSAE18.
Internal Subject matter expert on HIPAA Assessment.
Collaborated with assessment team members and stakeholders on PCI-mandated regulations regarding risk & control projects using COSO/COBIT frameworks.
Engaged with the business units, technical teams, 3rd parties including QSA to complete planning, resource assignments, and plan development ensuring that timely responses were obtained.
Conducted PCI DSS assessment with our Third-Party auditing firm to ensure organization compliance.
Performed annual risk assessments, supported requirements gathering, and design efforts of critical projects as needed.
Performed daily review of critical system logs using Splunk.
Updated IT security policies, procedures, standards, and guidelines according to organizational and federal requirements.
Conducted ongoing internal HIPAA-related audits to ensure regulatory compliance; obtained data from multiple sources and identified sample work lists (if applicable); provided results to areas audited and requested corrective action plans; educated and acted as a resource to departmental staff on regulatory guidelines and requirements.
Managed third-party security risk, providing oversight during vendor analysis/onboarding and periodic monitoring phases. Managed third-party relationships and technology vendors that provide information security functions to ensure contract compliance and meet external audit requirements such as SOC2 audits and ISO27001.
A-LIGN – Chicago, IL 05/2013 to 02/2015
Cybersecurity Consultant
Led HITRUST engagement from kickoff to project delivery- readiness assessment, built policy procedural guidelines and internal engagement lead for SOC 2 Audit.
Provided security insight and expertise for customer-facing activities such as RFIs, SIG, Vendor Risk Assessment for periodic audits.
Led and managed different stages in the NIST Risk Management Framework Process.
Monitored data-related controls to ensure data restriction, data confidentiality, data access, data security and data retention measures were adequately protected.
Reviewed policy & procedure, evidence, and artifacts with clients and offered remediations for HITRUST domains and baseline requirements.
Maintained information security awareness training and education programs. Test effectiveness of training through periodic social engineering tests.
Managed Vulnerability Scanning tools Splunk.
Led data migration, server decommission, disaster recovery and business continuity efforts.
Compliance within intrusion detection verticals and vulnerability management.
Analyzed vulnerability assessments to verify the strengths and weaknesses of a variety of operating systems, network devices, web applications, and security architectures utilizing commercial and open source security testing tools.
Perform quarterly Access Control reviews