Mesa, Arizona, United States
Senior Director, Cybersecurity and Compliance

James Huddleston

James Huddleston is a seasoned Information Security and Risk Management leader with a proven track record in developing and implementing robust security strategies across various industries. He has extensive experience managing Governance, Risk, and Compliance (GRC) frameworks, ensuring alignment with regulatory standards such as HIPAA, PCI, HITRUST, and GDPR. James is adept at leading cross-functional teams, conducting large-scale audits, and presenting to executive boards, driving security initiatives that protect organizational assets.

Governance, Risk, and Compliance (GRC)
Identity and Access Management (IAM)
Cloud Security
Security Architecture
Vulnerability Management
Penetration Testing
Data Protection
Incident Response
Regulatory Compliance
Security Program Management

Experience

Senior Director, Cyber Security and Compliance

Cogitativo

June 2021 - April 2023

  • Delivered presentations to Senior Executives and Board members on program status, customer risk and contracts, compliance, and strategic initiatives.
  • Trained and audited businesses on compliance frameworks and regulations, including HIPAA, HITRUST, SOC2, 800-171, 800-53, Privacy laws (US and International), Risk Assessment, application security, data protection, and data classification.
  • Developed, enforced, and maintained security policies, standards, controls, and procedures to meet extensive governmental, business, client, and regulatory requirements. Managed protection of hundreds of thousands of patient claim records in the cloud.
  • Established and enhanced audit capabilities for Governance, Risk, and Compliance (GRC), ensuring adherence to IT general controls (ITGC), customer, audit, and industry requirements in the healthcare sector.
  • Managed and built Security Oversight and Governance for Enterprise AWS and Azure implementations, including administration, vulnerability management, penetration testing, email security, security patching, firewall oversight, and governance of PHI and PII.

Skills: Governance, Risk, and Compliance (GRC), Security Program Management, Cloud Security, Vulnerability Management, Penetration Testing

Director, Information Security and Compliance

Rogers Corporation

March 2019 - April 2021

  • Collaborated with a team to develop meaningful metrics and content for executive and board-level presentations, enhancing decision-making processes.
  • Trained and audited global business units on GDPR, NIST, application security, data protection, data classification, and customer compliance, ensuring adherence to international standards.
  • Established and enforced comprehensive security policies and standards, including SOX-required IT general controls (ITGC), GRC coverage, and industry-specific requirements such as DOD 800-53.
  • Spearheaded the implementation of ML-based log scanning and reporting, including the use of a third party for log analysis, incident reporting, and threat hunting.
  • Managed the Security Oversight, Data Labeling, and Classification, RBAC, and Governance for an Enterprise Transformation Project, overseeing the implementation of an extensive SAP infrastructure.

Skills: Governance, Risk, and Compliance (GRC), Security Program Management, Cloud Security, Data Protection, Incident Response

Director, Information Security

Jafra Cosmetics

March 2016 - April 2018

  • Built a highly collaborative environment involving business, IT, and security teams, initiating comprehensive security measures such as vulnerability management, penetration testing, privacy compliance, email security, patching, firewall oversight, PCI, and GDPR governance.
  • Reviewed customer and vendor contracts alongside legal and business teams to ensure compliance with data protection regulations, regulatory standards, and contractual obligations.
  • Implemented robust security capabilities within AWS infrastructure, including 24x7 monitoring, patching, incident response, vulnerability scanning and remediation, and web firewall management.
  • Developed and maintained a comprehensive security strategy in collaboration with IT and business units, fostering a proactive approach to security issues and integrating risk and compliance processes.
  • Led the integration of security into IT, business processes, SAP implementation, and application development using ITIL, OWASP, NIST, and ISO 27001 frameworks.

Skills: Security Architecture, Cloud Security, Vulnerability Management, Data Protection, Incident Response

Director, Information Security and Compliance

PetSmart

August 2014 - February 2016

  • Collaborated with the team to develop meaningful metrics and content for Executive and Board-level presentations, enhancing decision-making and transparency.
  • Directed a team of eight in performing critical functions such as access administration, architecture, engineering, privacy management, vulnerability management, risk assessment, penetration testing, application security architecture, malware protection, SOX and PCI compliance, SAP security administration, vendor risk management, and policy administration.
  • Revamped the Vulnerability Management Program to include comprehensive regular scanning of the entire enterprise infrastructure, incorporating remediation management for enhanced security.
  • Built a secure DevOps environment integrated with security tools and process checkpoints, facilitating secure software development and IT operations.
  • Initiated and led the program to rebuild enterprise Identity and Access Management (IAM) capabilities, including new tool selection, integration of single sign-on (SSO), and automated provisioning to reduce risk and ensure compliance with regulations.

Skills: Identity and Access Management (IAM), Vulnerability Management, Security Architecture, Cloud Security, Penetration Testing

Director, Global IT Risk Management

Publicis Groupe

October 2007 - April 2014

  • Initiated, led, and established the first Global Information Risk and Governance Program, encompassing Information Security and Disaster Recovery across three major datacenters and over 200 locations worldwide.
  • Developed and maintained a comprehensive Global Strategy for Security and Risk Program, ensuring 100% accuracy and alignment with business and IT requirements.
  • Partnered with Business Executives on Customer Information Protection, integrating security measures into client pitches as a demonstrated value add.
  • Successfully integrated security protocols into IT, business processes, and application development using ITIL, OWASP, and ISO 27001 frameworks.
  • Ensured involvement of both IT and business units in the Global Strategy for Security and Risk Program, promoting collaboration and cohesive implementation.

Skills: Governance, Risk, and Compliance (GRC), Security Program Management, Data Protection, Security Architecture, Incident Response

Senior Director, Identity and Policy Management

Health Care Service Corporation (HCSC) - Blue Cross Blue Shield

January 2004 - November 2006

  • Oversaw the implementation of an enterprise-wide Governance, Risk, and Compliance (GRC) system with automated role-based identity management, integrating oversight controls and processes to maintain security policies.
  • Led Compliance and Governance initiatives, interacted with Audit teams, and participated in the Executive Security Board, ensuring comprehensive security oversight.
  • Managed HIPAA audits and compliance with a dedicated team of 50, ensuring adherence to regulatory requirements and maintaining high standards of data protection.
  • Directed the implementation of a Corporate Identity and Access Management (IAM) program, overseeing all Information Security policies and coordinating audits and the remediation of audit findings.
  • Responsible for SOX implementation and compliance, chaired the Corporate Security Council, and managed a budget of over $5M, supervising a team of more than 55 full-time and consultant staff members.

Skills: Governance, Risk, and Compliance (GRC), Identity and Access Management (IAM), Regulatory Compliance (HIPAA, PCI, GDPR, etc.), Data Protection, Security Program Management

Education

Bachelor of Science in Computer Science

Roosevelt University

Certifications

Certified Information Systems Security Professional (CISSP)

ISC2

Certified in the Governance of Enterprise IT (CGEIT)

ISACA

Certified Information Security Manager (CISM)

ISACA

Certified Information Privacy Professional (CIPP)

IAPP

Ready to get started?

We are experts in finding you the experts you need. Our professionals are vetted through the most rigorous standards, ensuring you receive expertise that’s not just proven but also ahead of the curve in industry knowledge and practices.