RODERICK WALKER
***** ******** **** ** ****, TX *7450 · 817-***-****
adpkqo@r.postjobfree.com
Information Security Assessor with passion for aligning security control plans and processes with security standards and business goals. Experienced in developing and testing security RMF framework for systems that protect PHI, and secure information.
Skills
Project Management
Program Assessor
Analytical ability
Administering Security Software and Controls
Analyzing Security System Logs, Security Tools, and Data
Communicating Up, Down, and Across All Levels of the Organization
Planning and execution
EXPERIENCE
9/2018 – PRESENT
SECURITY ASSESSOR BUSINESS CONSULTANT, Brownstone Consulting
Supplies consulting for system owners in assessing their systems using special publications NIST 800-53A for information technology systems, and security controls.
Performs SAP reviews application security implementation reviewing vulnerability management, threat detection, incident response and reviews role-based access controls and audits for applications threats.
Supports RMF control reviews and compliance activities reviews to support the safety and security of network and applications within the database management systems, analyzing the stability and efficiency of the user interface, authorized data access, and performs audits and quality checks
Performs NIST security assessment reports (SAR) Assesses administrative, physical, and technical safeguards. Reviews mitigation planning reviews HIPAA compliance.
Support security activities not limited to but including developing or reviewing security plans, testing plans, and documentation; supply recommendations to the client to support each identified security related activity.
Reviews Privacy Threshold Analysis (PTA) and Privacy Impact Assessments (PIA) policies interviewed privacy officers and SME's and analyzed the results of the interview based on what was documented in those documents.
Coordinates and interacts with the client and IT staff with technical understanding of systems and applications to ensure security requirements are addressed during system planning, development, and operations.
Reviews system security plans, risk mitigation plans; contingency plans, documents findings to ensure security requirements are well documented in SSPs (system security plans) completes SAR reports and follows up with Information system security officer (ISSO) to develop Plans of Action and Milestones (POA&Ms) from the findings.
Prepares activity and status reports about information systems’ operations.
Reviews plans of actions and milestones (POA&Ms) as part of continuous monitoring and reviews closed POA&Ms.
Prepares well-organized, effective SAR reports and presentations to clearly communicate results to team management, colleagues, and clients.
Utilizes the Security Control Traceability Matrix (SCTM) reviewing the system’s established security requirements throughout the system, assessing the security features, and assessing its implementation details, and checking the resources required for annual assessment
9/2013 – 12/2020
PRACTICE ADMINISTRATOR, Extension Home Health
Developed, implemented, and administered the organization’s financial program, budget and policies and procedures to follow all relevant laws, regulations organizational needs.
Implements policy and procedures according to FIPS-199 classifications.
Developed SSP for system utilizing NIST 800-53 Rev.4 as the framework to meet the requirements of doing business with CMS, State and Local agencies
Supplied project management for implementation of EHR and associated billing and reporting methods
Conducted yearly assessments of system and supplied reports, findings, recommendations for improvement and supplied recommendations for new fiscal year budgeting to meet compliance requirements. Maintained SCTM documenting requirements
Assured client records are correct, current, and accessible ensuring CIA (confidentiality, integrity, and availability) data meets or exceeds the standard
Sets up internal audits and audits by independent auditors as mandated by regulation and need.
Supplied operational oversight and manages compliance for local, state, and federal programs.
Performed system audits for HIPPA requirements and penetration testing.
Functioned as ISSO for managed SSP, risk mitigation plans; contingency plans, documents findings to ensure security requirements are well documented in SSPs completed SAR reports and follows up with IT teams to update and complete POA&Ms.
Participates in agency policy level discussions about Department IT Security standards.
Reviews (POA&Ms) that address IT security weaknesses as part of Continuous Monitoring.
Prepares well-organized, effective SAR reports and presentations to clearly communicate results to team management, colleagues, and clients.
Utilizes the Security Control Traceability Matrix (SCTM) to document the system’s established security requirements throughout the system, assessing the security features, assessing its implementation details, and checking the resources required for annual assessment
11/2014 – 1/2016
CADENENCE/ADT MANAGER, Texas Health Resources
Subject matter expert (SME) for Epic EHR (Electronic Health Record) Cadence, ADT,
Managed access controls for PHI and HIPPA
Developed policies and procedures for access for THR system for all patient access related positions
Managed continuous process improvement, and total quality management through the use six sigma lean process techniques for improvement of Access Services and change management systems to ensure all the changes are updated in the SSP (system security plan).
Conducted and/or take part in departmental or multidisciplinary meetings with executives and stakeholders.
Responsible for the design and implementation of system and entity policies related to data collections corporate compliance program, legal consents, release of information, medical staff bylaws and JCAHO, state, and federal regulations.
Supplied assessment of systems using Special Publications NIST 800-53A for Information Technology Systems, security controls,
Performed SAP application security implementation methodologies, role-based access controls and different applications threats.
Supported audit and compliance activities reviews SAP Maintains the safety and security of network and applications within the database management systems. analyzing the stability and efficiency of the user interface, authorize data access, and performs audits and quality checks
4/2013 – 9/2013
PATIENT FINANCIAL SERVICES MANAGER, Christus Health
Subject matter expert (SME) for Meditech EHR (Electronic Health Record)
Managed access controls for PHI and HIPPA
Developed policies and procedures for access for THR system for all patient access related positions
Managed continuous process improvement, and total quality management through the use six sigma lean process techniques for improvement of Access Services and change management systems to ensure all changes were reflected in SSP (system security plan).
Conducted and/or take part in departmental or multidisciplinary meetings with executives and stakeholders.
Responsible for the design and implementation of system and entity policies related to data collections corporate compliance program, legal consents, release of information, medical staff bylaws and JCAHO, state, and federal regulations.
Supplied assessment of systems using Special Publications NIST 800-53A for Information Technology Systems, security controls,
Supported audit and compliance activities reviews reviewed the safety and security of network and applications within the database management systems. analyzing the stability and efficiency of the user interface, authorize data access, and performs audits and quality checks
8/2011 – 3/2013
REGIONAL PATIENT ACCESS MANAGER, Christus Health
Coordinated and interacted with the client and IT staff with technical understanding of systems and applications to ensure security requirements are addressed during system planning, development, and operations.
Participated in agency policy level discussions of Department IT Security standards.
Performed system audits for HIPPA requirements and penetration testing.
Designed controls for access to critical PHI data.
Developed processes that find and reduce compliance and regulatory risk through education, and implementation of policy that reflects JACHO, CMS and other regulatory bodies.
Meditech analyst and data maintainer for ADM, CWS, OE, Authorization, and referral management.
Supplies quality assurance to ensure the quality of each security artifact and related actions.
Found solutions to meet the user’s needs, conduct trade studies around various technologies and implementations, and integrate these technologies to supply a complete security solution that meets a given set of security requirements.
Prepared risk assessment reports.
Developed system security plans, risk mitigation plans, contingency plans, and disaster recovery plans.
Documented findings and reports to Information system security officer to develop Plans of Action and Milestones (POA&Ms).
12/2007 – 6/2011
PATIENT ACCESS MANAGER, Kettering Health Network
Managed up to seven departments, and up to five facilities, and a total of 150 people.
Supplied diverse services in a hospital setting that included: registration, financial counseling, bed control, insurance verification, admitting, and revenue collections.
Subject matter expert for Epic software builds for the ADM and Cadence modules.
Primary liaison with IT and engineers
Screened access controls and designed ticketing system to supply proper access based on position and need.
Interacted with executive level management, physicians, nurses, and other departments to gather information to develop controls for interconnected systems.
EDUCATION
MAY 2020
MASTER’S SCIENCE, Trident University International
Master’s Certificate Information Technology Information Assurance
SEPT 2009
MASTERS BUSINESS ADMINISTRATION, Trident University International
Master’s Certificate in Conflict and Negotiation Management
MAY 2005
BACHELOR’S SCIENCE, Wilberforce University
Organizational Management
SEPT 2009
ASSOCIATES SCIENCE Sinclair College
Business