Brantley Synco

Experience

• 

  Brookwood Baptist Health

  Jan 2008 - Jan 2017

  In my role, I had the responsibility of managing and conducting rigorous testing of disaster recovery, business continuity, and contingency planning programs. This involved ensuring that the organization was well-prepared to respond to unforeseen events and maintain operational resilience. Additionally, I played a key role in developing comprehensive security policies, procedures, and training programs aimed at fostering a culture of security awareness and readiness among staff. One of the significant achievements during my tenure was the establishment of the HITRUST Framework, which served as a robust foundation for the organization's information security practices. This framework provided a structured approach to managing and enhancing security. I also oversaw the implementation of a suite of security applications and programs, including FireEye IPS, Qualys Vulnerability Scanning, and MaaS 360 MDM applications. These tools played a crucial role in bolstering the organization's overall security posture and ensuring that vulnerabilities were identified and addressed promptly. Furthermore, I chaired both the Information Security Steering Committee and the Market Physical Security Committee. In these leadership roles, I led critical security initiatives and strategies, ensuring that the organization remained proactive and adaptive in addressing evolving security challenges and threats. Show less As the Chief Audit Executive at Baptist Health System, my role was instrumental in ensuring the organization's adherence to best practices and regulatory requirements across various domains. I conducted comprehensive audits encompassing financial, operational, information security, and compliance programs. These audits were critical in maintaining transparency and accountability within the organization, as I regularly presented the findings to the Audit/Integrity Committee of the Board of Trustees. One of the significant accomplishments during my tenure was the founding of the Data Security Committee, which provided essential IT Security Governance for the entire system. This initiative played a crucial role in safeguarding sensitive information and ensuring data security. I also played a key leadership role in the implementation of the EPIC EMR system and the Meaningful Use attestation teams, which significantly enhanced the organization's capabilities in electronic medical records. In addition, I successfully implemented Compliance 360 GRC, ACL Analytics, and Fair Warning applications, strengthening the organization's governance, risk, and compliance infrastructure. This allowed us to proactively manage and mitigate risks while ensuring compliance with regulatory requirements. Furthermore, I directed the Ethics and Compliance program for Baptist Health System, which involved developing and delivering training programs and in-person presentations to employees and physicians, reinforcing a culture of ethical conduct and compliance. Show less

  • Director Information Security

    Jan 2015 - Jan 2017

  • Director of Internal Audit

    Jan 2008 - Jan 2015
• 

  SS&C Technologies

  Jan 2017 - now

  Chief Health Information Privacy & Security Officer

  In my role, I serve as the primary authority on information security elements for SSAE16 (SOC1 and SOC2) and ISO27001 Certifications. This includes acting as the final approver for disaster recovery and business continuity plans at the departmental, group, and technical levels. I collaborate closely with development and operations teams to design and monitor security controls, demonstrating expertise in frameworks and regulations such as NIST 800-53, ISO27001, HITRUST, HIPAA, and HITECH. I also maintained strong collaboration with offshore teams in various locations, including Great Britain, India, New Zealand, and Australia, within the parent corporation. One of my key responsibilities was the development and implementation of the annual security plan, which covered policies, procedures, vulnerability detection and remediation, incident response, control metrics and reporting, training, and vendor evaluation and oversight. I provided advisory support to SS&C Health's top leadership, including the President, CCO, CFO, and CLO, on security and risk-related matters. Additionally, I negotiated security agreements and business associate agreements with both clients and vendors. Responding to security and compliance assessments and inquiries from external parties, such as clients and regulatory bodies, was also a crucial part of my role. Finally, I led efforts to remediate and mitigate vulnerabilities identified through penetration testing and internal scans, and I managed the response to privacy and security incidents, including "Zero Day" events. Show less