Profiles search

Chad Bairnsfather, CISSP

Ambitious and goal-driven Chief Information Security Officer with 15+ years of expertise in information and security risk management in fast-paced, demanding environments.
Hollywood, FL, United States
Details

Education: Bachelor of Science

Electrical Engineering

Louisiana State University and Agricultural and Mechanical College

Experience: 2023 : Present

EmployBridge

Senior Director, Information Security

In my current role, I develop, implement and monitor strategic, comprehensive enterprise information security and IT risk management program. I coordinate and consult with management in developing, maintaining, enforcing, and promoting awareness of security policies, procedures, and standards.

I also create complete set of security policies and standards in coordination with business and IT stakeholders to support compliance with HIPAA, PCI-DSS, NYDFS, and other regulatory obligations. I coordinate with legal on security reviews of client contracts and vendor data protection agreements.

Key Achievements :

• Established Policy Review Board and Security Steering Committee as part of the corporate support structure.

• Implemented successful IT compliance oversight program that includes ongoing control management, control documentation, internal audits, and external audits for SOX, NYDFS, and PCI-DSS.

• Built robust ecosystem for security monitoring by deploying SIEM, dashboards, metrics, reporting, and endpoints for all identity providers, security systems, infrastructure, and cloud services.

• Strengthened user access control procedures by leveraging personal expertise with Single Sign-On (SSO), multi-factor authentication, privileged access management, and entitlement reviews.

• Showcased management skills by hiring and motivating talented security and compliance staff.

• Hardened AWS cloud infrastructure through continuous monitoring and compliance checks of system configurations using native and open-source tools such as GuardDuty, CloudTrail, Macie, and Prowler.

• Achieved compliance with regulatory requirements like HIPAA and NYDFS.

• Implemented technology and procedures for Security Operations.

• Developed SOX program, fully audited/tested with no audit findings.

2021 : 2022

Health IQ

Senior Director Information Security, CISO

Significant Accomplishments :

• Successfully elevated organization from Level 3 to Level 1 PCI Compliance.

• Added business continuity staff, tools, plans, and procedures for annual testing.

• Successfully added web application security staff, tools, and procedures.

• Developed vulnerability management processes for risk-based threat intelligence feeds inclusion, vulnerability scanning, internal and external penetration testing, and remedial tracking.

2016 : 2021

Elixir (formerly EnvisionRxOptions)

Director of Information Security

In this role, I developed information security policy and implemented security measures to protect data from unauthorized access, modification, or destruction. I also evaluated corporate security control effectiveness through annual assessments based on HIPAA security rule requirements and persistent threats to business operations.

To exploit vulnerabilities in computer software or hardware, I maintained awareness of new threats to computer security and latest methods used by hackers. I created corporate application security program which incorporated security testing within SDLC.

I also provided quarterly security metrics to Compliance Committee showing ROI of capital and operational investment and highlighting areas of risk mitigation. I directed implementation of new security technologies including Next-Gen Firewalls, IPS/IDS, Web Filtering, Encryption, VPN, Mobile Device Management (MDM), and SIEM.

Some key achievements are :

• Developed framework for security operations following a ChenMed Board of Directors approval of an 185% increase in annual budget for personnel and technology purchases.

• Led initiatives to hire initial staff for security operations, network security, and application security.

• Spearheaded testing, procurement, and migration to Next-Gen Firewalls.

• Successfully added SIEM, VPN, Web Security technologies.

• Played pivotal role in establishing ChenMed's Information Security Program.

• Implemented physical security controls and monitored them through periodic security inspections of more than 40 medical center and business office locations.

2013 : 2016

ChenMed

Director of Information Security

I provided strategic advice on using technology to achieve goals and designed IT systems and networks ensuring right architecture and functionality.

I served as architect of enterprise-wide Data Loss Prevention System with integrations to Email, Firewalls, Web Proxies, and Endpoints. I also implemented Mobile Device Management platform and BYOD policy.

I provided Tier 4 Infrastructure support to Service Desk and Server Administrators. I revised existing systems and suggested improvements.

My key achievements in this role were :

• Built enterprise-wide monitoring system using System Center Operations Manager (SCOM) and real-time network health dashboards for Service Desk to enhance IT SLAs by ~50%.

• Secured Microsoft Exchange and Active Directory.

• Established Mobile Device Management system for corporate and personal mobile devices.

• Developed solution to prevent data loss from email, network traffic, and endpoints.

2011 : 2013

Broward Health

I.T. Security and Systems Consultant

Company: EmployBridge

Years of Experience: 13

Skills Amazon Web Services (AWS), Application Security, business continuity, CISSP, Cloud Computing, Computer Security, Cyber Defense, Cybersecurity, Disaster Recovery, Encryption, Enterprise Risk Management, Enterprise Security, executive management, Firewalls, HIPAA, Identity Management, Incident Response, Information Security, Information Security Management, Information Security Standards, Information Technology, ISO Standards, IT Management, IT Risk Management, IT Security Assessments, IT Security Operations, Leadership, Management, Network Security, NIST, NIST 800-53, OWASP, Payment Card Industry Data Security Standard (PCI DSS), PCI DSS, Physical Security, project management, Risk Analysis, risk assessment, Risk Management, sarbanes-oxley act, Security, Security Awareness, Security Information and Event Management (SIEM), Security Management, Security Operations, Security Risk, Vendor Management, Vulnerability Assessment, Vulnerability Management, Vulnerability Scanning, Exchange 2010/2007/2003, Active Directory, Blackberry Enterprise, Group Policy, Windows Server, Citrix Metaframe, Windows 7, Servers, Microsoft SQL Server, IT Operations, IIS, XP, ITIL, DNS, VMware ESX, VMware Infrastructure, VPN, Virtualization, vSphere, Powershell, Blackberry Enterprise Server, IT Leadership, Information Security Governance, Information Security Awareness, Threat & Vulnerability Management, IT Compliance, IT Strategy, IT Business Strategy, ssae 16
About I am a results-oriented professional with proven experience in development and implementation of security policies, procedures, and infrastructure to safeguard the confidentiality, integrity, and availability of data. With outstanding interpersonal intelligence and collaborative approach, I have cultivated strategic relationships with operational stakeholders to achieve mutual objectives.

Throughout my career, I have demonstrated my expertise in Information Security, cyber security, and incident response, as well as tactical planning and execution. In doing so, I have advanced objectives for consistent organizational growth and success.

Furthermore, I have a history of exceeding the expectations of my employers by focusing on delivering outstanding results. Connect with me if you are looking to network with other industry professionals. You also can contact me at bairnsfatherc@gmail.com with any comments or questions about my work. I am always interested in making new professional contacts.