• • Spearhead the establishment of the Governance, Risk Management, and Compliance (GRC), data privacy, and cybersecurity division for iHealthSync. • Serve as the principal compliance Subject Matter Expert (SME) for strategic planning and business development initiatives, offering critical insights and guidance. • Architect and implement comprehensive compliance policies and procedures to ensure unwavering regulatory adherence, mitigating potential risks and liabilities. • Advise the CIO on Azure security compliance requirements, ensuring robust cloud security strategies and alignment with industry best practices. Responsible for Third Party Risk Management/Managed Service Providers and Vendor Questionnaires

As the Chief Executive Officer/Owner at S. Ingram and Associates, LLC., I spearheaded strategic partnerships with top companies to drive revenue growth and expand market reach. I developed innovative marketing campaigns to increase brand awareness and customer engagement. Additionally, I implemented data-driven decision-making processes to optimize business operations and drive profitability.

In an advisory role, provided expert advisory compliance guidance, leading the development of the following programs: risk management, quality management system, privacy, post-surveillance, SLAs, verification/validation, Third Party Risk Management, working with MSPs and cybersecurity. • Focused on their FDA 510K-approved Software as a Medical Device (SaMD) orthopedic spinal implant product, ensuring compliance with stringent regulatory standards.

• Provided expert risk management guidance to mitigate fiduciary risks of public finance management systems in Zambia. • Collaborated with the Ministry of Health to support USAID initiatives in Africa. • Conducted LOCAL G2G Local Authority Risk Assessments (LARA) to ensure compliance and effectiveness (to include the identification of fraud, waste and abuse.)

• Served as a Subject Matter Expert in establishing detailed project plans for an integrated FDA/ISO Quality Management System, incorporating FDA regulatory-grade, SaMD, real-world data/real-world evidence, 21 CFR Parts 820, 803 and 11, as well as and ISO 9001. • Provided strategic guidance on audit preparation for FDA and pharmaceutical clients, ensuring readiness and successful outcomes. • Advised software engineering and life sciences teams on risk management, providing expert guidance in risk identification, mitigation, control creation, and auditable evidence capture/logging. • Enhanced an internal common control security framework to align with SOC2 and ISO 27001 standards, ensuring comprehensive security coverage. • Participated as a key compliance team member in HITRUST certification activities, addressing HIPAA-related issues and ensuring compliance. • Served as an advisor for the cybersecurity team's incident response tabletop exercises, developing the Master Scenario Event List (MSEL), creating injects, drafting situation reports, defining the comptroller role, and facilitating the hot wash and after-action report.

• Advised on strategic planning issues associated with clinical trial patient data aggregation and IRB requirements, driving informed decision-making and compliance. • Directed vendor responses for multiple security posture/compliance Request for Information (RFI) from prospective clients based upon ISO 27001/27002, HIPAA, and GDPR standards, securing new business opportunities. • Led HIPAA and GDPR documentation review, Audit, Assessment, and Remediation processes, ensuring robust data protection and compliance

Sr. Consultant – Strategy/Cybersecurity, Privacy, Risk Management (SPR) practice - Co-author of Cybersecurity and Medical Devices article for international social media platform publication - Individual contributor to approach and methodology used for the Australian Infosec Registered Assessors Program (IRAP) - Created and presented Cybersecurity Regulations and Issues for Medical Devices to multi-site healthcare provider executive board as a thought leader for Coalfire - Translated and delivered privacy regulations for Mexico and India for delivery to major client - Served as sales support subject matter expert to director of practice (domestic and international) - Conducted gap and risk assessment, auditing and reporting expertise for multiple SPR clients Conduct assessments and audits for entities needing to be compliant with security, cybersecurity, and privacy regulations, domestically and internationally.

Contributor to the DREAM team at Gold Sky, GRC, Info/Cyber Security, Privacy specialist with emphasis on HITRUST engagements.

Perform all duties associated with recovery planning for the SARS CoV 2 pandemic as the incident recovery planner for the Baltimore City Health Department following FEMA guidelines and Incident Command Structure (ICS).

Currently serving as the Audit Team Lead for the Atlanta Public Schools CoVid Readiness Audit, addressing virtual and face-to-face CoVid standards, requirements and expectations from federal, state and local public health guidance perspectives for the district.

As the Executive Advisor at S. Ingram and Associates, LLC., I spearhead strategic partnerships with a variety of organizations to drive revenue growth and increase profitability. My expertise in Governance/Risk/Compliance allows me to establish robust and sustainable compliance programs to ensure their success. I work with Managed Service Providers and conduct Third Party Risk Management activities to include vendor questionnaire submissions. Additionally, I implement strategic, data-driven decision-making processes to optimize business operations.

Lead the Compliance and Risk Practice. Frameworks include: NIST, CMMC, FISMA, FedRAMP, CSRMC, ISO, GDPR, PCI

• Led engagement for two United Kingdom organizations, enhancing their security and privacy frameworks. • Directed engagement for a pharmacy business associate for their HITRUST Self-Assessment towards securing their HITRUST Certification, achieving compliance milestones. • Headed engagement for an international attorney firm for their HIPAA Assessment, ensuring regulatory adherence and data protection. • Led engagement for a virtual physical HIPAA security assessment across three hospital sites, strengthening security posture and compliance. • Investigated a biometric privacy breach, mitigating risks and ensuring data protection. • Established Service Line Documents per CMS for ACA health insurance enrollment candidates, supporting compliance and operational efficiency.