Cindy Harro

Security, Compliance and Risk Program Director, Healthcare Cloud - IBM Watson Health

In Cindy’s current role as IBM Security, Compliance and Risk Management Director, she is responsible for ensuring that IBM’s “Watson Platform for Health” Cloud is secure and handles protected health information in accordance with global regulatory requirements, including HIPAA.  She provides guidance to 400 software developers by defining and verifying security and compliance controls in software designs, managing security vulnerability penetration testing and governing security risk.  Cindy is responsible for ensuring that the software environment is ready to pass all regulatory audits.

In previous roles, Cindy was responsible for the global deployment of security compliance and risk management tools, for managing the 2-tier role based access controls for 2500 financial services employees and for the global compliance governance of hundreds of client accounts.

Cindy’s success in leading the development of secure and regulatory compliant systems comes from her early beginnings as a software developer.  She graduated from the Pennsylvania State University with a B.S. in Computer Science and worked as a software developer, DBA and eventually manager of large scale custom SW development and ISV configuration projects.  This hands-on practitioner experience has given her the unique ability to “speak the language” of software developers, making compliance requirements understandable and easily executable, reducing compliance cost and development timelines. 

Cindy studied the field of IT Auditing and earned the distinction of Certified Information Systems Auditor (CISA) in 2015 after demonstrating years of experience related to the profession and mastering the competency exam.  She applies her ability to “think like an auditor” when defining, requesting and reviewing compliance evidence from IT teams, contributing to her success in passing IT audits. 

Cindy has become a trusted advisor to senior executives on security and regulatory compliance topics, with the ability to make requirements and risks clear to non-technical business executives as well as technical executives.  She earned the distinction of Certified Information Systems Security Professional (CISSP) in 2016.