Randy Bunnell
Education:
Master of Business Administration - MBA
Management Information Systems
Bentley University - McCallum Graduate School of Business
1997 : 1999
Bachelor of Science - BS
Criminal Justice
Northeastern University
1989 : 1994
Experience:
Building information security programs for Health and Human Services.
2023 : Present
NH Department of Health and Human Services (DHHS)
Security Relationship Manager
Perform as a vCISO supporting your organization during customer inquiries, audits or certifications (ISO 27001, GDPR, HITRUST, SOC 2).
Ensure compliance for cyber insurance, certifications or customer contractual requirements.
Support supplier management from evaluating vendor products, reviewing contracts, negotiating pricing and implementation.
Perform third-party risk assessments on your critical vendors.
Develop policies, procedures, business continuity or incident response plans.
2023 :
Secnado, LLC
vCISO - Information Security, Compliance, and Risk Consulting Services
Supported information security initiatives and charged to develop a change management program for
our IT and DevOps functions.
Notable Achievements :
Worked collaboratively with M&A team to successfully transition 21 security application
operations, 320 vendors, and technical controls to Verily from Onduo merger.
Achieved annual HITRUST certification for the Onduo product and organization while developing
a GRC team member to support the program going forward.
Mentored a team to build and develop a GRC program which successfully introduced audit,
issues and exception management programs.
2022 : 2023
Verily
Technical Program Manager - Information Security
Built and led the information security program (HITRUST & PCI) to ensure the confidentiality, integrity
and availability for our members that rely on our healthcare team and our technology that supports them.
Notable Achievements :
Successfully delivered strategic direction on security program with support from C-level
executives and on budget of $1.2M.
Built a HITRUST policy library, security education and awareness
Working collaboratively with IT, legal, compliance, HR and business lines - achieved HITRUST
certification, HIPAA compliance and CMS certification for Medicare/Medicaid business.
Supported sales and client management team that provided information security assurances to
current and prospective customers (30 mid-large market employers and insurers).
Developed risk classification for 300+ vendors and third-party risk assessments to address critical
business exposures in the supply chain.
Collaborated with business leaders to develop access appropriate-to-role process particularly for
privileged systems access to 40 critical applications containing highly confidential information.
Partnered with legal on BAAs and contractual security compliance requirements for vendors and
customers.
2019 : 2022
Onduo, LLC a Verily company
Director, Chief Information Security Officer
Responsible for compliance of information security controls, risk assessments and ISO 27001 certification. Primarily supported automotive industry working with German/European Data Privacy (GDPR) and South Korea Privacy laws.
Notable Achievements :
Delivered on Technical and Organizational controls for privacy (GDPR) requirements.
Successfully addressed an OSHA audit by developing and delivering a risk management program
across healthcare product lines using a new risk methodology called FAIR.
Implemented information security controls for public cloud environments (Azure).
Implemented a vendor management program to perform annual compliance assessments.
2018 : 2019
Nuance Communications
Information Security - Governance, Risk and Compliance
Company: NH Department of Health and Human Services (DHHS)
Years of Experience: 28
- Security certified programs for a healthcare start-up and a speech recognition product.
- Client-facing customer assurance of security controls.
- A global security application support team providing follow-the-sun coverage.
- Industry inclusion for incident response; business continuity plans and testing.
- Building a sustainable global cyber security prevention and detection team.
My industry experiences include healthcare, technology products, automotive and financial services.
My work philosophies include understanding the business to better protect it, build relationships with
mutual respect, lead by example with integrity, reliability/dependability and continuous improvement.