Profiles search

Steven Vandenburg

Cybersecurity Leader | HITRUST Expert | Full Stack Developer
Atlanta, GA, United States

Details

Experience: 2023 : Present

Enlace Health

VP, Information Security and Technology Operations

2022 : 2022

Enlace Health

VP, Information Security

2021 : 2022

Enlace Health

Director, Information Security

2020 : 2021

Cotiviti

Senior Manager, Security Audit

• Successfully led the HITRUST Security Assessment Certification project. Analyzed more than 500 engineering, privacy, and security requirements. Developed policies, procedures, and technical solutions to meet those requirements, and coordinated resources from the security, engineering, compliance, and technical support teams to address any requirement gaps.

• Led the company through their first successful SOC 2 report

• Managed the Security Audit program by determining testing efficiencies, identifying controls that enable a stronger security posture, improving internal reporting, mitigating risk, and reducing the burden on the business.

• Communicated results of security assessments to clients, and address any follow-up questions.

• Educated employees on audit procedures and requirements by hosting training session and providing learning material.

• Evaluated client contracts to ensure security assessment requirements are met.

2017 : 2020

Cotiviti

Manager, Information Security
Company: Enlace Health
Spoken Language: English

About

HITRUST (CCSFP) & CISA certified professional with a decade of experience delivering control design, implementation, and testing services to companies as both an internal leader and a trusted external partner. This experience has come across organizations from start-ups to large public companies within the financial services, healthcare, and technology industries. Proven ability to lead multiple teams in a wide range of operational and technical control reviews including SOC 1 & 2 readiness and attestations, business and technology risk and control assessments, and Sarbanes–Oxley 404 attestation reviews. Skilled project manager with experience in system implementations. Senior management and board level communicator, skilled at analyzing the business impact of control observations.



As a Full-Stack Developer I've built projects using React, NodeJS, Vanilla JS, PostgreSQL and Python.



Challenger to established norms and processes to drive change and improve efficiency. Creator of questions to provoke brainstorming by examining: changes in technology, incentive structures, and social trends. Always learning.



Specialties:

HITRUST

SOC 1 / SSAE 16 /SSAE 18/ ISAE 3402 / SAS 70

SOC 2 / Trust Services Principles

Internal Audits

Control Gap Analysis

Risk Assessments

Compliance Audits

Operational Reviews





Industry Experience:

Advertising Software

Asset Management

Banking

Broker-dealers

Cloud Hosting Facilities

Co-location Facilities

Financial Modeling Software

Financial Trading Software

Financial Valuation Software

Fund Administrators

Healthcare

IT Hosting Services

Managed IT Services

Media Management Software

Music Licensing and Rights Management

Retirement Plan Administration

Software as a Service (SaaS)

Securities Lending Software

Trust Companies

University Endowments





Knowledge of Various Security and Risk Frameworks, including:

HITRUST CSF

NIST 800-53

ISO 27001

COSO 2013

SIFMA

Webtrust/SysTrust