Greg Bassett, Developer in Basking Ridge, NJ, United States
Greg is available for hire
Hire Greg

Greg Bassett

Verified Expert  in Engineering

Cybersecurity Executive and Compliance Program Developer

Location
Basking Ridge, NJ, United States
Toptal Member Since
February 28, 2023

Greg is a seasoned and highly qualified cybersecurity and compliance executive. He has built and led cybersecurity and compliance teams in different healthcare, financial services, and pharmaceutical organizations throughout his career. Greg's proven expertise in technical, administrative, and procedural controls for information protection allows him to help businesses keep their critical information secure, confidential, and intact.

SecurityData PrivacySecurity Policies & ProceduresCybersecurityAmazon Web Services (AWS)DevSecOpsWeb SecuritySaaSCloud SecurityNetwork SecurityDatabase SecuritySQLPHPIT Service Management (ITSM)Information SecurityCMMC

Portfolio

Vault Health
Cybersecurity, IT Management, IT Service Management (ITSM), SaaS...
KPMG
Data Privacy, HIPAA Compliance, IT Management, Policy, NIST...

Experience

IT Management - 20 yearsHIPAA Compliance - 15 yearsRisk Analysis - 15 yearsCybersecurity - 15 yearsRisk Assessment - 15 yearsData Privacy - 15 yearsSOC 2 - 10 yearsSOC Compliance - 10 years

Availability

Full-time

Preferred Environment

Risk Assessment

The most amazing...

...thing I've done is creating and staffing successful cybersecurity and compliance programs in both startups and large, established companies.

Work Experience

Director of Information Security and Technology

2020 - 2022
Vault Health
  • Created Vault's internal IT program, supporting all aspects of this healthcare startup during critical growth and onboarding over 3,000 new medical professionals and 200 new staff members.
  • Built an initial team of IT professionals to support the organization's acquisition growth with the completion of over 10 million COVID-19 tests and 600,000 vaccinations. We implemented the support COVID-19 antigen testing program nationwide.
  • Developed the information security program, hiring the initial staff and implementing policies and procedures for all aspects of information security—identify, protect, detect, respond, and recover.
  • Completed the SOC 2 Type 2 assessment and the annual SOC 2 program.
  • Managed the integration with an acquired company and rationalized application portfolios, security architecture, security operations, and GRC programs.
  • Spearheaded all client security inquiries, including questionnaires, RFP responses, and sales proposals.
  • Migrated the enterprise from Google Workspace to Microsoft 365, improving security posture and reducing costs.
  • Launched the IAM synchronization program to improve onboarding and offboarding speed and compliance.
  • Developed NIST-based information security policies covering all business areas, including newly acquired companies, resulting in improved compliance, alignment with industry standards, and client expectations in highly regulated industries.
Technologies: Cybersecurity, IT Management, IT Service Management (ITSM), SaaS, Platform as a Service (PaaS), IaaS, Coaching, Strategic Planning, Incident Management, Information Security, Information Security Management Systems (ISMS), Security Policies & Procedures, Policy Development, IT Security, Network Security, SOC Compliance, Risk Analysis, Risk Assessment, Policy, NIST, IT Project Management, Security, Cloud Security, Web Security, Amazon Web Services (AWS), DevSecOps, IT Security, IT Project Management, Project Management, Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Plans (DRP), Compliance

Director, IT Policy and Compliance

2016 - 2020
KPMG
  • Created and implemented the firm's first NIST 800-171, HITRUST, and PCAOB compliance programs.
  • Expanded the firm's SOC 2 compliance program by 3x, covering $1.5 billion in annual revenue.
  • Led the complete overhaul of the firm's IT policies, simplifying the language and reducing conflicting and contradicting sets of requirements, procedures, and standards.
  • Drove out stalled remediation plans, closing 95% of all the internal audit PCAOB inspection findings and improving the firm's general IT control posture.
  • Absorbed the firm's stalled Archer GRC development and support program, accelerating key program expansions with security incident management, vendor management, and application risk assessment functions, and executive dashboarding.
  • Developed staffing plans for recruitment and doubled the size of the team.
  • Created and led firm-wide NIST 800-171 awareness and education efforts.
  • Coordinated with security architecture programs to align key programs with long-running remediation plans and security and compliance gaps.
Technologies: Data Privacy, HIPAA Compliance, IT Management, Policy, NIST, Cybersecurity Maturity Model Certification (CMMC), SOC 2, System-on-a-Chip (SoC), Security Policies & Procedures, Policy Development, IT Security, SOC Compliance, Risk Analysis, Risk Assessment, Information Security, Information Security Management Systems (ISMS), IT Project Management, Security, Cloud Security, Web Security, Amazon Web Services (AWS), IT Security, IT Project Management, Project Management, Compliance

Global Pharmacovigilance Surveillance System

Managed the deployment, support, and ongoing development of a custom pharmacovigilance surveillance system for a Fortune 50 company.

The system supported global regulatory compliance for a multi-billion dollar portfolio of drugs and products marketed in over 240 countries. The platform was used by drug safety staff in the USA, Belgium, England, and Australia.

RFP/RFI/Client Security Inquiry Experience

At Vault Health, I worked on all client security inquiries, questionnaires, documentation, audits, and follow-ups. I was tasked with reviewing and responding to all RFP/RFI and contracts for security and compliance requirements. These typically were from large enterprise customers and state and county governments from across the US. In this role, I created a repository of assessments and responses; developed standardized SIG and HECVAT questionnaires; developed whitepaper and blog post content on the companies security and compliance program and developed processes for collaborating with the sales organization for self-serving this content for business development opportunities. These processes accelerated the sales closing process by several weeks, leading to explosive growth in revenue.

Client Security Inquiry | KPMG

While at KPMG, I led my team through a complete overhaul and build-out of a SOC 1 and SOC 2 reporting service. We grew the function to support $1.5 billion of revenue, with 100% clean reports through several years worth of reports. The functional improvements included appropriate readiness assessment for new applications, clear descriptions and implementations of controls, and control alignment across the portfolio of applications and with internal audit and regulatory requirements (PCAOB, HIPAA, FedRAMP, CMMC, etc.). This function also closely collaborated with the client security inquiry team, ensuring an up-to-date status of SOC audits and remediation plans were published for consumption by the CSI organization.

Paradigms

HIPAA Compliance, Management, DevSecOps

Platforms

Amazon Web Services (AWS)

Industry Expertise

Cybersecurity, Network Security

Other

SOC Compliance, SOC 2, Risk Analysis, Risk Assessment, IT Management, Data Privacy, IT Project Management, Security Policies & Procedures, Policy Development, Technology, IT Security, CISSP, Security, IT Security, IT Project Management, Project Management, SaaS, Cloud Security, Web Security, Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Plans (DRP), Compliance, IT Service Management (ITSM), Platform as a Service (PaaS), IaaS, Coaching, Strategic Planning, Incident Management, Information Security, Information Security Management Systems (ISMS), Policy, NIST, Cybersecurity Maturity Model Certification (CMMC), System-on-a-Chip (SoC), Encryption, Networking, Data Protection, Software Development Lifecycle (SDLC), RFPs, RFQs, ITTs, Responses, Proposals & Quotes, RFI Response, Contract Management, Audits, SOC 1, FedRAMP, Internal Audit Function

Storage

Database Security

Languages

PHP, SQL, HTML

2009 - 2011

Master's Degree in Technology Management

Stevens Institute of Technology - Hoboken, NJ, USA

2000 - 2002

Bachelor's Degree in Business Administration

Centenary University - Hackettstown, NJ, USA

JANUARY 2007 - APRIL 2019

CISSP – Certified Information Systems Security Professional

(ISC)²

FEBRUARY 2004 - PRESENT

Project Management Professional (PMP)

Project Management Institute (PMI)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring