Profiles search

Rick Martin

Senior Director Information Security Office - Greystar
Carrollton, TX, United States

Details

Education: Assoc. in Applied Science

Electronic Communications

Spartan College of Aeronautics and Technology

1989 : 1991
Experience: 2021 : Present

Greystar

Senior Director Information Security

Seasoned eGRC / IRM and Audit Leader responsible for development, implementation, and oversight of enterprise IT security risk management program covering iSecurity Operations, Threat and Vulnerability, and Third Party risk for 900+ location healthcare system based on lean principles. This program is designed to address a broad scope of regulatory and contractual controls based on a unified framework derived from NIST CSF, HIPAA, PCI and ISO stan- dards as well as Federal and State legal requirements. As a key foundation to this program the first enterprise Infor- mation Security Policies and Standards were implemented. To coincide with these a standardized risk rating system was created and adopted throughout the enterprise providing calculated risk scores both on the local and enterprise level providing a view of the system’s overall risk posture. Manage a fast paced team of strong leaders addressing vendor management, HIPAA, PCI, Health Plan & general security risk assessments while working with senior leader- ship from all aspects of the organization to address any issues raised from these assessments. Co-authored in con- junction with legal counsel a defendable Information Security Agreement (ISA) now required for all technology and other applicable vendors. Provides communication in various methods at all levels of the system regarding IT and vendor risk and security status beyond just compliance.

2015 : 2021

Baylor Scott & White Health

System Director Information Security - Enterprise Security Audit, Governance, Risk, & Compliance

Sr Security Analyst/Privacy and Governance for American Airlines responsible for process improvement and implementation for Enterprise Governance and Compliance (eGRC) platform. Responsible for managing and responding to Privacy and Governance issues both internal and with third parties. Responsible for assessment, Redesign and implementation of all eGRC process utilizing the Archer platform taking the company from a silo type model to an Enterprise model allowing for full Risk Management and Audit at the enterprise level. Focus on Information Security and Internal Audit & Compliance processes across multiple business units, and clients to meet regulatory and industry controls including PCI, SOX, OSHA, and ISO27001/ISO27002.

2014 : 2015

TekSystems

Sr Security Analyst

Responsible for ensuring compliance with corporate and industry control standards including SOX, ISO 27001, SASE16 and other regulatory controls as required as well as client control requirements.

Managed and Performed Quarterly Access Control Attestations regarding logical and physical access to the corporate environment. Developed and managed the Policy Exceptions process workflow. Managed, Developed and supported all applications utilized by Corporate Security within the Archer application including BCP/DR, facilities, Incident, policy exceptions, attestations, findings, remediation plans, etc. as well as backup Archer Systems Admin. Developed and implemented the vendor management security assessment process and migration into the RSA Archer centralized system for compliance management. Perform security assessments for third party vendors. Reviewed and performed sign off for Corporate Security for vendor contracts (MSAs), SOWs, and additional security documentation.

2012 : 2014

Nationstar Mortgage

Senior Security Compliance Analyst

Managed internal PCI audit for Fujitsu services systems, networks and penetration testing Compliance. Including day to day working with business partners and Fujitsu clients to ensure compliance and preparedness for QSA audit and PCI certification process.

2012 : 2012

Fujitsu

Sr. Security Compliance Engineer
Company: Greystar
Years of Experience: 25

Skills

Analytical Skills, Business Continuity, Business Continuity Planning, CISA, CISSP, Compliance PCI, Computer Security, Control Framework, cybersecurity risk, Data Center, Disaster Recovery, Enterprise Security Risk Management, Governance, Information Security, Information Security Management, ISO 27001, IT Audit, IT Compliance, IT Controls, Network Security, Operating Systems, Performance Management, Process Improvement, Regulatory Compliance, Risk Management, Sarbanes-Oxley Act, Security, Vendor Management

About

An Information Security professional with extensive proven expertise in IT Security, Audit, Governance, Risk, and Compliance and Vendor Management with specific knowledge of SOX, PCI, HIPAA, SEC, FINRA, NIST CSF, ISO 27001 and 22301 & Healthcare / HealthPlan regulatory compliance. Innovative corporate leader in various industries earning a solid reputation for creating and implementing process improvements focused on effective impact. A strong business partner with broad technical knowledge combined with outstanding leadership ability and creative problem solving skills both strategic and tactical. Proven effective communicator with the ability to present to both leaders and workforce complex concepts with experience across both small and large global environments including data centers with mixed computing environments.



Certified Information Systems Security Professional (CISSP) - (ISC)2

Certified Information Systems Auditor (CISA) – ISACA

Certified Lead Auditor: Business Continuity Planning and Disaster Recovery (ISO 22301) Certified Archer eRGC Advanced Administrator

Process Development and Improvement

NIST CSF, HIPAA, PCI

ISO 27001 & 27002

Lean, Agile, ITIL



Specialties: Information Security, Audit and Governance, Privacy, Process Implementation.