In Cindy’s current role as IBM Security, Compliance and Risk Management Program Director, Watson Platform for Health, she leads a team of security, compliance, risk management and software development professionals to build, test and deploy secure and regulatory (i.e. HIPAA) compliant code in an agile environment for IBM’s “Watson Platform for Health” Cloud offering product watsonhealth.ibm.com/Watson-Health-Core.
She is responsible for defining the security and compliance requirements, such as encryption, access authentication, logging and monitoring and disaster recovery for the platform. Her team performs audit controls testing, application vulnerability code scans and penetration testing before implementation, managing risks for senior executive review. Cindy has a successful track record of passing IT audits.
Previously, Cindy has led a wide range of CISO related activities, including leading IBM’s global deployment of security compliance and risk management tools, managing the 2-tier role based access controls for 2500 financial services employees and leading global compliance governance for hundreds of client accounts.
Cindy’s success in leading the development of secure software comes from her early beginnings as a software developer. She graduated from the Pennsylvania State University with a B.S. in Computer Science and worked as a software developer, DBA and eventually manager of large scale custom SW development and vendor SW configuration deployment projects. This hands-on SW practitioner experience has given her the unique ability to “speak the language” of software developers and successfully lead and implement techniques to avoid, identify and resolve security defects earlier in the SW development cycle, reducing cost and improving schedule reliability.
Cindy has become a trusted advisor to senior executives on security and regulatory compliance topics, with the ability to make requirements and risks clear to non-technical business executives as well as technical executives. She is an experienced presenter to large and small audiences.
Cindy earned the distinctions of Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA) after demonstrating years of experience in the profession and mastering the competency exams. Cindy’s “bucket list” includes writing a patent and having it accepted by the US Patent Office. To date, Cindy has written her first patent, on the topic of HIPAA Regulatory Financial Risk, which is currently in the patent submission process.