Information Systems Security

JOYCE MARIE GEIS, CISA, CRISC, CSXF, HCISPP

linkedin.com/in/joyce-geis-cisa-crisc-hcispp-a25b9712

CERTIFICATIONS:

CISA – Certified Information Systems Auditor – 2004

CRISC – Certified in Risk and Information Systems Control – 2010

CSXF – Cyber Security Risk and Control Fundamentals – 2015

HCISPP – Healthcare Information Security Privacy Practitioner – 2016

EXPERIENCE:

Propharmagroup LLC

Digital Auditor June 2023 - present

•Responsible for planning and conducting GxP Digital/CSV audits as applicable to experience (e.g., CMO, CRO, mock regulatory inspection, PV, internal process, investigator site, etc.) on behalf of clients.

•Subject Matter Expert (SME) for Digital-related projects and responsible for developing and managing the auditing program.

•Responsible for independently managing clinical-related projects and providing consulting and contract services to clients as needed.

•Assisted in designing, implementing, monitoring, and maintaining ProPharma’s auditing program, policies and strategies and ensuring company compliance to GxP regulations, internal procedures, and policies in cooperation with peers.

Note: Break in employment history is due to leave of absence to care for family member.

Cognizant, Technology Solutions

Risk Management - Corporate Security Americas & Rest of World (ROW) May 2020 to October 2020

•Responsible for managing IT security risks within the Life Sciences business. Supported the SIP (shared information platform) for multiple pharmaceutical companies.

•Plan, write and deliver security management plans (SMP) and strategies to protect Cognizant client data (bio pharmaceutical companies)

•Cyber Incident IT security Team incidents – addressed incidents within contract timeframe.

•Provide status on any discovered risks associated with application deployment.

•Worked with IT Security Architect to ensure security controls are being implemented during the Software Development Lifecycle (SDLC).

Bristol-Myers Squibb Jan 2014 – Apr 2020

IT Security and IT Audit Manager – Global support

•Conducted Third Party risk assessments on Software as a Service (SaaS) cloud providers.

•Assisted information security officers with updating and tracking plan of action and milestones on remediation items.

•Conducted risk assessments, within the supplier’s IT control environment using the following control frameworks; ISO 27001, COBIT, NIST, HIPAA, HITRUST, GMP, (GxP) and PCI.

•Conducted Quality assessments for software systems requiring Computer Systems Validations packages (CSV).

•Responsible for the monitoring, tracking of the Governance, Compliance and Risk Data Base (GRC).

•Experienced conducting third party GXP audits with regulatory requirements such as CFR 21, Part 11 Electronic Record and Electronic Signature (ERES), Annex 11

•Worked across various platforms and with multiple internal and external business partners to implement Corrective Action Plans (CAPA)

•Prepared documentation for onsite Food and Drug Administration (FDA) audits.

•Conduct contract compliance, SOX compliance, and SOC2 type 2 IT audits

•Privacy compliance for healthcare regulations and General Data Privacy Regulation (GDPR) for data usage in the EU.

Citi Group - Division of Citibank Dec 2010 – Dec 2013

VP for North American Operations – Financial Reporting Operations (FRO) -

•Business Information Security Officer (BISO) for Financial Reporting Operations for risk and control operations

•Reported to Global Risk Senior VP results of control related and business operations activities to ensure compliance with Citi policies and regulatory requirements.

•Dotted line responsibility to the Global Information Security Officer included managing network security alerts.

•Developed Business Impact Analysis plans (BIA) and Business Continuity Plans (BCP)

•Provided managerial oversight and performance evaluations of eight (8) staff members.

•Liaison for external audit firm KPMG for all audit risk issue

•Responsible for Regulatory and Compliance audits and attestations

•Identification of potential process improvements to increase the efficiency within the FRO organization

•Responsible for FRO’s business Corrective Action Plan (CAP) process

•Responsible for performing quarterly key control review activities for (FRO)

•Performed Risk Control and Self-Assessment (RCSA) process to determine quarterly compliance

•Performed test(s) validation to ensure the effectiveness of general controls over financial reporting

•Performed testing of (COB) at onsite recovery facility

Experis /Jefferson Wells Consulting April -2009-12/2010

Senior IT Risk Advisory Consultant

Advisory Lead for customer facing consulting engagements within Healthcare, Energy and Banking industries:

•Developed and wrote business impact analysis (BIA) for Continuity of Business Plans

•Performed application IT Security Risk Assessment to identify potential security vulnerabilities.

•Performed IT Security testing on software applications to verify internal and external user accounts adhered to HIPAA and PCI privacy requirements.

•Performed IT audits of System critical applications in support of Americas largest payment card processing and electronic ecommerce and payment solutions company – First Data Corporation

•Responsible for auditing system to ensure compliance with PCI Data Security Standard (PCI DSS)

HONORS – EDUCATION & CREDENTIALS

Invited to participate as a subject matter expert for two consecutive years 2018 & 2019 in the development of exam questions and to set standards for ISC2’s professional Information Security Certifications

Nova Southeastern University, Ft. Lauderdale, Florida – Bachelor of Science (BS)– Management

Nuclear Medicine Technology – Associate of Science

Contact this candidate