Director of Enterprise Security – Cyber Fusion Center, Trinity Health
See LinkedIn

David Mahon was appointed Deloitte Global’s Chief Information Security Officer in April 2018, where he is responsible for building and maintaining the organization’s global vision, strategy, and programs necessary to secure Deloitte’s information assets, technologies, and data. Mahon drives the continuous evolution and deployment of Deloitte’s enterprise-wide information risk management program and feels privileged to lead world class cybersecurity talent.

Mahon previously served as the Chief Security Officer (CSO) for CenturyLink, Inc. where he was responsible for various corporate security programs, and as the Vice President of Corporate Security for Qwest Communications International, Inc., prior to the merger with CenturyLink.

As a Supervisory Special Agent with the United States Federal Bureau of Investigation (FBI) for over 27 years, Mahon was responsible for investigating violations of federal statutes in which the Internet, computer systems, and networks were exploited as the targets of terrorist organizations, foreign government sponsored intelligence operations or criminal activities. Mahon managed programs related to white collar crime, crisis management, critical infrastructure protection, and violent crime.

Currently Mahon is a member of the International Security Management Association and Society of Former Special Agents of the FBI.

Bio posted December 2021

CISO, MultiCare Health System
See LinkedIn

Sanjeev Sah serves as VP, Chief Information Security Officer at Centura Health and leads the enterprise-wide Information Security Program.

Sanjeev has previously served in various IT leadership roles including as the Head of Technology at Unum, as Chief Technology Officer at Blue Cross Blue Shield of Louisiana, and as Chief Information Security Officer at Medical University of South Carolina, Texas Children’s Hospital, UNC Charlotte and Amedisys Home Health and Hospice.

With 20 years of technology, cybersecurity and operations experience, Sanjeev has collaborated with stakeholders and partners to deliver and enable clinical and business capabilities.

Sanjeev is engaged in advocacy and outreach activities at federal, state and local levels as well as industry focused public/private partnerships.

Bio updated May 2021

Jigar Kadakia has served as Vice-President and Chief Information Security and Privacy Officer for Mass General Brigham since 2014.  Mr. Kadakia comes to his role having spent more than 20 years in consulting delivering, developing and managing privacy and cyber security implementations for large complex healthcare companies.  He is leading the cybersecurity and privacy program implementation at Mass General Brigham.  The program focuses HIPAA/HITECH compliance, GDPR compliance, Identity Management, cybersecurity training and awareness, EHR risk analysis, third party risk management, privacy incident response and analysis.

Mr. Kadakia earned a B.S. Chemical Engineering with Honors from University of Cincinnati and an MBA from Xavier University.  Mr. Kadakia is a managing board member of the H-ISAC and speaks national on cyber security and privacy related topics.  Mr. Kadakia also holds certifications for security and privacy (CISSP, CIPP, CRISC).

http://linkedin.com/in/jigar-kadakia-6395ba11

Gordon WJ, Wright A, Aiyagari R, Corbo L, Glynn RJ, Kadakia J, et al. Assessment of employee susceptibility to phishing attacks at US health care institutions. JAMA Netw Open 2019 Mar 1;2(3):e190393 [FREE Full text] [CrossRef] [Medline]

Updated November 2020

Summary

Raj is a Partner with Deloitte Advisory’s Cyber Risk Services.  Raj currently leads the Cyber Security Practice within the Healthcare Provider space across the US. Raj has over twenty-three (23) years of experience in the field of information governance, security, privacy, risk management and compliance within the Healthcare space. His experience includes performing risk assessments, as well as assessing, developing, and implementing strategies and solutions associated with information security and privacy matters, including:

• Assisting clients with developing their cyber security strategy and defining actionable roadmaps.
• Assisting clients with Executive reporting and Board Communication on Cyber Security.
• Conducting IT risk assessments and assisting internal audit departments in planning and conducting IT audits.
• Compliance Management Strategy and processes leveraging integrated security & privacy frameworks (example sources include HIPAA, PCI DSS, HITRUST, NIST, ISO 27002, etc.
• Implementing GRC solutions such as Archer and developing risk dashboards for identified target audiences (converting security metrics into meaningful information).
• Developing strategy, processes, and tools integration for managing cyber security against advanced threats (SOC operations, implementation of SIEM, DLP, etc.).

Professional Activities

• Raj has assisted in development of the CyberRX 2.0 playbook for HITRUST that can be leveraged for conducting table top exercises related to cyber security incidents within Healthcare environments.
• Assisted in the planning, designing, and execution of a cyber war game for 12 health plans in the CyberRX:HP HITRUST initiative.
• Raj has been a President of the Houston Chapter of the Information Systems Audit and Control Association.
• Raj has been an instructor at the University of Texas (Austin) in lecturing computer audit and security.
• Raj has given a number of presentations to organizations such as AHIA, ISACA, IIA, HFMA, as well as at the annual HITRUST conference.

Example Experience

• Assisted one of the nation’s top 10 Children’s Hospitals in assessing HIPAA security and privacy compliance as well as developing a cyber security strategy. Currently supporting remediation efforts.
• Conducted IT audits over several years for a Children’s Hospital.
• Assisted six large Health institutions with Meaningful Use Risk Analysis for security and privacy requirements. EHR environments included Cerner, EPIC, eCW, etc.
• Assisted a very large catholic based Health Care system with implementing and conducting compliance assessments leveraging the HITRUST framework.
• Developed an information security strategy and implementation roadmap for improving information security controls and compliance management for several large Health systems.
• Developed third-party risk assessment process for a large University System as well as Health Providers.
• Assisted a public sector client with FISMA (Federal Information Security Management Act) compliance – from performing the initial assessment, building a compliance roadmap, to implementation of tools and processes (e.g., Identity & Access Management, Data Leakage Prevention, Incident Response Process, etc.).
• Developed a vendor risk management strategy and process related to information security risk management.
• Development of the governance structure as well as the content for IT policies, procedures, and standards.
• Development of Security Awareness and Training Program
• Data privacy readiness assessments and building roadmaps for risk.

Raj Mehta

Partner

Houston Office

Tel:  713.982.2955

e-mail: rmehta@deloitte.com

Specialization

Information & Technology Risk Management

Enterprise Security Strategy

Information & Technology Governance, Risk and Compliance

Education

MBA (MIS), University of Houston

BS in Accounting, University of New Orleans

Certifications

Certified Information Privacy Professional (CIPP)

Certified Information Systems Security Professional (CISSP)

Certified Public Accountant (CPA) – Licensed in State of Texas

Certified Information Systems Auditor (CISA)

Health Care Information Security & Privacy Practitioner (HCISPP)

HITRUST (Health Information Trust Alliance) CSF (Common Security Framework) Assessor