Daniel Nutkis

Founder and Chief Executive Officer

Daniel Nutkis is the founder and Chief Executive Officer for HITRUST. Mr. Nutkis has more than 25 years of experience relating to health information technology and risk management. Prior to founding HITRUST, he was Executive Vice President, Strategy, and President, Care Delivery with Zix Corporation (NASDAQ: ZIXI). He was also National Director with Ernst & Young LLP’s healthcare emerging technology practice. He has led a number of industry research activities on eHealth vulnerabilities and has been a founding member of work groups and accreditations such as WEDI, CPRI and HCISPP.

Dan has been recognized as a top information security influencer in 2014 by SC Magazine, and in 2015 by Health Information Security Magazine.  He has also been called to testify before Congress on numerous occasions over the past few years regarding healthcare cyber risk mitigation, information sharing and public and private sector collaboration.

Ken Vander Wal

Chief Compliance Officer

Ken Vander Wal’s role as Chief Compliance Officer at HITRUST involves providing supervision and oversight to the HITRUST CSF Assurance program. In this capacity, he is responsible for ensuring the quality, completeness and adequacy of the work performed by CSF Assessor organizations. Mr. Vander Wal joined HITRUST after retiring from Ernst & Young where he was a partner in the Technology and Security Risk Services (TSRS) practice and responsible for its global TSRS quality and risk management program. With almost 40 years of IT experience, he has experience in a variety of industries in multiple areas of information systems, including systems development, systems programming, project management, quality assurance, IT auditing and systems security. As the national leader of TSRS quality, Mr. Vander Wal was responsible for ensuring quality was an integral component of Ernst & Young’s methodologies, engagement staffing and service delivery. In this role as well as his previous roles, he served major clients as the IT audit engagement partner or as the quality assurance partner. Mr. Vander Wal is a member of the American Institute of Certified Public Accountants and the Information Systems Audit and Control Association. He is both a Certified Public Accountant and a Certified Information Systems Auditor.

Carl Anderson

Chief Legal Officer, Senior Vice President – Government Affairs

Carl Anderson is the Chief Legal Officer and Senior Vice President of Government Affairs for HITRUST. In this role, he is responsible for the company’s corporate, external, government, and legal affairs. Anderson leads a team that is responsible for the company’s legal work, intellectual property portfolio, global security, privacy and public policy.

Before joining HITRUST in 2017, Anderson served as a Vice President at Van Scoyoc Associates where he used his legislative and executive branch experience to create tailored government relations strategies to achieve results for his clients. He additionally served on the firm’s Crisis Management Team, managing congressional relations during client investigations and public relations efforts.

Before joining Van Scoyoc Associates, Anderson served as a counsel for the House Committee on Energy and Commerce where he managed many high-profile industry investigations. Upon graduating from law school, he was selected into the United States Department of Justice Attorney General’s Honors Program. Anderson was appointed a Special Assistant U.S. Attorney for the District of Columbia in 2007.

Anderson received his J.D. from the Columbus School of Law at Catholic University and a B.A. from Virginia Tech.

Michael Parisi

Vice President – Assurance Strategy & Community Development

Michael Parisi has led over 500 controls-related engagements primarily in the healthcare and financial services industries. He has extensive experience with third-party assurance reporting including HITRUST readiness, HITRUST certification, SOC 1, SOC 2, SOC 3, Agreed Upon Procedure and customized AT-101 engagements. He also has several years’ experience implementing large Oracle ERP systems specializing in the General Ledger and Governance Risk and Compliance modules. He has extensive knowledge of financial reporting and regulatory standards through his external audit and consulting experience, including Sarbanes Oxley, HIPAA, NIST, CMS and state specific standards. He holds a Bachelor of Science in Accounting, a Bachelor of Science in Computer Information Systems and an MBA from Quinnipiac University. He is an active member of ISACA and IAPP.

Michael Frederick

Vice President – Operations

Michael Frederick has 20+ years’ experience in information security. He is currently the Vice President of Operations at HITRUST. Prior to joining HITRUST he was CEO of The Frederick Group, a professional services firm focused on security risk management in healthcare. He served as Chief Information Security Officer (CISO) for eight years at a large healthcare system. While in this role, he led the organization in becoming the first hospital system to be certified under the HITRUST CSF and was the industry lead in the provider space during the development of the CSF. He has been a speaker at numerous security events and has been published on the topics of risk management, applying security practices within an organization, and how to build an effective security organization. Prior to his CISO role, he was a security architect, security manager in industry and a security consultant in various large accounting firms. He has been a Certified Information System Security Professional (CISSP) since 1999.

Bryan Cline

Vice President – Standards & Analysis

Bryan Cline, Ph.D. is the Vice President for Standards and Analytics and provides thought leadership and guidance for the healthcare industry’s model implementation of the NIST Cybersecurity Framework. Responsibilities include a broad range of HITRUST risk management framework support such as requirements integration, control specification, and the development of standards, methods, processes and tools that healthcare organizations can use to facilitate the integration and assessment of the CSF in their information protection and cybersecurity programs. As a former senior advisor and VP of CSF Development and Implementation, he worked closely with the THSA to develop SECURETexas—the first state program of its kind certifying compliance with federal and state requirements for the privacy and security of health information—and is considered the ‘father’ of the HealthCare Information Security and Privacy Practitioner credential for spearheading its development with (ISC)2. Dr. Cline has also served as the Chief Information Security Officer for Catholic Health East and The Children’s Hospital of Philadelphia in addition to his 20+ years in the Department of Defense as an information systems and information security professional, including the CISO role at the Headquarters, Allied Air Forces Southern Europe. He’s spoken at multiple conferences and symposia on information security and privacy risk management in the healthcare industry and published articles and papers on risk management and security engineering in several journals and proceedings. Dr. Cline’s professional certifications include the CISSP-ISSEP, CISM, CISA, HCISPP, CIPP/US, CCSFP, NSA IAM/IEM, MCIATT and DoD’s CAP in project management.

Eric Moriak

Director in Assurance Services

Eric Moriak has 30+ years’ experience in information systems, IT audit, and information security. He is currently the Manager of Assurance Services at HITRUST. Prior to joining HITRUST he served as both the director of Information Security and the director of IT audit for Children’s Health System of Texas. He has also served as a director of IT audit in both Heavy Manufacturing, and Construction. He has also supported both IT and audit functions in the Oil & Gas and Computer Service industries. While in his role at Children’s, he helped the organization become certified under the HITRUST CSF. He has been a guest speaker at numerous universities and has made presentations at MIS, ISC2/ASIS, and ISACA events. He has also published articles on DLP and SIEM. He is currently a Certified Information System Security Professional (CISSP), a Certified Internal Auditor (CIA), a Certified Information Security Auditor (CISA), a Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and a Certified CSF Practitioner (CCSFP).