Timothy B

IT Security Engineer/Analyst/GRC

Not Found • Full-time

Jun 2018 - Oct 2023 • 5 yrs 4 mos

Company name: Acentra Health • Led HITRUST r2 certification efforts, owning control mapping across multiple domains and driving evidence readiness that contributed directly to successful certification • Aligned enterprise security controls to NIST 800-53, identifying gaps and coordinating remediation across business units to improve overall compliance posture • Owned risk register and managed end-to-end remediation tracking across business units, reducing enterprise vulnerability exposure by approximately 30% • Conducted third-party risk assessments including SOC 2, ISO 27001, and penetration test reviews, strengthening vendor security oversight across the supply chain • Deployed and configured SIEM, DLP, AV, and email security platforms, integrating with logging infrastructure to improve threat visibility and detection capability • Led incident response workflows including phishing investigations, triage, and containment activities across enterprise endpoints • Translated technical security findings into business risk language for leadership, enabling informed decisions on risk acceptance and remediation prioritization • Implemented MFA and RBAC access controls, tightening identity security and reducing unauthorized access risk