Scott Paddock

Scott Paddock

Technical Skills

* Server Clustering           *Network Security   *SIEM                    *Help Desk Management

* Real-Time Replication     *SAN and NAS        *VMWare*WAN / Global Networks

* High Availibility         * Encryption      *Data Archiving     *VOIP Integration

Summary

Creative and practical professional with over fifteen years of Information Systems experience, currently serving as the IT Director and Privacy Officer for Array Health Solutions, a leader in private health exchange software solutions, and Software as a Service (SaaS) provider.A strong leader with demonstrated success in network design, security, regulatory compliance, auditing, and aligning technologies and processes to organizational goals. Proven abilities to implement solutions that fulfill business needs in a timely and cost effective manner. Detail oriented and an excellent communicator, who is thorough in problem solving and documentation.

Management Skills

*Policy Creation*Auditing                      *Validation                 *Change Management

*Disaster Recovery          *Budget Planning *Virtualization            *Resource Planning

*Business Continuity*Vendors / SLA            *Staff Mentoring*Risk Assessment

Work History

Work History
Apr 2012 - Present

IT Director & Security Officer

Array Health

* Created a successful and lucrative Software-as-a-Service (SaaS) infrastructure that is highly available, scalable, and replicated in near-real-time.  This infrastructure continually exceeds all service level agreements for uptime.

* Identified and corrected issues with separation of duties, security reporting, and defensive posture.  Confidentiality prevents listing specific details, though the net result has been a significant advance in the organizations security and maturity.

* Implemented physical security controls for the corporate office, wrote policies and procedures for patient data privacy protection, as well as incident response and notification plans oriented around client protected health information (PHI)

* Developed a annual budgeting system to move the organization from ad-hoc spending, to a more efficient, predictable, cost effective, and traceable method.

* Shaved 40% off of IT operational expenses via changes in vendors/agreements.  Migrated colocation providers to ones that have successfully passed SSAE-16 audits

     * Presently wrapping up preparations for an organizational SSAE-16 audit engagement.

* Brought order to the security of portable and employee owned (“BYOD” – Bring Your Own Device) devices, such that all are now encrypted and may be remotely erased.

Oct 2006 - Mar 2012

IT Director

Advanced Clinical Software

* Provided technology guidance in the areas of regulatory compliance, established international operations, capacity management, and governance that culminated in the profitable acquisition of the company by Merge Healthcare.

* Audited systems and practices, and used the findings to identify and institute changes required for regulatory compliance.

* Defined and created a new architectural schema for the Software As A Service (SaaS) product offering that provided more fault tolerance and improved end user performance, presented the business case and benefit analysis for this plan, successfully implemented new systems well within scheduled service periods.

* Established a datacenter presence and expanded online application hosting to Shanghai, China

* Developed processes for Installation Qualification and Operational Qualification (IQ/OQ) testing and documentation for equipment and application validation documentation as required by FDA regulations, and implemented across all production systems.

* Migrated the organizations email-only messaging to the collaborative Exchange 2007 platform using VMWare server virtualization to deliver the most reliable and recoverable solution available.

* Created a two-tiered lab environment with a full compliment of virtual servers that allow rapid testing and rollback, and a full compliment of physical servers for performance and validation purposes.

* Identified and developed a nearly pure-profit revenue stream by adding a cloud based disaster recovery solution for clients that host protected healthcare information (PHI) in-house.

* Establishes and renegotiates vendor and supplier contracts, including service level agreements, and tracks costs against budgeted amounts.

Apr 2004 - Oct 2006

IT Director

http://www.danielsfund.org

*Implemented change control policies to simplify management, reduce operational costs, simplify licensing compliance, as a part of a successful initiative to reduce disaster recovery time by 40%.

* Consolidated remote sites into one central location and introduced enterprise class fault tolerance for critical systems, saving $2.6M annually.

* Reduced operational and maintenance costs further and improved availability by establishing a SAN-based VMWare virtual server farm.

* Directed the discoveries for “build versus buy” assessments and where “build” was chosen, project managed the developments to completion and documentation.

Education

Education

Certifications

Certifications

Certified Information Systems Manager (CISM)

ISACA

Certified in Risk and Information Systems Control (CRISC)

ISACA

Certified Information Systems Auditor (CISA)

ISACA