Alan E. Hajek

• Leads a team in identifying and addressing vulnerabilities in the IT environment.
• Established scanning techniques to ensure accurate and comprehensive data dissemination to the IT team.
• Developed relationships with stakeholders and executives to streamline vulnerability remediation processes.
• Provided up-to-date vulnerability metrics to executives for reporting purposes.
• Heads internal Red-Team activities.
• Oversees third-party risk management for technical risk reviews.

Skills: Vulnerability Management, Cybersecurity Operations, Incident Response, Leadership and Team Management, Risk Management

• Served as BISO for Investments, Retirement Plans, and Ancillary Departments.
• Acted as the primary subject matter expert for FINRA and HIPAA, managing technical designs, assessments, and remediation plans.
• Collaborated with the Chief Risk Officer, CIO, and CISO to develop standardized FINRA and HIPAA security rule implementations and policies.
• Conducted application and system-specific FINRA and HIPAA security gap assessments and documented and tracked remediation plans.
• Created and maintained NIST risk assessments, tracking risks and vulnerabilities to the confidentiality, integrity, and availability of electronic health information.
• Coordinated with various security teams to ensure appropriate monitoring of ePHI in scope systems.

Skills: Governance, Risk, and Compliance (GRC), HIPAA Compliance, Risk Management, Security Program Management, Vulnerability Management

• Directed IT security operations, tracking compliance and reporting on security metrics.
• Hired, trained, and managed cybersecurity personnel, providing leadership and ensuring project completion aligned with client goals.
• Developed a 5-year security infrastructure and staffing plan in line with the NIST Security framework.
• Enhanced security perimeter through the implementation of projects to protect PII, PHI, and PCI data.
• Fostered a people-first culture and streamlined processes to sustain team success.

Skills: Cybersecurity Operations, Leadership and Team Management, Security Program Management, Vulnerability Management, Technical Project Management

• Ensured compliance with HIPAA and OCR investigation best practices, collaborating with staff and compliance officers to protect PHI.
• Redesigned and implemented technology solutions aligned with HIPAA regulations, including security infrastructure.
• Led IT staff recruitment, enhancing operations through IT expertise and project prioritization.
• Successfully resolved OCR and Federal DHHS Office of Civil Rights complaints with proactive solutions, avoiding fines.

Skills: HIPAA Compliance, Security Program Management, Incident Response, Governance, Risk, and Compliance (GRC), Leadership and Team Management

• Led core IT projects, processes, and system functionality, transitioning from a legacy IT setup to a modern facility.
• Managed talent acquisition, recruiting, hiring, and onboarding IT personnel.
• Re-engineered IT policies and procedures, implementing change through hands-on training and digital communications.
• Transitioned a dated healthcare facility to a modernized critical access facility valued at $24M.
• Remediated Federal DHHS Office of Civil Rights complaints, protecting PHI and avoiding fines.

Skills: Security Program Management, HIPAA Compliance, Leadership and Team Management, Technical Project Management, Governance, Risk, and Compliance (GRC)

• Established and managed the IT department, implementing security processes and policies.
• Designed, launched, and improved IT infrastructure across multiple locations.
• Led the installation of IT infrastructure for new facilities in Atlanta, Philadelphia, and Dallas.

Skills: Cybersecurity Operations, Leadership and Team Management, Security Program Management, Technical Project Management, Vulnerability Management