Chip Wolford Managing Director Chip is a Managing Director in Protiviti’s Technology Consulting practice focusing on Data Security & Privacy. He presently leads Protiviti’s Data Security practice and focuses on Payment Card Industry and Healthcare Information Security as well as supporting clients via the broad spectrum of Protiviti cybersecurity offerings. Chip has worked specifically with complex organisations managing security compliance requirements in cloud-based environments including Amazon Web Services, Microsoft Azure, and Google Cloud Platform. For nearly 15 years, Chip has executed a variety of consulting engagements for clients across multiple industries with a focus on enabling IT organisations through effective strategy and strong security. Major Projects Security & Privacy – Lead multiple network and application security assessments; lead engagements focused on assisting clients identify sensitive data and the business, contractual/regulatory, and customer requirements for securing this data; led teams that take data security requirements and develop solutions and strategies to achieve organisational goals via implementation of improved network and application architecture, security tools, and enhanced business processes. PCI Solutions – Provided a full range of PCI consulting services including assessments of PCI Compliance readiness prior to ROC and gap analysis; development of remediation roadmaps and strategies focused on effective compliance while minimising scope and overall cost; execution of PCI compliance activities for merchants and service providers. Responsibilities included executing overall project management activities; identifying risks and controls for critical information technology processes; reviewing process-level documentation; and providing assistance with gap analysis, testing, and remediation efforts. Healthcare Information Security & Audit – Assessed HITRUST Common Security Framework readiness of a state’s largest healthcare provider organisation over two year period; leading assessment of over 1000 applications aligned with HIPAA risk analysis requirements; multiple reviews associated with HIPAA Security Rule compliance and implementation of controls across a variety of industries; assist orgs with incident response for potential breach notification; provided HITRUST CSF Certification services to multiple organisations including a global managed hosting technology provider, biomedical technology company, payer organisations, and global business services organisation; provided oversight and project execution for healthcare provider IT internal audit function for 10+ years. IT Strategy & Project Management- Provided project risk management oversight for $150 million EMR implementation; assisted $500 million retail organisation with development of multi-year IT strategy emphasising portfolio consolidation and IT organisational alignment with business strategy; assisted $6 billion manufacturing organisation in architecture and business strategy behind global WAN optimisation. Business Continuity Management - Assisted organisations (Fortune 500 and non-profit) in performing business impact analyses related to the loss of their IT systems; interviewed business representatives, IT professionals, and executives to determine required recovery time and point objectives; analysed and evaluated potential recovery strategies including costs. Areas of Expertise IT Consulting Security and Privacy IT Internal Audit Industry Expertise Healthcare Retail Manufacturing Energy & Utilities Consumer Products & Services High Tech & Electronic Financial Services Education BS – Management Information Systems, Miami University BS – Management & Organisations, Miami University Professional Memberships and Certifications Payment Card Industry Qualified Security Assessor (PCI QSA) Certified Information Systems Auditor (CISA) Certified Common Security Framework Practitioner (CCSFP)