Verified Expert in Engineering
Cybersecurity Executive and Compliance Program Developer
Greg is a seasoned and highly qualified cybersecurity and compliance executive. He has built and led cybersecurity and compliance teams in different healthcare, financial services, and pharmaceutical organizations throughout his career. Greg's proven expertise in technical, administrative, and procedural controls for information protection allows him to help businesses keep their critical information secure, confidential, and intact.
The most amazing...
...thing I've done is creating and staffing successful cybersecurity and compliance programs in both startups and large, established companies.
Director of Information Security and Technology
- Created Vault's internal IT program, supporting all aspects of this healthcare startup during critical growth and onboarding over 3,000 new medical professionals and 200 new staff members.
- Built an initial team of IT professionals to support the organization's acquisition growth with the completion of over 10 million COVID-19 tests and 600,000 vaccinations. We implemented the support COVID-19 antigen testing program nationwide.
- Developed the information security program, hiring the initial staff and implementing policies and procedures for all aspects of information security—identify, protect, detect, respond, and recover.
- Completed the SOC 2 Type 2 assessment and the annual SOC 2 program.
- Managed the integration with an acquired company and rationalized application portfolios, security architecture, security operations, and GRC programs.
- Spearheaded all client security inquiries, including questionnaires, RFP responses, and sales proposals.
- Migrated the enterprise from Google Workspace to Microsoft 365, improving security posture and reducing costs.
- Launched the IAM synchronization program to improve onboarding and offboarding speed and compliance.
- Developed NIST-based information security policies covering all business areas, including newly acquired companies, resulting in improved compliance, alignment with industry standards, and client expectations in highly regulated industries.
Director, IT Policy and Compliance
- Created and implemented the firm's first NIST 800-171, HITRUST, and PCAOB compliance programs.
- Expanded the firm's SOC 2 compliance program by 3x, covering $1.5 billion in annual revenue.
- Led the complete overhaul of the firm's IT policies, simplifying the language and reducing conflicting and contradicting sets of requirements, procedures, and standards.
- Drove out stalled remediation plans, closing 95% of all the internal audit PCAOB inspection findings and improving the firm's general IT control posture.
- Absorbed the firm's stalled Archer GRC development and support program, accelerating key program expansions with security incident management, vendor management, and application risk assessment functions, and executive dashboarding.
- Developed staffing plans for recruitment and doubled the size of the team.
- Created and led firm-wide NIST 800-171 awareness and education efforts.
- Coordinated with security architecture programs to align key programs with long-running remediation plans and security and compliance gaps.
Global Pharmacovigilance Surveillance System
The system supported global regulatory compliance for a multi-billion dollar portfolio of drugs and products marketed in over 240 countries. The platform was used by drug safety staff in the USA, Belgium, England, and Australia.
RFP/RFI/Client Security Inquiry Experience
Client Security Inquiry | KPMG
HIPAA Compliance, Management
Cybersecurity, Network Security
SOC Compliance, SOC 2, Risk Analysis, Risk Assessment, IT Management, Security Policies & Procedures, Policy Development, Technology, IT Security, CISSP, Security, SaaS, Data Privacy, Cloud Security, Web Security, IT Service Management (ITSM), Platform as a Service (PaaS), IaaS, Coaching, Strategic Planning, Incident Management, Information Security, Information Security Management Systems (ISMS), Policy, NIST, CMMC, System-on-a-Chip (SoC), Encryption, Networking, Data Protection, IT Project Management, Software Development Lifecycle (SDLC), RFPs, RFQs, ITTs, Responses, Proposals & Quotes, RFI Response, Contract Management, Audits, SOC 1, FedRAMP, Internal Audit Function
PHP, SQL, HTML
Master's Degree in Technology Management
Stevens Institute of Technology - Hoboken, NJ, USA
Bachelor's Degree in Business Administration
Centenary University - Hackettstown, NJ, USA
CISSP – Certified Information Systems Security Professional
Project Management Professional (PMP)
Project Management Institute (PMI)