Daniel M. Briley

Daniel M. Briley

Daniel Briley is an information security and privacy professional with over 20 years of experience as an Information Security & Privacy Officer in both the finance and healthcare industries. He has served clients in diverse organizations with a primary focus on IT governance, risk management and corporate compliance. Dan is a Certified Information Systems Security Professional (CISSP) and a Certified Information Privacy Professional (CIPP). He is a member of the adjunct faculty at Pacific University, where he teaches in the Masters in Healthcare Administration program.

SECURITY & COMPLIANCE EXPERIENCE

Financial – As a Business Information Security Officer for a Fortune 500 multinational financial firm, Dan led the compliance integration efforts for a multibillion dollar merger and acquisition project, and he adapted all aspects of the Information Security and Compliance program to meet new international corporate standards. Efforts included incident and data breach response program, policy and standards update, third party assessments, and export control restrictions. Regulatory environment included Sarbanes-Oxley, Gramm-Leach Bliley, California SB-1386 Data Breach Legislation, Office of the Comptroller of the Currency, US Department of State, and the Securities and Exchange Commission.

Mortgage Lending – As a team leader in one of the largest privately held companies in the United States, Dan built the privacy program from inception into a department of analysts and programs dedicated to ensuring the organization’s technology and procedures remained compliant with a dynamic patchwork of state and federal privacy laws. Success was achieved through remediating outstanding audit issues, enhancing the risk assessment program, and building a privacy framework into the fabric of the culture of the company.

Healthcare – As the Information Security Officer for a 1,000-bed, multi-state healthcare system, Dan developed an information security team and program which included security engineering, compliance, and identity management functions. He was responsible for all information security budget and regulatory compliance throughout the health system. Dan used industry-accepted frameworks such as ISO 27002 and NIST 800-series documentation to socialize the management team to best practice concepts. He demonstrated success of the program by providing metrics dashboards and risk profile updates to the executive teams. The regulatory environment included HIPAA, The HITECH Act/ARRA, The Joint Commission, Meaningful Use Criteria, and state data breach laws.

University and Research Laboratories – Dan provided technical expertise for a NASA national laboratory and California university. He implemented security technologies such as firewalls and virtual private networks and provided support for mission critical data visualization systems used during missions such as Mars Pathfinder.


Credentials

EDUCATION, LICENSES & CERTIFICATIONS

University of Redlands, Masters in Business Administration

California State University Fullerton, Bachelor of Arts

Certified Information Systems Security Professional (CISSP)

Certified Information Privacy Professional (CIPP)

RECENT PUBLICATIONS AND PRESENTATIONS

Contributing Author: American Bar Association’s Data Security Handbook, Mobile Device Section. Published by the American Bar Association

Member of the Project Team: The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security. Published by the American National Standards Institute (ANSI)

PROFESSIONAL ASSOCIATIONS

ISC2 – The International Information Systems Security Certification Consortium

IAPP – The International Association of Privacy Professionals

Automat:ee