Robyn Barton, CISA, CRISC, CCSFP, QSA

Shareholder, Cybersecurity

Image of Robyn Barton
Education

Middle Tennessee State University, Bachelor’s Degree in Business Administration with an Emphasis in Computer Information Systems

Robyn Barton, Shareholder, Cybersecurity, leads LBMC’s HITRUST service line, one of the firm’s fastest growing service offerings. She has played a key role in establishing LBMC as one of the nation’s leading providers of HITRUST assessment and consulting services. She serves on the HITRUST Assessor Council and is a regular speaker at HITRUST conferences and events

Robyn has more than 19 years of experience as an information security professional and assessor, 12 of which are at LBMC. Her areas of expertise include HITRUST, SOC, PCI, FISMA/NIST, HIPAA, FedRAMP, and risk assessment methodologies. She responsible for the program development, execution, and quality of these services and leads new hire and ongoing service line training for the firm.

Robyn has experience in both the public and private sectors and has worked with clients in the Healthcare, Financial Services, Technology, and Retail industries. She is also active in and continues to support many professional and civic organizations. Robyn holds a leadership position for the Central Arkansas ISACA chapter and is actively involved in fundraising efforts for CARTI Cancer Center.

Certifications

  • Certified Information Systems Auditor (CISA)
  • Certified Risk and Information Systems Control (CRISC)
  • Payment Card Industry Qualified Security Assessor (QSA)
  • HITRUST Certified CSF Practitioner (CCSFP)
  • Certified HITRUST Quality Professional (CHQP)
Robyn held a deep understanding of the rules we are subject to and could rationalize and apply those controls to the very complex environment that we operate within. Additionally, I found her to be understanding of operating conditions and the reasons why compensating controls were adopted, as well as her ability to fairly evaluate whether the compensating controls were adequate to cover for the initial control set we were trying to cover.
Client