Raj Mehta

Raj Mehta

Summary

Raj is a Partner with Deloitte Advisory’s Cyber Risk Services.  Raj currently leads the Cyber Security Practice within the Healthcare Provider space across the US. Raj has over twenty-three (23) years of experience in the field of information governance, security, privacy, risk management and compliance within the Healthcare space. His experience includes performing risk assessments, as well as assessing, developing, and implementing strategies and solutions associated with information security and privacy matters, including:

  • Assisting clients with developing their cyber security strategy and defining actionable roadmaps.
  • Assisting clients with Executive reporting and Board Communication on Cyber Security.
  • Conducting IT risk assessments and assisting internal audit departments in planning and conducting IT audits.
  • Compliance Management Strategy and processes leveraging integrated security & privacy frameworks (example sources include HIPAA, PCI DSS, HITRUST, NIST, ISO 27002, etc.
  • Implementing GRC solutions such as Archer and developing risk dashboards for identified target audiences (converting security metrics into meaningful information).
  • Developing strategy, processes, and tools integration for managing cyber security against advanced threats (SOC operations, implementation of SIEM, DLP, etc.).

Professional Activities

  • Raj has assisted in development of the CyberRX 2.0 playbook for HITRUST that can be leveraged for conducting table top exercises related to cyber security incidents within Healthcare environments.
  • Assisted in the planning, designing, and execution of a cyber war game for 12 health plans in the CyberRX:HP HITRUST initiative.
  • Raj has been a President of the Houston Chapter of the Information Systems Audit and Control Association.
  • Raj has been an instructor at the University of Texas (Austin) in lecturing computer audit and security.
  • Raj has given a number of presentations to organizations such as AHIA, ISACA, IIA, HFMA, as well as at the annual HITRUST conference.

Example Experience

  • Assisted one of the nation’s top 10 Children’s Hospitals in assessing HIPAA security and privacy compliance as well as developing a cyber security strategy. Currently supporting remediation efforts.
  • Conducted IT audits over several years for a Children’s Hospital.
  • Assisted six large Health institutions with Meaningful Use Risk Analysis for security and privacy requirements. EHR environments included Cerner, EPIC, eCW, etc.
  • Assisted a very large catholic based Health Care system with implementing and conducting compliance assessments leveraging the HITRUST framework.
  • Developed an information security strategy and implementation roadmap for improving information security controls and compliance management for several large Health systems.
  • Developed third-party risk assessment process for a large University System as well as Health Providers.
  • Assisted a public sector client with FISMA (Federal Information Security Management Act) compliance – from performing the initial assessment, building a compliance roadmap, to implementation of tools and processes (e.g., Identity & Access Management, Data Leakage Prevention, Incident Response Process, etc.).
  • Developed a vendor risk management strategy and process related to information security risk management.
  • Development of the governance structure as well as the content for IT policies, procedures, and standards.
  • Development of Security Awareness and Training Program
  • Data privacy readiness assessments and building roadmaps for risk.

Raj Mehta

Partner

Houston Office

Tel:  713.982.2955

e-mail: rmehta@deloitte.com

 

Specialization

Information & Technology Risk Management

Enterprise Security Strategy

Information & Technology Governance, Risk and Compliance

 

Education

MBA (MIS), University of Houston

BS in Accounting, University of New Orleans

 

Certifications

Certified Information Privacy Professional (CIPP)

Certified Information Systems Security Professional (CISSP)

Certified Public Accountant (CPA) – Licensed in State of Texas

Certified Information Systems Auditor (CISA)

Health Care Information Security & Privacy Practitioner (HCISPP)

HITRUST (Health Information Trust Alliance) CSF (Common Security Framework) Assessor

Mehta

[pt_view id=”dd0a18fwgs”]