Information Security Technology

John J. Fitzgerald, CPA, CISA

Bradford, MA

508-***-**** *******@*******.*** linkedin.com/in/jjfitzgerald-CPA

Director IT, Security, And Regulatory Audit

Professional director internal audit, information technology, and security governance helping business leaders meet objectives as part of internal audit services management, conducting information systems security and governance, compliance, information technology (IT) and financial reporting and operational audits in the health care industry. In-depth knowledge of cyber security, auditing, internal controls, and compliance with legal and regulatory requirements including IT asset risk assessments, vendor information security due diligence reviews, finance, business application controls, IT general controls, and information security controls.

●Highly motivated leader with the innovative ability to manage and mitigate information security risk, meet compliance objectives, and develop solutions while ensuring business alignment, effective governance, system and product availability, integrity, and confidentiality.

●Established strong cross-functional relationships internally and externally based on trust and extensive consulting experience with regulators, big four public accounting firms, and internal customers and business partners.

●Demonstrated record of maintaining discretion, integrity, and confidentiality in protecting sensitive client data and information.

●Ability to anticipate the needs of leadership and motivate teams in a continuous improvement environment to identify solutions that improve security, advance business goals, and positively impact business performance.

●Excellent interpersonal, verbal, and written communication skills.

Core Competencies:

●Audit planning and reporting

●Risk assessment

●Performance improvement

●Cybersecurity

●Analytical skills

●Leadership skills

●Regulatory compliance

●Security requirements

●Fraud detection and prevention

●Project management skills

●IT risk management

●Enterprise risk management

Professional Experience

TEKsystems, Quincy (Feb-2024 -December-2024)

Contract Worker

●SDLC Policy Writing Manager for a major financial institution

●Researched applicable federal regulations regarding SDLC policy, procedures and standards

●Identified gaps in policy and standards and reviewed with management

●Made agreed upon changes to bring existing policies and standards into compliance with regulations and best practices

●Published final policies and standards

●Assisted on other projects as needed

1UPHEALTH, Boston, MA (2021 - 2023)

Sr Program Manager for Security & Compliance

Led the information security function by managing the SOC 2 audit, developing policies to meet customer requirements, responding to information security questionnaires, and managing customer information security audits as well as the HiTrust certification process.

●Conducted IT and security compliance audits and control gap analysis, and proactively worked with engineering, HR, legal and IT teams to ensure implementation of corrective actions in compliance with security policies and customer requirements

●Responded to all customer security assessments (questionnaires and audits) for new and existing customers including those with CMS requirements

●Documented security policies and procedures to develop the security program and respond to findings and customer security requirements

●Managed and provided coaching and training to a security analyst while maintaining a record of timely responses to customer security requests

Key Accomplishments:

●Consistent management of all IT and security related audit and risk assurance functions to meet deadlines.

●Principal point of contact for all customer security audits and questionnaires with a focus on minimizing the impact on the business.

●Successfully managed large security reviews and audits including a long term NIST CSF controls validation review by a large State customer

BLUE CROSS BLUE SHIELD OF MASSACHUSETTS, Boston, MA (1994 - 2020)

Associate Director of Internal Audit (2008 – 2020)

Defined, implemented, and maintained an information security assurance program and associated controls to meet service organization control (SOC1/SOC2), annual audit, Health Insurance Portability and Accountability Act (HIPAA), and HiTrust requirements, and expand security services audit across the principles of security, confidentiality, processing integrity, and availability.

●Managed and provided coaching and training to a cross-functional team of six auditors while ensuring appropriate budget conscious staffing for IT, security, and regulatory audit security services to the company.

●Oversaw operational readiness assessments to ensure implementation of cost-effective new systems and technical changes to existing systems and processes were performed efficiently and effectively in compliance with software development life cycle (SDLC) policies and best practices.

●Conducted IT and security audits and control gap analysis, and proactively worked with operations, security, and IT teams to ensure implementation of corrective actions in compliance with IT and security policies and systems.

●Prepared numerous audit committee and senior management committee status updates regarding internal audit activity including performance metrics on SOC audits, IT and security controls, and regulatory updates.

Key Accomplishments:

●Defined and executed company strategy to implement its first SOC2.

●Implemented the company’s first two HiTrust/National Institute of Standards and Technology (NIST) certifications in the common security framework (CSF).

●Consistent management of all IT audit and security related audit and risk assurance functions to meet deadlines.

●Principal point of contact for all major regulatory audits including Office of Inspector General (OIG), Office of Personnel Management (OPM), Centers for Medicare and Medicaid Services (CMS), Massachusetts Division of Insurance, Internal Revenue Service (IRS), and Massachusetts Department of Revenue (DOR) with a focus on minimizing the impact of audits on the business.

●Developed and implemented risk-based IT audit plans and budgets to provide appropriate coverage across all IT and security related functions, processes, and projects.

Internal Audit Manager (1996 -2008)

Performed multiple audits and investigations to ensure programs were compliant with laws, regulations, and policies, and to minimize or eliminate risk and ensure compliance. Led transformational initiatives, key goals, and activities integrating policies and processes.

●Coordinated all third-party audits (e.g., Internal Revenue) and examiner evaluations (e.g., MA Division of Insurance), managing requests and responses, presenting audit findings and recommendations for implementing agreed upon changes to management, and following up on the ultimate completion of corrective actions.

●Through collaboration with the OIG established and refined audit protocols, including reconciliation of Medicare program expenses, used nationwide in auditing other Medicare contractors.

●Developed annual audit plan and led audits and Sarbanes-Oxley (SOX) (GAAP and Statutory basis) projects. Implemented comprehensive compliance with HIPAA and security audit frameworks based on ISO 27001, ISO 27002, control objectives for information and related technologies (COBIT), Information Technology Infrastructure Library (ITIL), Committee of Sponsoring Organizations of the Treadway Commission (COSO), NIST, and other criteria.

Key Accomplishments:

●Conducted operational and system readiness assessments based on SDLC methodologies.

●Proposed and developed new and revised standard protocols for administrative, financial, and contractual elements of major real estate development projects to address audit findings.

●Coordinated and oversaw audits and testing conducted by the Office of Inspector General of the claims payment process and the Medicare pension segment resulting in identification of $1.8M in previously unclaimed pension dollars.

●Oversaw SOC1 and SOX compliance initiative.

Senior Auditor (1994-1996)

Managed and performed operational and financial statement reporting audit engagements. Performed testing and fieldwork on internal control design and effectiveness, analyzed data and documentation, and prepared and reviewed multiple audit reports to meet compliance requirements for positive organizational change. Assessed audit results and partnered with the business to create pragmatic action plans based on root cause analysis and monitored the ultimate execution and completion of action plans.

●Coordinated and conducted SOX and SOC1 audits to assess the design and operational effectiveness of established management controls (e.g., billing, claims, underwriting, and actuarial processes).

Key Accomplishments:

●Designed and conducted reviews of internal controls based on the COSO framework for all Medicare A and B operations in response to a government mandated certification by senior management.

●Coordinated multiple third-party compliance audits of Medicare operations conducted by the Office of Inspector General.

●Received letter from the Inspector General of Health and Human Services (HHS) noting significant contributions and assistance to OIG auditors in helping establish audit protocols of the complex reconciliation of the Medicare program expenses.

Other Relevant Experience

INDEPENDENT CONSULTANT (1993 - 1994)

●Assisted in preparation of annual and quarterly Securities and Exchange Commission (SEC) filings for a manufacturer.

●Designed policies and procedures for tax compliance reporting at a large nonprofit agency.

PUBLIC ACCOUNTING (1987 - 1992)

●Managed and performed audits, reviews, and compilations of financial statements.

●Prepared business, personal, trust, nonprofit, and retirement plan returns.

●Reviewed quarterly and monthly accounting records for organizations with multiple entities.

Education

Bachelor of Science, Accounting, Bentley College, Waltham, MA

Associate of Science, Management, Bentley College, Waltham, MA

Certifications

Certified Public Accountant, State of Massachusetts

Certified Information Systems Auditor, CISA

Memberships

Member, American Institute of Certified Public Accountants, AICPA

Member, Institute of Internal Auditors, IIA

Member, Information Systems Audit and Control Association, ISACA

Application Proficiencies

●Microsoft Excel, Word, PowerPoint, and Visio)

●Data Analytics

●Skypher

●JIRA

●ACL

●Teammate

Contact this candidate