Profiles search
Julie Anne Chua, PMP, CAP, CISSP
Risk Management Branch Chief at U.S. Department of Health and Human Services
Columbia, MD, United States
Details
Experience:
Office of Information Security (OIS), within the Department of Health and Human Services (DHHS) Office of the Chief Information Officer (OCIO).
Serves as the GRC Risk Management Branch Manager, which : (1) oversees and coordinates activities aimed to enhance HHS capabilities to effectively manage information system-related security risks; (2) collaborates with Staff Divisions (StaffDivs) and Operating Divisions (OpDivs) to ensure risk-related information and decisions are made with consideration to HHS strategic goals and objectives, core missions, business functions, and acceptable risk posture; (3) works with OpDivs and StaffDivs to ensure risks are managed consistently across the Department to reflect HHS risk tolerance and ensure mission/business success; (4) collaborates with GRC Governance and Compliance Branch Managers, the Privacy Branch Manager, and the GRC Division Director to meet GRC objectives to provide oversight and execution of OIS risk management and compliance programs that protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and information systems; and (5) works with OIS and OCIO leadership to facilitate enterprise-level, risk-based decision making and set the vision and direction for the Risk Management Program and risk management strategies for HHS
2015 : Present
U.S. Department of Health and Human Services
Manager, HHS Risk Management
The Office of the Chief Privacy Officer (OCPO) is responsible for advising the National Coordinator on privacy, security, and data stewardship of electronic health information, and coordinating ONC's efforts with similar privacy officers in other Federal agencies, state and regional agencies, and foreign countries with regard to the privacy, security, and data stewardship of electronic, individually identifiable health information.
OCPO exercises this policy-focused role by conducting research, drafting and disseminating reports that support policy positions, staffing the HITPC and HITSC Privacy and Security workgroups, and guiding the recommendations of those workgroups through the Federal policy-making process. The OCPO is also responsible for supporting the development and coordination of privacy and security implementation efforts within ONC's HITECH (Health Information Technology for Economic and Clinical Health) programs.
Responsible for performing tasks related to supporting the work of OCPO to ensure that electronic health information is secure and protected.
Contributes to the implementation of a comprehensive security and cybersecurity program that addresses both short-term objectives in supporting early gains in health IT adoption, as well as long-term objectives in creating a secure and protected health IT infrastructure for health information exchange. Constantly re-assesses security policy as the technological models for maintaining and sharing health information rapidly evolve (e.g. from on-site hardware to mobile devices and cloud computing).
Identifying emergent security/cyber security technical issues; reviewing and analyzing emerging technology in light of existing security policy and research informational security approaches in other industries.
Participating, preparing background material, and providing SME direction & guidance for advisory committees, internal working groups and other agencies involved in HIT security/cyber security.
2013 :
US Department of Health and Human Services
Information Security Specialist
Responsible for the overall vision, company direction, and organizational culture; manages company and project-specific budgets, cash flow, forecasts, and documentation; lead role in the acquisition of new projects that align with company goals and mission. Lead Project Manager on major projects with a focus on federal information security policies and regulations, enterprise-level software application development, and innovative mobile applications development.
2006 :
Intellisae LLC
Principal and Consultant
Serves as the GRC Risk Management Branch Manager, which : (1) oversees and coordinates activities aimed to enhance HHS capabilities to effectively manage information system-related security risks; (2) collaborates with Staff Divisions (StaffDivs) and Operating Divisions (OpDivs) to ensure risk-related information and decisions are made with consideration to HHS strategic goals and objectives, core missions, business functions, and acceptable risk posture; (3) works with OpDivs and StaffDivs to ensure risks are managed consistently across the Department to reflect HHS risk tolerance and ensure mission/business success; (4) collaborates with GRC Governance and Compliance Branch Managers, the Privacy Branch Manager, and the GRC Division Director to meet GRC objectives to provide oversight and execution of OIS risk management and compliance programs that protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and information systems; and (5) works with OIS and OCIO leadership to facilitate enterprise-level, risk-based decision making and set the vision and direction for the Risk Management Program and risk management strategies for HHS
2015 : Present
U.S. Department of Health and Human Services
Manager, HHS Risk Management
The Office of the Chief Privacy Officer (OCPO) is responsible for advising the National Coordinator on privacy, security, and data stewardship of electronic health information, and coordinating ONC's efforts with similar privacy officers in other Federal agencies, state and regional agencies, and foreign countries with regard to the privacy, security, and data stewardship of electronic, individually identifiable health information.
OCPO exercises this policy-focused role by conducting research, drafting and disseminating reports that support policy positions, staffing the HITPC and HITSC Privacy and Security workgroups, and guiding the recommendations of those workgroups through the Federal policy-making process. The OCPO is also responsible for supporting the development and coordination of privacy and security implementation efforts within ONC's HITECH (Health Information Technology for Economic and Clinical Health) programs.
Responsible for performing tasks related to supporting the work of OCPO to ensure that electronic health information is secure and protected.
Contributes to the implementation of a comprehensive security and cybersecurity program that addresses both short-term objectives in supporting early gains in health IT adoption, as well as long-term objectives in creating a secure and protected health IT infrastructure for health information exchange. Constantly re-assesses security policy as the technological models for maintaining and sharing health information rapidly evolve (e.g. from on-site hardware to mobile devices and cloud computing).
Identifying emergent security/cyber security technical issues; reviewing and analyzing emerging technology in light of existing security policy and research informational security approaches in other industries.
Participating, preparing background material, and providing SME direction & guidance for advisory committees, internal working groups and other agencies involved in HIT security/cyber security.
2013 :
US Department of Health and Human Services
Information Security Specialist
Responsible for the overall vision, company direction, and organizational culture; manages company and project-specific budgets, cash flow, forecasts, and documentation; lead role in the acquisition of new projects that align with company goals and mission. Lead Project Manager on major projects with a focus on federal information security policies and regulations, enterprise-level software application development, and innovative mobile applications development.
2006 :
Intellisae LLC
Principal and Consultant
Company:
U.S. Department of Health and Human Services
About
Serves as the Branch Chief of the Risk Management Program within the HHS Office of Information Security (OIS) She is responsible for establishing a Department-wide enterprise risk management program and overseeing high visibility/high priority initiatives including identification and protection of HHS’ most critical high value assets and the HHS FedRAMP and Cloud Security Program. Julie also has a lead role in Healthcare and Public Health Sector public-private partnerships on many HHS cybersecurity initiatives to help push forward security and resiliency across the sector. Prior to joining OIS, Julie was the Cybersecurity Team Lead within the HHS Office of the National Coordinator for Health IT (ONC) leading Critical Infrastructure cybersecurity efforts.
Profile Photo
