James Huddleston

• Delivered presentations to Senior Executives and Board members on program status, customer risk and contracts, compliance, and strategic initiatives.
• Trained and audited businesses on compliance frameworks and regulations, including HIPAA, HITRUST, SOC2, 800-171, 800-53, Privacy laws (US and International), Risk Assessment, application security, data protection, and data classification.
• Developed, enforced, and maintained security policies, standards, controls, and procedures to meet extensive governmental, business, client, and regulatory requirements. Managed protection of hundreds of thousands of patient claim records in the cloud.
• Established and enhanced audit capabilities for Governance, Risk, and Compliance (GRC), ensuring adherence to IT general controls (ITGC), customer, audit, and industry requirements in the healthcare sector.
• Managed and built Security Oversight and Governance for Enterprise AWS and Azure implementations, including administration, vulnerability management, penetration testing, email security, security patching, firewall oversight, and governance of PHI and PII.

Skills: Governance, Risk, and Compliance (GRC), Security Program Management, Cloud Security, Vulnerability Management, Penetration Testing

• Collaborated with a team to develop meaningful metrics and content for executive and board-level presentations, enhancing decision-making processes.
• Trained and audited global business units on GDPR, NIST, application security, data protection, data classification, and customer compliance, ensuring adherence to international standards.
• Established and enforced comprehensive security policies and standards, including SOX-required IT general controls (ITGC), GRC coverage, and industry-specific requirements such as DOD 800-53.
• Spearheaded the implementation of ML-based log scanning and reporting, including the use of a third party for log analysis, incident reporting, and threat hunting.
• Managed the Security Oversight, Data Labeling, and Classification, RBAC, and Governance for an Enterprise Transformation Project, overseeing the implementation of an extensive SAP infrastructure.

Skills: Governance, Risk, and Compliance (GRC), Security Program Management, Cloud Security, Data Protection, Incident Response

• Built a highly collaborative environment involving business, IT, and security teams, initiating comprehensive security measures such as vulnerability management, penetration testing, privacy compliance, email security, patching, firewall oversight, PCI, and GDPR governance.
• Reviewed customer and vendor contracts alongside legal and business teams to ensure compliance with data protection regulations, regulatory standards, and contractual obligations.
• Implemented robust security capabilities within AWS infrastructure, including 24x7 monitoring, patching, incident response, vulnerability scanning and remediation, and web firewall management.
• Developed and maintained a comprehensive security strategy in collaboration with IT and business units, fostering a proactive approach to security issues and integrating risk and compliance processes.
• Led the integration of security into IT, business processes, SAP implementation, and application development using ITIL, OWASP, NIST, and ISO 27001 frameworks.

Skills: Security Architecture, Cloud Security, Vulnerability Management, Data Protection, Incident Response

• Collaborated with the team to develop meaningful metrics and content for Executive and Board-level presentations, enhancing decision-making and transparency.
• Directed a team of eight in performing critical functions such as access administration, architecture, engineering, privacy management, vulnerability management, risk assessment, penetration testing, application security architecture, malware protection, SOX and PCI compliance, SAP security administration, vendor risk management, and policy administration.
• Revamped the Vulnerability Management Program to include comprehensive regular scanning of the entire enterprise infrastructure, incorporating remediation management for enhanced security.
• Built a secure DevOps environment integrated with security tools and process checkpoints, facilitating secure software development and IT operations.
• Initiated and led the program to rebuild enterprise Identity and Access Management (IAM) capabilities, including new tool selection, integration of single sign-on (SSO), and automated provisioning to reduce risk and ensure compliance with regulations.

Skills: Identity and Access Management (IAM), Vulnerability Management, Security Architecture, Cloud Security, Penetration Testing

• Initiated, led, and established the first Global Information Risk and Governance Program, encompassing Information Security and Disaster Recovery across three major datacenters and over 200 locations worldwide.
• Developed and maintained a comprehensive Global Strategy for Security and Risk Program, ensuring 100% accuracy and alignment with business and IT requirements.
• Partnered with Business Executives on Customer Information Protection, integrating security measures into client pitches as a demonstrated value add.
• Successfully integrated security protocols into IT, business processes, and application development using ITIL, OWASP, and ISO 27001 frameworks.
• Ensured involvement of both IT and business units in the Global Strategy for Security and Risk Program, promoting collaboration and cohesive implementation.

Skills: Governance, Risk, and Compliance (GRC), Security Program Management, Data Protection, Security Architecture, Incident Response

• Oversaw the implementation of an enterprise-wide Governance, Risk, and Compliance (GRC) system with automated role-based identity management, integrating oversight controls and processes to maintain security policies.
• Led Compliance and Governance initiatives, interacted with Audit teams, and participated in the Executive Security Board, ensuring comprehensive security oversight.
• Managed HIPAA audits and compliance with a dedicated team of 50, ensuring adherence to regulatory requirements and maintaining high standards of data protection.
• Directed the implementation of a Corporate Identity and Access Management (IAM) program, overseeing all Information Security policies and coordinating audits and the remediation of audit findings.
• Responsible for SOX implementation and compliance, chaired the Corporate Security Council, and managed a budget of over $5M, supervising a team of more than 55 full-time and consultant staff members.

Skills: Governance, Risk, and Compliance (GRC), Identity and Access Management (IAM), Regulatory Compliance (HIPAA, PCI, GDPR, etc.), Data Protection, Security Program Management