Chad Bairnsfather, CISSP
Education:
Bachelor of Science
Electrical Engineering
Louisiana State University and Agricultural and Mechanical College
Experience:
2023 : Present
EmployBridge
Senior Director, Information Security
In my current role, I develop, implement and monitor strategic, comprehensive enterprise information security and IT risk management program. I coordinate and consult with management in developing, maintaining, enforcing, and promoting awareness of security policies, procedures, and standards.
I also create complete set of security policies and standards in coordination with business and IT stakeholders to support compliance with HIPAA, PCI-DSS, NYDFS, and other regulatory obligations. I coordinate with legal on security reviews of client contracts and vendor data protection agreements.
Key Achievements :
• Established Policy Review Board and Security Steering Committee as part of the corporate support structure.
• Implemented successful IT compliance oversight program that includes ongoing control management, control documentation, internal audits, and external audits for SOX, NYDFS, and PCI-DSS.
• Built robust ecosystem for security monitoring by deploying SIEM, dashboards, metrics, reporting, and endpoints for all identity providers, security systems, infrastructure, and cloud services.
• Strengthened user access control procedures by leveraging personal expertise with Single Sign-On (SSO), multi-factor authentication, privileged access management, and entitlement reviews.
• Showcased management skills by hiring and motivating talented security and compliance staff.
• Hardened AWS cloud infrastructure through continuous monitoring and compliance checks of system configurations using native and open-source tools such as GuardDuty, CloudTrail, Macie, and Prowler.
• Achieved compliance with regulatory requirements like HIPAA and NYDFS.
• Implemented technology and procedures for Security Operations.
• Developed SOX program, fully audited/tested with no audit findings.
2021 : 2022
Health IQ
Senior Director Information Security, CISO
Significant Accomplishments :
• Successfully elevated organization from Level 3 to Level 1 PCI Compliance.
• Added business continuity staff, tools, plans, and procedures for annual testing.
• Successfully added web application security staff, tools, and procedures.
• Developed vulnerability management processes for risk-based threat intelligence feeds inclusion, vulnerability scanning, internal and external penetration testing, and remedial tracking.
2016 : 2021
Elixir (formerly EnvisionRxOptions)
Director of Information Security
In this role, I developed information security policy and implemented security measures to protect data from unauthorized access, modification, or destruction. I also evaluated corporate security control effectiveness through annual assessments based on HIPAA security rule requirements and persistent threats to business operations.
To exploit vulnerabilities in computer software or hardware, I maintained awareness of new threats to computer security and latest methods used by hackers. I created corporate application security program which incorporated security testing within SDLC.
I also provided quarterly security metrics to Compliance Committee showing ROI of capital and operational investment and highlighting areas of risk mitigation. I directed implementation of new security technologies including Next-Gen Firewalls, IPS/IDS, Web Filtering, Encryption, VPN, Mobile Device Management (MDM), and SIEM.
Some key achievements are :
• Developed framework for security operations following a ChenMed Board of Directors approval of an 185% increase in annual budget for personnel and technology purchases.
• Led initiatives to hire initial staff for security operations, network security, and application security.
• Spearheaded testing, procurement, and migration to Next-Gen Firewalls.
• Successfully added SIEM, VPN, Web Security technologies.
• Played pivotal role in establishing ChenMed's Information Security Program.
• Implemented physical security controls and monitored them through periodic security inspections of more than 40 medical center and business office locations.
2013 : 2016
ChenMed
Director of Information Security
I provided strategic advice on using technology to achieve goals and designed IT systems and networks ensuring right architecture and functionality.
I served as architect of enterprise-wide Data Loss Prevention System with integrations to Email, Firewalls, Web Proxies, and Endpoints. I also implemented Mobile Device Management platform and BYOD policy.
I provided Tier 4 Infrastructure support to Service Desk and Server Administrators. I revised existing systems and suggested improvements.
My key achievements in this role were :
• Built enterprise-wide monitoring system using System Center Operations Manager (SCOM) and real-time network health dashboards for Service Desk to enhance IT SLAs by ~50%.
• Secured Microsoft Exchange and Active Directory.
• Established Mobile Device Management system for corporate and personal mobile devices.
• Developed solution to prevent data loss from email, network traffic, and endpoints.
2011 : 2013
Broward Health
I.T. Security and Systems Consultant
Company: EmployBridge
Years of Experience: 13
Throughout my career, I have demonstrated my expertise in Information Security, cyber security, and incident response, as well as tactical planning and execution. In doing so, I have advanced objectives for consistent organizational growth and success.
Furthermore, I have a history of exceeding the expectations of my employers by focusing on delivering outstanding results. Connect with me if you are looking to network with other industry professionals. You also can contact me at bairnsfatherc@gmail.com with any comments or questions about my work. I am always interested in making new professional contacts.