Third Party Information Security
Resume:
Paul Lusardi
Port St Lucie, FL 34983
****.*******@*****.*** 772-***-****
linkedin.com/in/paul-lusardi-b85398164
Summary
Years of experience in building third party risk programs, assessments, implementing eGRC platforms in healthcare, finance, and pharmaceutical environments. Also experienced in compliance programs and assessments, audits, and third party certifications.
Veteran team builder and mentor.
Experience
Senior Associate, Technology Governance
●Geode Capital Management June 2022 - January 2024
Boston, MA (Remote)
● Developed a BCP/DR program by employing a SaaS solution based on COBIT and NIST frameworks, achieving compliance with ISO22301 standards and improving business resilience
● Initialized and ran Asset Management program in ServiceNow for all Geode applications
●Helped TPRM division to bring program to fruition (Archer)
● Standardized SOP formats across IT departments to implement regular review cycles, enhancing procedural consistency and compliance
Enterprise Risk and Compliance Manager
Steward Health Care March 2019 - June 2022
Boston, MA (Remote)
• Recognized SME at the intersection of HIPAA and information security
• Began Third Party Risk Management program
• Instrumental in choosing and setting up new GRC platform (Onspring)
• Supervised Meaningful Use/Interoperability program for all hospitals
• Began and supervised BC/DR project for Steward corporate
• Oversaw creation and implementation of Information Security Policies and procedures (US and International)
• SME IS liaison for Legal department
• SME IS liaison for Compliance department
• SME IS liaison for MA&D
• SME for IS Corporate Communications liaison
• SME Contracts Administration liaison with Legal department
Project Manager Program Management Office/TPRM SME
Freddie Mac (Consultant) August 2018 - February 2019
McLean, VA (Hybrid)
Large financial institution TPRM initialization and continuation project.
• Led 4 consultant staff plus 3 institution F/T staff members.
• POC for internal and external businesses and assessment partners.
President, CEO
ISP Associates October 2005 - April 2017
Boston, MA
Oct 2005 - Apr 2017
• Responsible for creating and managing Third Party Risk Assessments for Janssen Commercial Pharmaceutical sector for North America and Europe
• Act as a subject matter expert to assist the business unit in mitigating risks on their commercial transactions with third parties
• Perform assessments based on NIST 800-53 and ISO 27001/27002 framework. • Helped created Third Party Risk Assessment SOP’s for Janssen Commercial Pharmaceutical and R&D • SOPs were adopted by many other J&J Operating Companies.
• Communicate and train stakeholders of various levels in all Commercial Pharmaceutical sector business functions to understand and mitigate information security risks associated with the use of third party providers of goods and/or services
• Ensure Third Party Risk Management is embedded in the businesses and functions and evidenced accordingly
• Manage Risk and Application assessments of all third party vendors, including initiation, execution, review and approval
• Communicate identified risks to business areas along with their potential impact • Work directly with vendors to mitigate identified risks
• Personally completed more than 500 third party risk Assessments for Janssen • Created metrics and reporting for all risk assessment activities
• Ensured strong oversight of all third party risks
• Provided Information Security management and internal business partners with visibility of existing and emerging risks
• Implemented internal customer feedback process for the TPRM function which allowed address of issues immediately and apply corrective actions where required
• Perform assessments on vendor facilities to ensure required physical security controls are in place • Performed on-site physical assessments on vendors where highly restricted Janssen data would be exchanged (including international site assessments)
• Performed training for business units for information security application
Skills
Disaster Recovery • Business Continuity • NIST 800-53 • Third Party Risk Management • HIPAA Privacy • Third-Party Vendor Management • IT Security Assessments • IT Privacy Assessments Paul Lusardi - page 3
Contact this candidate