Hayden L

Information Security Specialist

Company

May 2023 - Present • 3 yrs

Achieved unqualified SOC 2 Type II opinions with zero exceptions and a clean HITRUST CSF r2 certification, strengthening client trust and regulatory standing Supported $25M+ in closed revenue by leading security reviews, compliance responses, and audit readiness during enterprise sales cycles Reduced audit and evidence collection workload by 700+ hours annually through data cleanup, process improvements, and centralized documentation Improved security questionnaire turnaround time by 40–60%, accelerating sales cycles and reducing deal friction Identified and remediated critical control gaps across cloud and endpoint environments, reducing audit findings and operational risk Led vendor risk and security assessment efforts, helping prevent high-risk third-party exposures impacting PHI/PII environments Increased audit readiness and control maturity by standardizing policies, procedures, and control mapping across SOC 2 and HITRUST frameworks

Information Security Consultant

Consulting

Feb 2024 - Apr 2025 • 1 yr 2 mos

Conducted comprehensive vendor risk assessments aligned to SOC 2, HITRUST, and HIPAA, evaluating security controls for third-party SaaS providers handling sensitive data Assessed 50+ vendors across security, privacy, and compliance domains, identifying critical gaps in encryption, access controls, and incident response readiness Reduced third-party risk exposure by delivering actionable remediation plans and working directly with vendors to close high-risk findings Accelerated vendor onboarding by streamlining security due diligence processes, reducing review timelines and eliminating bottlenecks Produced executive-level risk reports with clear scoring and prioritization, enabling leadership to make faster, risk-informed decisions Supported audit and compliance efforts by providing defensible vendor risk documentation and evidence aligned with regulatory requirements Identified and escalated high and critical risk vendors, preventing potential exposure to PHI/PII and strengthening overall security posture Improved vendor assessment turnaround time by 30–50% Reviewed vendors supporting healthcare data environments (PHI/ePHI)

Information Security Analyst II

company

Jul 2022 - Apr 2023 • 9 mos

Performed all-source threat analysis for a CISA-designated critical infrastructure organization, helping protect systems supporting regional energy operations Secured and monitored 2,000+ endpoints, improving visibility and reducing exposure across enterprise environments tied to the power grid Strengthened incident response capabilities by supporting investigations, validating IAM events, and contributing to faster detection and containment of threats Developed and refined security policies, procedures, and incident response playbooks, improving operational consistency and audit readiness Identified and remediated vulnerabilities through continuous monitoring and threat hunting, reducing overall risk across network and endpoint systems Supported implementation and optimization of security tools and controls, improving threat detection accuracy and response efficiency Contributed to maintaining operational resilience and data integrity in a high-availability, mission-critical environment