Joseph M. Kurfehs

Experience

• 

  First Investors Corp.

  Jan 1984 - Jan 1986

  Accounts Payable and Tax Specialist
• 

  Prudential Financial

  Jan 1986 - Jan 2002

  System Security Manager
• 

  Horizon Blue Cross Blue Shield of NJ

  Jan 2002 - Jan 2004

  Security Project Manager
• 

  Information Security Management, LLC

  May 2003 - now

  President

  Information Security Management, LLC (ISM, LLC) is a nationwide professional services group. We work with clients to achieve regulatory compliance with globally recognized frameworks, such as PCI, HIPAA, ISO, NIST, and SSAE18 Soc2 audits. We are also an active Qualified Security Assessor firm, registered with the PCI Security Standards Council as a QSA-C.Founded in 2003, we provide expert Security, Risk, and Compliance services to companies as small as a startup to multinational conglomerates. We provide extensive "Big 4" audit experience with a much more affordable and personalized approach. Show less

• 

  Bristol-Myers Squibb Company

  Aug 2004 - Apr 2005

  Project Manager
• 

  University Medical Center of Princeton at Plainsboro

  Apr 2005 - Nov 2008

  Technical Security Officer and IT Manager

  • Served as Technical Security Officer• Served as Change Control Coordinator• Coordinated all audit and monitoring activity, resulting in a nearly flawless PWC audit report• Served as Disaster Recovery coordinator for all security operations and application support• Managed a wide variety of successful system implementation projects, including RSA SecurID, Lawson, and financial applications• Managed a team of application analysts to install, configure, monitor, patch, and support critical financial applications• Managed a team of security analysts to control and provision user access privileges for physicians and supporting staff of the hospital and affiliated medical offices• Managed technical writers to create and document all IT policies and procedures• Managed the operations staff to ensure that all nightly batch jobs, backups, and other processes ran as planned• Partnered with the compliance and legal departments to ensure that the company met all requirements of security, privacy, and HIPAA regulations• Developed an efficient process to control a high volume rotation of student nurses using Role Based Access Control (RBAC) Show less

• 

  Fragomen, Del Rey, Bernsen & Loewy

  Nov 2008 - Dec 2013

  Director of Security and Compliance

  Global Information Security Officer for all domestic and global offices.

• 

  Federal Reserve Bank of New York

  Feb 2014 - May 2014

  Risk Assessment Consultant

  Joined the Risk Assessment Team of FRBNY Information Security as the subject matter expert to perform vendor security assessments on existing and prospective vendors for the Office of Employee Benefits; and assisted with Vendor Security Assurance process enhancements. Analyzed vendors’ security posture such as their technical, administrative and physical controls, risk rated their security weaknesses and recommended remediation for identified gaps.Tested the latest update of RSA Archer risk assessment platform as part of the UAT team.Provided guidance to other team members on an ad hoc basis. Show less

• 

  KPMG US

  May 2014 - Nov 2014

  Risk Management Consultant

  Joined the Risk Management Team for KPMG’s Open Source Software (OSS) Compliance group. Tasked with designing, planning, implementing and managing all aspects of the Firm’s commitment to effective use of OSS. Responsibilities include; task force leadership, policy and procedure creation, source code analysis, building a repository and SharePoint development of Survey’s and Lists.

• 

  Grey Group

  Nov 2014 - Sept 2017

  Global Director of Information Security

  Head of Security, Risk and Compliance for Grey Global, Cohn & Wolfe and Grey Healthcare Group.

• 

  SystemExperts Corporation

  Sept 2017 - Mar 2020

  Head of Compliance Practice

  IT professional with over 30 years of managerial and technical experience. Expertise in IT governance, risk management, security, privacy and regulatory compliance. Extensive experience with the implementation of NIST, HIPAA, PCI and ISO 27000 standards, as well as compliance with GLBA, Privacy Shield and GDRP. Proven track record of delivering business focused solutions to reduce risk while improving operational efficiencies. Customer focused and experienced leader with strong technical skills. Extensive experience managing large and small teams and complex projects. Diversified business background in the financial, legal, “Big 4” audit, banking, pharmaceutical, health, insurance, marketing and advertising industries. Professional Certifications: CISSP, PCIP-QSA,CGEIT, CRISC, CISM, DABCHS (Diplomat, American Board for Certification in Homeland Security) and CHS-III (Homeland Security – Level 3). Show less