WiTT & (ISC)2 Present: Risk Assessment & Audit Preparedness, A Panel Discussion

4:30 to 5:00 PM - Networking
5:00 to 6:00 PM - Panel Discussion

Parking Information:  Park in the parking lot in the rear of the building. Follow the WiTT signage to the back entrance of the building on your left to enter.

Panelists and Bios:

Peni Smith
Director, Information Security Operations, HCA Physician Services
CISSP, CISA, CRISC

As the Director of Information Security Operations for HCA Physician Services Group, Peni partners with business, clinical, and IT stakeholders to manage information security risk for over 7,000 healthcare providers in approximately 800 physician practices. Peni has over 17 years of IT audit and security experience, including leading and participating in strategic compliance initiatives such as HITECH/HIPAA Security, Meaningful Use, Sarbanes-Oxley (SOx), and Payment Card Industry Data Security Standards (PCI DSS). She is also an active Information Security professional, currently serving as one of seven voting members on the Metropolitan Government of Nashville & Davidson County Information Security Advisory Board (ISAB). Peni is a Certified Information Systems Security Professional (CISSP), a Certified Information Systems Auditor (CISA), and Certified in Risk and Information Systems Control (CRISC).

Terrie Jennings
IT Compliance Consultant
CISM, CISSP, CRISC

Terrie Jennings has worked in the IT security field in different roles for more than 16 years with Ernst & Young, Clarian Health Partners, Convergs, and most recently, Emdeon. She also served a four-year term as president of the Central Indiana Chapter of ISSA (Information Systems Security Association). She prides herself on aligning security, risk, and compliance to provide a unified IT program. She earned her Bachelor's in Accounting from Ball State University.

Mary Berst
Director, Information Systems Security Compliance and Administration, Nissan North America

Mary has served in various roles at Nissan North America for almost 24 years and has a passion for building teams and employees focused on company success, process improvement, and work life balance. During her career at Nissan, she has been Director, US Manufacturing and NA General Accounting for 15 years, Business Unit Controller for almost 4 years in the Curitiba area of Brazil, and has been the Director, Information Systems Security Compliance and Administration since April of 2010.

Gina Pruitt
Member-in-Charge, Risk Assurance and Advisory Services, KraftCPAs
CPA, CISA, CGMA, CRISC, CQA, CHFP, CEMB, CITP

Gina Pruitt is the Member-in-Charge of the Risk Assurance & Advisory Services practice with KraftCPAs. Her responsibilities include IT audit and consulting, risk management, internal audit, Sarbanes-Oxley audits, service organization control reports, PCI DSS (Payment Card Industry Data Security Standards) compliance, network security assessment and network vulnerability assessment. Gina also oversees regulatory testing related to IT controls for more than 25 banks and attestation services for over a dozen service organization control (SOC) engagements.

Gina has more than 25 years of experience. She spent 10 years in Big 4 public accounting as the partner in charge of the Nashville practice of enterprise risk services (ERS) with Deloitte & Touche. Gina was also the National Healthcare Industry Partner for ERS where she led the development of a National Healthcare Compliance consulting practice, a National NCQA Certified HEDIS consulting practice, and a National HIPAA Assessment and Implementation consulting practice.

In addition, she was the Southeast Regional Director for Internal Audit Services. In this role, Gina was the Director of Internal Audit for a $1 billion retail organization. She was
responsible for performing the annual internal audit risk assessment, developing the annual internal audit plan, hiring and managing more than 40 staff members, and developing and presenting audit reports to the Audit Committee and Board of Directors. Annual audits consisted of financial, operational, IT, and fully-integrated audits.

Gina also managed various procedures for all internal audit clients in the Southeast Region of Deloitte & Touche. Clients included the world's largest tire and rubber manufacturer with more than 50 plants and $2.5 billion in annual revenue as well as a nationwide restaurant and retail chain with more than 600 locations and $2.6 billion in annual revenue.

Moderator and Bio:

Nathan Kennedy
President, (ISC)2 Middle Tennessee Chapter
CISSP, HCISPP, CSSLP, CISM

Nathan Kennedy is a seasoned IT security professional with over 18 years of experience. He holds the following professional certifications: CISSP (Certified Information Systems Security Professional), HCISPP (Healthcare Information Security and Privacy Professional), CSSLP (Certified Secure Software Lifecycle Professional), and CISM (Certified Information Systems Manager). At his current position, Nathan leads a team built to maintain a high level of security around healthcare data systems for the enterprise. This includes technologies such as Data Loss Prevention, Identity Management, Privileged Account Management, Security Software Development Standards, Multi-Factor Authentication, and Security Architecture System Reviews. Nathan is also the security chair for the MITA (Medicaid Information Technology Architecture) Committee which includes presentations and demo development for the annual MMIS (Medicaid Management Information Systems) conference. Nathan also is the Founder and President of the (ISC)2 Middle Tennessee Chapter which includes monthly security sessions delivered to local security professionals for education and certification development.