Sam Githinji CISSP, CISM, CRISC, MBA

Chief Information Security Officer at Children's Hospitals and Clinics of Minnesota

Minneapolis, MN, United States

Details

Experience: Hiring, developing and retaining highly qualified security professionals. Financial planning, budgeting and other administrative responsibilities. Strategizing and directing a comprehensive cybersecurity program including effective governance, policies, practices, and processes and technology solutions that secure Children’s data and systems. Works with executive leaders across the organization and serves as the security subject matter authority by consulting and advising both technology and business. Design and lead key program initiatives including but not limited to security risk management, incident response, security awareness training, insider threat, vulnerability management, access management, monitoring and business continuity.

2021 : Present

Children's Minnesota

Chief Information Security Officer

2021 : 2021

Children's Minnesota

Interim Chief Information Security Officer

Led a diverse group of security professionals including remote workers. Led the overall security program and performed security project management activities across multiple departments. Designed and implemented security risk management program including vendor risk management, internal risk management and management of independent security assessments and audits. Led security operations center including threat intelligence, incident response, investigations and forensics, day to day security activities and managing various tools such as SIEM, DLP, CASB, vulnerability scanners. Owned the relationships with our security vendors including the MSSP.

2017 : 2021

Children's Minnesota

Sr. Manager, Information Security & Compliance

Provided vision, strategy and hands-on execution of HealthPartners IT enterprise risk management program and maintained the relationship between IT and the business to facilitate critical risk reduction decision making. Led all functions of IT risk management program including threat intelligence, risk identification, assessment, measurement, mitigation, monitoring and reporting. Chaired security risk committees, prepared and presented leadership reports and metrics.

2015 : 2017

HealthPartners

Sr. Consultant, Enterprise Technology Risk Management

Managed, led and developed a high performing team of 16 security professionals. Directed all work pertinent to IAM (Identity and Access Management) in the organization. Championed and led the implementation and operationalization of a comprehensive IAM program including technology and processes. Ensured compliance with all applicable SLAs, policies and audit requirements.

2013 : 2015

HealthPartners

Manager, Identity and Access Management

Company: Children's Minnesota

Spoken Language: English, Swahili

About

Solutions-oriented strategic leader with a history of success in developing and leading most effective Technology Risk Management and Cybersecurity programs with a strong business acumen. My top priority is to support business strategies and innovation by reducing technology risk and ensuring compliance with regulatory requirements. In collaboration with key stakeholders, I utilize risk-based approach to drive strategic decisions and implementation of effective security controls and processes to protect data and systems. I thrive in reducing risk exposure, improving and maturing processes and delivering measurable exceptional results.

Over 19 years of IT experience, including 15 years of Information Security leadership.

SKILLS:

Leadership & Management:

•Vision setting, strategizing, execution and oversight.

•Executive presence & executive communication including reporting & presentations.

•Influencing and relationship building at all levels.

•Staff management including hiring, coaching, motivating and developing high performing teams.

•Metrics - KPIs / KRIs development for programs performance and accountability.

•Budget management, project management and resource planning.

•Continuous process improvement and change management.

•Team player, analytical, problem solver and adaptable leader.

Cybersecurity:

•Security program development, implementation and governance.

•Policy and procedure development and enforcement.

•Security Engineering & Architecture design, roadmap and implementation.

•Identity & Access Management overall program development and leadership including automation, Role Based Access Control, MFA, PAM.

•Operational resilience / contingency planning including backups, disaster recovery & business continuity planning.

•Security incident response program development and oversight.

•System monitoring, detection, alerting and threat intelligence leadership.

•Vulnerability management including vulnerability assessments & patch management oversight.

•Security awareness training program leadership.

Technology Risk Management:

•Technology risk management methodologies, identification, assessments, mitigations, monitoring, reporting and expert advice.

•Clear communication of risks and risk reduction strategies to technology and business stakeholders.

•Audit, privacy & compliance leadership – internal/external audits, corrective action planning, regulatory requirements, data classification.

•Third party risk management (TPRM).

•Project & Portfolio risk management.

Frameworks / Standards:

NIST, SCF, ISO, CIS, HITRUST, HIPAA, HITECH, PCI, GDPR, CSA