Terry Ziemniak is a Partner in TechCXO’s Product and technology practice. He is a cybersecurity leader who is called on by Boards, investors, and senior management teams to support healthcare, service organizations, retail, and manufacturing companies—along with government agencies and contractors—as a fractional CiSO. Throughout his career, Terry has successfully overseen security programs in companies of varied industries, sizes, and cultures. He excels in building solutions and programs that are scalable, pragmatic, and risk-based.

Terry’s areas of expertise include:

• Cybersecurity Executive Planning and Strategy
• HIPAA/SOC2/PCI Audit Prep
• IT Governance
• Risk Management
• Vulnerability Assessment and Management
• Identity and Access Management
• Security Awareness & Operations
• Disaster Preparedness
• Threat Intelligence
• Incident Management

During his distinguished career, Terry has held the following key roles:

Chief Information Security Officer (CiSO) & AVP, Carolinas HealthCare System – Terry served as the executive leader responsible for the development and delivery of comprehensive cybersecurity programs ensuring the integrity, confidentiality, and availability of information owned, controlled, or processed by Carolinas Healthcare, an 18 hospital system with annual revenues of $5.9B. Terry created a multi-year security roadmap incorporating input from executive leadership, external consultancy, and internal and external stakeholders. He also implemented and led a CISO collaborative that included 20 partner hospitals. By leveraging partnerships, he drove down costs for licensing and services for members. He also designed a comprehensive, multi-channel outreach program to provide role-specific, timely security education and awareness for the enterprise, which decreased risky behavior by 56%.

Director, IT Security and Compliance, Presence Health – As corporate Information Security Officer, Terry provided strategic, tactical, and operational leadership in all aspects of cybersecurity. He ensured information systems adhere to corporate and governmental mandates. He also partnered with IS and business leaders to implement a risk-based approach to corporate cybersecurity. He built out or expanded many programs such as risk assessments, data loss prevention, vulnerability management, auditing, incident management, and security training.

Team Lead Security Operations, Sears – Terry managed a team of security engineers with responsibility for vulnerability management, intrusion detection and computer incident response for this Fortune 100 organization. He worked with corporate audit and compliance, and implemented programs helping SHC maintain compliance to PCI, HIPAA, SOX and other internal corporate standards. He also led efforts to redesign corporate vulnerability management. The resulting program supported a 70-fold increase in the number of devices, automated reporting, and advanced remediation tracking.  Terry also oversaw a major expansion of the corporate intrusion detection program resulting in a 10-fold increase in monitored traffic and implementation of proactive intrusion prevention and automated blocking.

Terry also held leadership positions with Healthcare Information Systems and Subject, Wills and Co. He began his career with iFulfillment.

As a fractional security executive, Terry has driven key, high-impact initiatives, including:

$3B Revenue Healthcare Organization – For this long-term engagement Terry was tasked with a complete reorganization of their cybersecurity organization.  During the engagement, he created a new CISO Office, reporting up to Legal, that pulled cybersecurity out of IT.  Key work efforts included enhanced business leadership engagement, cyber security strategy, and roadmap documents approved by senior leadership, department staffing and budgeting, security operational improvement programs, and design of organizational risk management program.

$1B Revenue Healthcare Organization – Terry was brought in to create a new cybersecurity organization based on the merger of two legacy health systems.  He worked with business leaders, IT staff, and organizational partners to buy-in and support a new strategic security roadmap.  Key work efforts include assessment of incident response plans, review of prior assessments, and delivery of prioritized roadmap.

$10M Revenue Data Analytics Organization – As the fractional CISO, Terry provided security expertise for this fast-growing startup. Key initiatives included the creation of a cybersecurity steering committee, cloud controls assessment, third-party risk management process, cyber insurance policy assessment, and user awareness program.