Nikhil Prabhu

• Applied HIPAA, HITRUST, DICOM, and ISO 27001/NIST CSF frameworks to manage risk, compliance, and security controls across PACS and medical imaging environments; owned policy lifecycle from drafting and review through exception handling and periodic refresh.

• Built and maintained risk registers for medical imaging infrastructure — assessing inherent/residual risk to patient data and system availability, driving risk treatment plans, and translating findings into exec-level reporting aligned with FDA medical device cybersecurity guidance.

• Performed control assessments, maturity evaluations, and gap identification mapped to ISO 27001 and NIST CSF; coordinated evidence across stakeholders for surveillance audits and regulatory inspections, maintaining zero major findings.

• Conducted third-party risk assessments for SaaS providers processing PHI, evaluating data protection, retention, and access controls against HIPAA standards and enforcing security obligations through provider audits.

• Policy Modernization & Lifecycle Management, Third-Party Risk Assessment, Audit Coordination & Evidence Management, CAPA and Remediation

• Developed and maintained Information Security Policy suite aligned with ISO 27001 A.5.1 (Acceptable Use, cloud/BYOD controls); tracked policy exception requests, risk acceptances, and control deficiencies

• Managed ISO 27001 transition from 2013 to 2022 standards across the enterprise: mapped 93 controls, identified 12 gaps (A.5.23 cloud services, A.8.9 configuration management), and built an evidence-linked SharePoint SoA that reduced audit prep time by 40%.

• Built and managed technology risk registers; performed annual internal control assessments and maturity re-evaluations mapped to ISO 27001 Annex A, driving risk-based remediation with assigned ownership and closure timelines.

• Served as primary liaison for ISO 27001 external audits with BSI, coordinating evidence across 8 stakeholders and sustaining zero major findings.

• Conducted vendor risk assessments for SaaS providers processing PHI, enforced contractual security clauses, and managed CAPA workflows — drafting corrective actions within 48 hours and closing nonconformities within 90-day windows to maintain continuous certification.

UK Social Care comprehensive application. ISO/IEC 27701/27002. GDPR compliance.

Key Responsibilities

UI/UX consulting, Testing, Business Analysis, Technical/Content Writing, Website, Project Management, Client Account Management, Pre-Sales & Support. Drafting ISMS. ISO/IEC 27001 internal audit.

Technologies

MySQL, Application Support, Scrum, Project Management, CAM, Pre-Sales, Support, Excel

• Set top box interactive application products. Broadcast support. Weekly ad unit building & delivery, generating~$50k every week in revenue
• Managed advertising product portfolio generating ~$50k weekly revenue
• Maintained client SLAs and vendor relationships while ensuring timely ad unit delivery
• Created business requirement documents and managed post-production support
• Collaborated with business process owners to optimize advertising workflows