Tim West, Chief Risk Officer

Tim delivers large-scale projects rebooting security programs in multibillion-dollar organizations and engaging in high-profile projects, including US Federal Corrective Action Plans. As a practitioner and leader, Tim led multiple security teams at a Fortune 25 healthcare organization responsible for Threat & Vulnerability Management and Governance, Risk, & Compliance. Tim has spoken nationally on topics of compliance and technical security, medical devices, and other research topics including cyber security insurance practices. 

Experience

Tim has worked in communications, technology, finance, insurance, and technology industries, with a recent focus on large healthcare providers, plans, and organizations serving the healthcare industry.  

Prior to joining Atredis, Tim was most recently Practice Manager in Accuvant’s Enterprise Risk & Compliance practice leading a team of consultants with a focus to healthcare clients. In that role Tim grew the practice from himself to 10 top professionals in the field with projects supporting clients representing over 100 hospitals, benefit programs including 20 million Americans, major pharmaceutical and retail pharmacy chains, as well as non-healthcare Fortune 1000 organizations. 

Tim has extensive experience in audit response and risk management processes, vulnerability assessment, penetration testing and response. Tim is also experienced with multiple compliance frameworks including HIPAA, HITECH, PCI-DSS, ISO 27001/2, Sarbanes-Oxley, SAS70, FISMA, FedRAMP, and DIACAP. 

Key Accomplishments

Tim successfully delivered to quality and schedule the federal Corrective Action Plan (CAP) for one of the largest HIPAA fines on record. This included an enterprise risk assessment and program development deliverables for most facets of information security in multi-billion dollar organization. 

Tim successfully executed a FISMA compliance effort for a specialized research environment for one of the largest state universities in the US. 

Tim managed a team responsible for executing Department of Defense compliance to DIACAP standards for a multi-billion dollar contract. He successfully achieved Authority to Operate for an infrastructure including over 2500 devices. DIACAP was one of the pre-NIST RMF certification authorization activities for DoD agencies. 

Tim is a member of the organization that created the Executive Council of the Health Information Trust Alliance (HITRUST), an organization formed to provide leadership and a common security framework for healthcare organizations. 

Tim has extensive experience in mergers and acquisitions, including integration of two Fortune 50 organizations as well as multiple organizations with revenues of over one hundred million per year. Tim helped integrate security engineering teams, security/compliance frameworks, and merged client security requirements. 

Tim holds a Bachelors of Science in Business Administration from Southern Illinois University Edwardsville, and was his graduating class’ Commencement Speaker. Tim has been a frequent presenter at national and international security industry conferences.