Gary Isaac

Sarasota FL |  gary@thesecurityassessor.com

Professional Summary

Multi-talented IT professional with over 10 years of experience testing and supporting over 400 Health IT clients on Office of National Coordinator (ONC) compliance requirements. Four years' experience running HITRUST cybersecurity assessments. Ideal candidate for organization that maintains ONC and HITRUST certification with cloud computing environments. Certified Information Systems Auditor (CISA) and Certified CSF Practitioner (CCSFP) with Master of Science in Cybersecurity and Information Assurance degree. Excelled at managing high risk clients under HITRUST rejection and the Office of Inspector General (OIG) Corporate Integrity Agreements (CIAs). Self-motivated and deadline-oriented with a track record of on-time deliverables.

Skills

Security Control Assessment

- NIST Risk Management and Security Standards
- HITRUST CSF

Workflow Management

- Microsoft Excel, Power Automate
- Project Management

Healthcare Compliance

- ONC, HITECH/21st Century Cures Acts test methods and standards, HL7, CCDA

Work History

Senior Assessor | 2021 to Present

Engagement Lead | 2020

Certified CSF Practitioner | 2017 to 2019

Drummond Group | HITRUST Services Business Unit
Sarasota, FL (Remote)

Five years’ experience in the HITRUST Services business unit. Pivotal team member from inception to launch of the service line. Worked with the Director of Business Strategy to identify revenue projections. Gained more experience and responsibility during the development of the program. Brought in due to my success working with over 400 healthcare IT vendors spanning 10 years in the Healthcare Compliance Services business unit. Promoted three times during five years resulting in Senior HITRUST Assessor leading special projects and interim assessments.

HITRUST Senior Assessor (January 2021 – Present)

  • Special Projects: Resolved difficult assessments such as those rejected by HITRUST QA. Established and maintained positive collaborative relationships with clients and stakeholders.
  • Assessor: Scored security controls for assessments with tight timelines as part of team resource allocation.
  • Interim Assessment Lead: Interfaced with clients through entire engagement and interacted with all levels of client organizations. Created test and project plans. Developed an automated system with Microsoft Power Automate and MyCSF Analytics reports for population and random sampling controls.

HITRUST Engagement Lead (January 2020 - December 2020)

  • Promoted to Engagement Lead in early 2019.
  • Managed up to 8 assessments at the same time. Made a project management and assessor workflow automation system.
  • Assessed organizations of varying size and complexity to compliance with security control requirements.

HITRUST Certified CSF Practitioner (April 2017 – December 2019)

  • Examined the readiness of clients with diverse environments before approval for the validated assessment.
  • Reviewed the organizations’ policy and procedure documents making up their Information Security Management Plan (ISMP).
  • Inspected security tools and logs, network and application vulnerability scans, penetration reports, access management, and data protection artifacts submitted by organizations.

Technical Review Manager | 2019 to 2020

Health IT Test Proctor | 2010 to 2018

Drummond Group | Healthcare Compliance Services Business Unit
Sarasota, FL (Remote)

Promoted to Technical Review Manager within Drummond Group’s Certification Body. Reviewed test events performed by the test lab approving the product for certification or sending them back for additional testing. Required deep technical knowledge to pinpoint compliance requirements in the Office of National Coordinator (ONC) Meaningful Use and the 21st Century Cures Act legislation.

Technical Review Manager (January 2019 - December 2020)

  • Evaluated a high volume of certified products each quarter to determine if changes required additional testing.
  • Created unique test plans based on complaints made to the ONC and reportable events for clients under Corporate Integrity Agreements initiated by the Office of Inspector General.
  • Managed and maintained client relationships in high stress situations while ensuring the resolution of non-compliance issues.

Health IT Test Proctor (October 2010 – December 2018)

  • Stepped in quickly with minimal training to run functional tests for over 200 Health IT products for the 2011, 2014, and 2015 editions of Meaningful Use.
  • Expert knowledge of the ONC’s standards with an emphasis on interoperability and data blocking specifications.
  • Customer relationship focused helping the Drummond Group Test Lab capture over 80% of the Meaningful Use certification market.

Education

Master of Science in Cybersecurity and Information Assurance

  Western Governors University | 2020

Graduate Diploma in Institutional Administration

Concordia University | 1995

Bachelor of Arts, History

Concordia University | 1991

Certifications

Certified Information Systems Auditor (CISA) 

ISACA | 2016

Certified CSF Practitioner (CCSFP)

HITRUST Alliance | 2017

Certified Ethical Hacker (CEH)

EC-Council | 2019

Certified Hacking Forensic Investigator (CHFI)

EC-Council | 2019