Raj Mehta

Raj Mehta


Raj is a Partner with Deloitte Advisory’s Cyber Risk Services.  Raj currently leads the Cyber Security Practice within the Healthcare Provider space across the US. Raj has over twenty-three (23) years of experience in the field of information governance, security, privacy, risk management and compliance within the Healthcare space. His experience includes performing risk assessments, as well as assessing, developing, and implementing strategies and solutions associated with information security and privacy matters, including:

  • Assisting clients with developing their cyber security strategy and defining actionable roadmaps.
  • Assisting clients with Executive reporting and Board Communication on Cyber Security.
  • Conducting IT risk assessments and assisting internal audit departments in planning and conducting IT audits.
  • Compliance Management Strategy and processes leveraging integrated security & privacy frameworks (example sources include HIPAA, PCI DSS, HITRUST, NIST, ISO 27002, etc.
  • Implementing GRC solutions such as Archer and developing risk dashboards for identified target audiences (converting security metrics into meaningful information).
  • Developing strategy, processes, and tools integration for managing cyber security against advanced threats (SOC operations, implementation of SIEM, DLP, etc.).

Professional Activities

  • Raj has assisted in development of the CyberRX 2.0 playbook for HITRUST that can be leveraged for conducting table top exercises related to cyber security incidents within Healthcare environments.
  • Assisted in the planning, designing, and execution of a cyber war game for 12 health plans in the CyberRX:HP HITRUST initiative.
  • Raj has been a President of the Houston Chapter of the Information Systems Audit and Control Association.
  • Raj has been an instructor at the University of Texas (Austin) in lecturing computer audit and security.
  • Raj has given a number of presentations to organizations such as AHIA, ISACA, IIA, HFMA, as well as at the annual HITRUST conference.

Example Experience

  • Assisted one of the nation’s top 10 Children’s Hospitals in assessing HIPAA security and privacy compliance as well as developing a cyber security strategy. Currently supporting remediation efforts.
  • Conducted IT audits over several years for a Children’s Hospital.
  • Assisted six large Health institutions with Meaningful Use Risk Analysis for security and privacy requirements. EHR environments included Cerner, EPIC, eCW, etc.
  • Assisted a very large catholic based Health Care system with implementing and conducting compliance assessments leveraging the HITRUST framework.
  • Developed an information security strategy and implementation roadmap for improving information security controls and compliance management for several large Health systems.
  • Developed third-party risk assessment process for a large University System as well as Health Providers.
  • Assisted a public sector client with FISMA (Federal Information Security Management Act) compliance – from performing the initial assessment, building a compliance roadmap, to implementation of tools and processes (e.g., Identity & Access Management, Data Leakage Prevention, Incident Response Process, etc.).
  • Developed a vendor risk management strategy and process related to information security risk management.
  • Development of the governance structure as well as the content for IT policies, procedures, and standards.
  • Development of Security Awareness and Training Program
  • Data privacy readiness assessments and building roadmaps for risk.

Raj Mehta


Houston Office

Tel:  713.982.2955

e-mail: rmehta@deloitte.com



Information & Technology Risk Management

Enterprise Security Strategy

Information & Technology Governance, Risk and Compliance



MBA (MIS), University of Houston

BS in Accounting, University of New Orleans



Certified Information Privacy Professional (CIPP)

Certified Information Systems Security Professional (CISSP)

Certified Public Accountant (CPA) – Licensed in State of Texas

Certified Information Systems Auditor (CISA)

Health Care Information Security & Privacy Practitioner (HCISPP)

HITRUST (Health Information Trust Alliance) CSF (Common Security Framework) Assessor


SUMMIT | CIO/CISO Virtual – From Foundation to Future

We invite you to join us for Scottsdale Institute’s virtual 2022 CISO Summit, From Foundation to Future, sponsored by Deloitte ...
Read More

SI 2021 CISO Virtual Summit – December 7

CISO Affinity Group | Event Managed Security Services and what others are doing Evolving hacking/threat techniques and counter actions/protections Sharing ...
Read More

SI 2021 CISO Virtual Summit – Strategic Security: Facing Off Against Threats

Join us at Scottsdale Institute’s 2021 CISO Virtual Summit for cyber security, remote workforce, risk mitigation and more topics—all alongside ...
Read More

SI 2020 CISO Virtual Summit: Enterprise Risk Management

The Scottsdale Institute virtually convened 29 Chief Information Security Officers (CISOs) and related senior executives from 24 member organizations for ...
Read More

SI 2019 CISO Summit Highlights

The SI 2019 CISO Summit sponsored by Deloitte was held October 24 & 25. Co-hosts CHRISTUS VP and CISO Fernando ...
Read More

SI 2019 CISO Summit – Cybersecurity Impact of Cloud/Virtual/Mobility

The 2019 SI CISO Summit sponsored by Deloitte was held October 24 & 25. Co-hosts CHRISTUS VP and CISO Fernando ...
Read More

An Introduction to Emerging Healthcare Technologies

Geoff Lougheed, Principal, Raj Mehta, Partner, and Chris Shudes, Principal, Deloitte Consulting, LLP.  Emerging technology trends can seem both elusive ...
Read More

SI 2018 CISO Summit

The Scottsdale Institute 2018 Chief Information Security Officers Summit convened fifteen CISOs from prominent healthcare systems across the country in ...
Read More

Cybersecurity of the Medical Internet of Things: FDA Postmarket Cybersecurity Guidance Update

Russell L. Jones, Partner, Raj Mehta, Partner, Deloitte Consulting, LLP, and Phillip M. Englert, National Director Technology Operations - Physical ...
Read More

SI 2017 CISO Summit

"Best Practice Standards in Cybersecurity Risk Management" The Scottsdale Institute 2017 Chief Information Security Officers Fall Summit brought together 13 ...
Read More