Greg Bassett, Developer in Basking Ridge, NJ, United States
Greg is available for hire
Hire Greg

Greg Bassett

Verified Expert  in Engineering

Cybersecurity Executive and Compliance Program Developer

Basking Ridge, NJ, United States
Toptal Member Since
February 28, 2023

Greg is a seasoned and highly qualified cybersecurity and compliance executive. He has built and led cybersecurity and compliance teams in different healthcare, financial services, and pharmaceutical organizations throughout his career. Greg's proven expertise in technical, administrative, and procedural controls for information protection allows him to help businesses keep their critical information secure, confidential, and intact.


Vault Health
Cybersecurity, IT Management, IT Service Management (ITSM), SaaS...
Data Privacy, HIPAA Compliance, IT Management, Policy, NIST, CMMC, SOC 2...




Preferred Environment

Risk Assessment

The most amazing...

...thing I've done is creating and staffing successful cybersecurity and compliance programs in both startups and large, established companies.

Work Experience

Director of Information Security and Technology

2020 - 2022
Vault Health
  • Created Vault's internal IT program, supporting all aspects of this healthcare startup during critical growth and onboarding over 3,000 new medical professionals and 200 new staff members.
  • Built an initial team of IT professionals to support the organization's acquisition growth with the completion of over 10 million COVID-19 tests and 600,000 vaccinations. We implemented the support COVID-19 antigen testing program nationwide.
  • Developed the information security program, hiring the initial staff and implementing policies and procedures for all aspects of information security—identify, protect, detect, respond, and recover.
  • Completed the SOC 2 Type 2 assessment and the annual SOC 2 program.
  • Managed the integration with an acquired company and rationalized application portfolios, security architecture, security operations, and GRC programs.
  • Spearheaded all client security inquiries, including questionnaires, RFP responses, and sales proposals.
  • Migrated the enterprise from Google Workspace to Microsoft 365, improving security posture and reducing costs.
  • Launched the IAM synchronization program to improve onboarding and offboarding speed and compliance.
  • Developed NIST-based information security policies covering all business areas, including newly acquired companies, resulting in improved compliance, alignment with industry standards, and client expectations in highly regulated industries.
Technologies: Cybersecurity, IT Management, IT Service Management (ITSM), SaaS, Platform as a Service (PaaS), IaaS, Coaching, Strategic Planning, Incident Management, Information Security, Information Security Management Systems (ISMS), Security Policies & Procedures, Policy Development, IT Security, Network Security, SOC Compliance, Risk Analysis, Risk Assessment, Policy, NIST, IT Project Management, Security, Cloud Security, Web Security

Director, IT Policy and Compliance

2016 - 2020
  • Created and implemented the firm's first NIST 800-171, HITRUST, and PCAOB compliance programs.
  • Expanded the firm's SOC 2 compliance program by 3x, covering $1.5 billion in annual revenue.
  • Led the complete overhaul of the firm's IT policies, simplifying the language and reducing conflicting and contradicting sets of requirements, procedures, and standards.
  • Drove out stalled remediation plans, closing 95% of all the internal audit PCAOB inspection findings and improving the firm's general IT control posture.
  • Absorbed the firm's stalled Archer GRC development and support program, accelerating key program expansions with security incident management, vendor management, and application risk assessment functions, and executive dashboarding.
  • Developed staffing plans for recruitment and doubled the size of the team.
  • Created and led firm-wide NIST 800-171 awareness and education efforts.
  • Coordinated with security architecture programs to align key programs with long-running remediation plans and security and compliance gaps.
Technologies: Data Privacy, HIPAA Compliance, IT Management, Policy, NIST, CMMC, SOC 2, System-on-a-Chip (SoC), Security Policies & Procedures, Policy Development, IT Security, SOC Compliance, Risk Analysis, Risk Assessment, Information Security, Information Security Management Systems (ISMS), IT Project Management, Security, Cloud Security, Web Security

Global Pharmacovigilance Surveillance System

Managed the deployment, support, and ongoing development of a custom pharmacovigilance surveillance system for a Fortune 50 company.

The system supported global regulatory compliance for a multi-billion dollar portfolio of drugs and products marketed in over 240 countries. The platform was used by drug safety staff in the USA, Belgium, England, and Australia.

RFP/RFI/Client Security Inquiry Experience

At Vault Health, I worked on all client security inquiries, questionnaires, documentation, audits, and follow-ups. I was tasked with reviewing and responding to all RFP/RFI and contracts for security and compliance requirements. These typically were from large enterprise customers and state and county governments from across the US. In this role, I created a repository of assessments and responses; developed standardized SIG and HECVAT questionnaires; developed whitepaper and blog post content on the companies security and compliance program and developed processes for collaborating with the sales organization for self-serving this content for business development opportunities. These processes accelerated the sales closing process by several weeks, leading to explosive growth in revenue.

Client Security Inquiry | KPMG

While at KPMG, I led my team through a complete overhaul and build-out of a SOC 1 and SOC 2 reporting service. We grew the function to support $1.5 billion of revenue, with 100% clean reports through several years worth of reports. The functional improvements included appropriate readiness assessment for new applications, clear descriptions and implementations of controls, and control alignment across the portfolio of applications and with internal audit and regulatory requirements (PCAOB, HIPAA, FedRAMP, CMMC, etc.). This function also closely collaborated with the client security inquiry team, ensuring an up-to-date status of SOC audits and remediation plans were published for consumption by the CSI organization.


HIPAA Compliance, Management

Industry Expertise

Cybersecurity, Network Security


SOC Compliance, SOC 2, Risk Analysis, Risk Assessment, IT Management, Security Policies & Procedures, Policy Development, Technology, IT Security, CISSP, Security, SaaS, Data Privacy, Cloud Security, Web Security, IT Service Management (ITSM), Platform as a Service (PaaS), IaaS, Coaching, Strategic Planning, Incident Management, Information Security, Information Security Management Systems (ISMS), Policy, NIST, CMMC, System-on-a-Chip (SoC), Encryption, Networking, Data Protection, IT Project Management, Software Development Lifecycle (SDLC), RFPs, RFQs, ITTs, Responses, Proposals & Quotes, RFI Response, Contract Management, Audits, SOC 1, FedRAMP, Internal Audit Function


Database Security



2009 - 2011

Master's Degree in Technology Management

Stevens Institute of Technology - Hoboken, NJ, USA

2000 - 2002

Bachelor's Degree in Business Administration

Centenary University - Hackettstown, NJ, USA

JANUARY 2007 - APRIL 2019

CISSP – Certified Information Systems Security Professional



Project Management Professional (PMP)

Project Management Institute (PMI)