Randy Bunnell

Education: Master of Business Administration - MBA

Management Information Systems

Bentley University - McCallum Graduate School of Business

1997 : 1999

Bachelor of Science - BS

Criminal Justice

Northeastern University

1989 : 1994

Experience: Building information security programs for Health and Human Services.

2023 : Present

NH Department of Health and Human Services (DHHS)

Security Relationship Manager

Perform as a vCISO supporting your organization during customer inquiries, audits or certifications (ISO 27001, GDPR, HITRUST, SOC 2).

Ensure compliance for cyber insurance, certifications or customer contractual requirements.

Support supplier management from evaluating vendor products, reviewing contracts, negotiating pricing and implementation.

Perform third-party risk assessments on your critical vendors.

Develop policies, procedures, business continuity or incident response plans.

2023 :

Secnado, LLC

vCISO - Information Security, Compliance, and Risk Consulting Services

Supported information security initiatives and charged to develop a change management program for

our IT and DevOps functions.

Notable Achievements :

 Worked collaboratively with M&A team to successfully transition 21 security application

operations, 320 vendors, and technical controls to Verily from Onduo merger.

 Achieved annual HITRUST certification for the Onduo product and organization while developing

a GRC team member to support the program going forward.

 Mentored a team to build and develop a GRC program which successfully introduced audit,

issues and exception management programs.

2022 : 2023

Verily

Technical Program Manager - Information Security

Built and led the information security program (HITRUST & PCI) to ensure the confidentiality, integrity

and availability for our members that rely on our healthcare team and our technology that supports them.

Notable Achievements :

 Successfully delivered strategic direction on security program with support from C-level

executives and on budget of $1.2M.

 Built a HITRUST policy library, security education and awareness

 Working collaboratively with IT, legal, compliance, HR and business lines - achieved HITRUST

certification, HIPAA compliance and CMS certification for Medicare/Medicaid business.

 Supported sales and client management team that provided information security assurances to

current and prospective customers (30 mid-large market employers and insurers).

 Developed risk classification for 300+ vendors and third-party risk assessments to address critical

business exposures in the supply chain.

 Collaborated with business leaders to develop access appropriate-to-role process particularly for

privileged systems access to 40 critical applications containing highly confidential information.

 Partnered with legal on BAAs and contractual security compliance requirements for vendors and

customers.

2019 : 2022

Onduo, LLC a Verily company

Director, Chief Information Security Officer

Responsible for compliance of information security controls, risk assessments and ISO 27001 certification. Primarily supported automotive industry working with German/European Data Privacy (GDPR) and South Korea Privacy laws.

Notable Achievements :

 Delivered on Technical and Organizational controls for privacy (GDPR) requirements.

 Successfully addressed an OSHA audit by developing and delivering a risk management program

across healthcare product lines using a new risk methodology called FAIR.

 Implemented information security controls for public cloud environments (Azure).

 Implemented a vendor management program to perform annual compliance assessments.

2018 : 2019

Nuance Communications

Information Security - Governance, Risk and Compliance

Company: NH Department of Health and Human Services (DHHS)

Years of Experience: 28