Senior Manager, Information Security

Image of Nancy Spizzo

University of Texas at Arlington with a B.S. in Information Systems.  Nancy is also a member of Infragard, IAPP, ISACA, and ISC2.

Nancy has over two decades of experience assisting clients with risk management, policy and procedure, business associate management, and healthcare compliance needs. She has performed risk analysis and assessments for hundreds of organizations and has successfully supported organizations in regulator oversight discussions. She was instrumental in building several healthcare compliance practices, including JPMorgan Chase’s third party risk program. She has also been performing HITRUST assessments for ten years, and is a member of the HITRUST Assessor Council and Quality Subcommittee.

Due to her varied career in manufacturing, financial and healthcare industries, Ms. Spizzo has extensive experience with regulations such as GLBA, HIPAA, HITECH, ARRA, FISMA, Red Flags, and NERC/FERC.  She has also advised on industry standards such as CMS ARS, ISO, and NIST, and many state and international privacy laws. During her distinguished career managing risk assessments, she has overseen at least 10,000 assessments and directly performed at least 700 risk assessments in various countries, various frameworks, and with varying degrees of complexity.  This direct, hands-on approach, allows her to not only gauge risk but be our client’s go-to resource for efficient and dynamic risk resolution.  She is called to lead working groups, present to boards, and write white-papers on topics that solve some of the industries toughest control issues. She is often asked to speak to various groups on the topics of risk, third-party management, and healthcare regulations.

Thought Leadership

Word on the Street: Seven Misconceptions About HITRUST
How to Choose a HITRUST Assessor
HITRUST, cybersecurity and privacy insights from CISOs