Peter K. Studner Associates - Corporate Sponsored Outplacement Services
Home Outplacement For Recruiters For Job-Seekers Resources for
Super Job Search IV
French
Connections
For Our Clients Maps to Our Offices
 


07.554.K.13

Talented Healthcare Technology Professional

A versatile healthcare technology professional with more than 20 years of risk management and audit experience for healthcare, insurance and mortgage banking industry leaders. Personally managed 21 audits with liabilities of up to $1 trillion and risk management projects for information security, regulatory compliance and transparency issues.

Expertise includes outstanding skills in auditing, change management, root-cause analysis, risk management, business continuity and disaster recovery with knowledge of industry, state and government regulations.

PROFESSIONAL EXPERIENCE

Huntington Memorial Hospital, Pasadena, California                                                                          2008-2013

Information Security/Disaster Recovery Specialist, IT Security Officer

Managed the information security risk of the hospital’s technology services for a 625-bed, not-for-profit, acute-care trauma center with a staff of 2,900.

  • Created and implemented two new hospital-wide, automated access request systems that improved access controls and eliminated compliance issues.

  • Enforced compliance with non-IT department controls, including contractor agreements, hospital physical security access and volunteers management.

  • Implemented the information security program, creating and maintaining a culture of security awareness that supported business objectives, compliance requirements and mission of the hospital.

  • Oversaw risk assessment and management, including independent verification of compliance with the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Office of the Inspector General (OIG) statutory and regulatory requirements.

  • Defined and performed complex risk-based audits on a recurring and ad hoc basis for executive management on personnel issues, system access and compliance. Utilized the COBIT Governance framework and regulatory requirements to assess effectiveness of controls.

  • Managed IT related regulatory and external audit inquiries and findings. Guided IT and hospital management with responses and action plans for audit findings. Collaborated with auditors to make sure that control gaps were identified and properly reported. Tested results of audit action plans to validate the mitigation of findings.

  • Provided independent technical assessment of potential risks and risk mitigation plans for technology and clinical projects, including reviews of implementation plans and vendor contracts.

  • Recommended policies, practices and technology solutions for managing information security throughout the hospital.

  • Participated as a permanent active member of the Hospital Emergency Management and Compliance Committees.

  • Collaborated with laboratory staff to identify supporting information system processes and documentation required for compliance with College of American Pathologists (CAP) regulations to support accreditation.

  • Collaborated with clinical technology management in remediating audit findings and addressing management of biomedical equipment containing Protected Health Information (PHI).

  • Developed a computer security breach response plan and management tool for the Information Systems and Clinical Technology departments based on the National Institute of Standards and Technology’s (NIST) resources.

  • Selected and recommended software/service for locating lost or stolen laptops. The service retrieved five of seven laptops and reimbursed the hospital for the cost of the two that were lost.

  • Managed and wrote IT Department and hospital policies and procedures to achieve information security compliance.

Countrywide Financial, Subsequently sold to Bank of America in 2008, Calabasas, California              2006-2008

Vice President, Technology Risk Management (2008)

Provided guidance and recommendations for IT audit-related activities, regulatory exams, due diligence reviews and risk assessments for senior management of one of the world’s largest mortgage lenders and servicers of home loans with more than 60,000 employees.  

  • Managed and facilitated preparation for audits and regulatory exams, including SAS 70 Type II requests and payment card industry (PCI) reviews. Improved the process for managing requests and the work orders for the company’s staff in India.

  • Managed regulatory and audit inquiries and findings. Guided IT senior management with the development of its mitigation plans for audit findings.

Assistant Vice President, Internal Audit (2007-2008)

Developed and maintained client relationships across an organization. Trained and mentored new and experienced auditors, including recommendations for career development and performance counseling.

  • Completed comprehensive risk assessments of business units and developed annual audit plan for senior management.

  • Completed concurrent audits on time in a dual role of auditor-in-charge and audit manager of general computer controls, process audits and Sarbanes-Oxley testing with a staff of ten auditors.

Senior IT Auditor, Internal Audit (2006-2007)

Audited business units, including corporate business continuity, property and casualty insurance, data center operations, bank IT governance and voice network services.

  • Managed up to three audits concurrently with a staff of seven.

  • As auditor-in-charge, utilized computer aided auditing techniques (CAAT) to complete 100% testing of key risk areas of iSeries/AS400 and business continuity audits. All managed audits were completed on schedule and within budget.

  • Designed a new audit approach for COBIT-based IT governance, which was adopted by the IT Audit Department.

Farmers Insurance Group, Los Angeles, California                                                                             1991-2006

Senior Auditing Specialist (1998-2006)

Provided senior management with strategy for data cleanup of 500,000 insurance policies and a business process for validating discounts for the 3rd U.S. largest property and casualty insurance group.

  • Identified system design errors and data integrity issues across three policy systems. 

  • As Audit Lead Consultant of a complex system development project, designed balancing and controls requirements for the IT development teams. 

  • Designed and implemented a system for continuous monitoring of insurance agent fiduciary performance and business practices. This company-wide analysis provided a risk-based approach for audit management to determine the quarterly agency audit schedule for 14,000 agents.

  • Provided extensive support to 120 corporate and field auditors throughout the United States.  This included requests ranging from technical issues to providing data analysis for audits and fraud investigations. 

  • Managed contract and internal auditors during three audit engagements.

  • Managed the laptop replacement project that required testing and deployment of 120 new laptops across the United States. The project was successfully completed ahead of schedule.

  • Managed the department business continuity plan and testing. Developed and implemented a balanced scorecard system to measure organizational effectiveness of the audit department.

Senior Systems Analyst (1995-1997)

Oversaw change control of several concurrent multi-year projects including the Y2K conversion, a vendor software implementation, and a $300 million, in-house system development and maintenance program. This included resolving system and program anomalies in complex CICS and DB2 testing environments as well as coordinating migrations with development and testing teams.

  • Developed SAS systems for Y2K program analysis, change control, vendor software management and production migration metrics.

Advanced Information Methodologist (1991-1994)

Managed a $4 million consultant and vendor training budget.

  • Developed and delivered technical classroom instruction to staff with various technical skill levels. The course subject areas included System Development Life Cycle (SDLC)/change control, e-mail, information management and new employee orientation.

  • Developed standards and procedures for IT departments focused on a large-scale system development project.

  • Collaborated with subject matter experts to develop logical data models for remittance, floater items and recreational vehicles.

EDUCATION & CERTIFICATIONS

Western Governors University, Salt Lake City, Utah

Master of Business Administration, Healthcare Management, Class of 2014

California State Polytechnic University, Pomona, California

Bachelor of Science, Computer Information Systems

Certified Information Systems Auditor (CISA)
Associate in General Insurance (AINS)

Other Courses: GE change acceleration process for leaders, information mapping, preventing harassment, performance expectations, coaching, feedback, performance reviews, employee relations, conflict resolution, communications, emotional intelligence, project management, incident command systems