Summary
Overview
Work History
Education
Skills
Websites
Timeline
Generic

Joanne Fisher, CISSP, CDPSE.

Brisbane,QLD

Summary

I am an experienced information security professional with proven success in guiding the implementation of security solutions and assisting organisations improve their security posture. Specialties include risk management & strategy, data breach, cyber assurance and security incident operations. With working rights in both Australia and the United States, I have advised and consulted to government, corporate industry and consumers on safety, information security and privacy practices.

Overview

25
25
years of professional experience

Work History

Senior Manager Cyber Risk and Compliance

Macquarie Group
07.2022 - Current
  • Identifying, assessing, and managing the implementation of cyber security regulatory obligations, including participating in regulator consultation with industry members
  • Experience with international privacy standards (GDPR) and other data management/data governance and cyber security standards in financial services
  • Practical implementation experience with relevant Cyber legislation and regulations including NIST CSF, Essential Eight, CPS230, CPS 234 and Security of Critical Infrastructure (SoCI)
  • Responding to regulatory and due diligence queries, and facilitating cyber security audits, regulatory examinations, and third party risk management activities
  • Writing and communicating periodic cyber security management reporting to internal leadership teams and subsidiary boards to provide them with the information necessary to manage Macquarie's cyber security risks.

Principal Security Advisor

Trustwave
01.2021 - 07.2022
  • Led security programs and influencing security buy-in amongst executives for global clients
  • Conducted security assessment and compliance activities, including security testing, threat modelling and risk assessments
  • Implementation of SOC1/2, ISO 27000, NIST CSF, PSPF, Essential Eight, QGISCF for a variety of clients
  • Developed control requirements, solution design documentation, technical specifications, standard operating procedures and other documentation related to large Information Communications Technology (ICT) systems
  • Prepared and deliver presentations, minutes, briefing papers, guidance and advice for stakeholders at business and technical levels.

Assurance and Incident Lead

Australian Digital Health Agency
02.2018 - 01.2021
  • Led Governance Risk and Compliance activities from a system safety perspective
  • Application of system safety and security practices to all digital health products and services
  • Conduct risk assessments and provide assurance throughout the whole product lifecycle ensuring integrity and security of Digital Health products including the My Health Record, Electronic Prescriptions and Covid Vaccination Passport
  • Conducted incident coordination and response activities as part of the broader Agency Incident Response.

Senior Business Analyst

General Practice Training Queensland
07.2017 - 02.2018
  • Collaborated with the Information Security team on a fixed-term contract to review and enhance security policies for clinical information systems.
  • Conducted thorough assessments of existing security protocols, identifying vulnerabilities and recommending improvements to safeguard sensitive clinical data.
  • Worked closely with cross-functional teams, including IT professionals, healthcare practitioners, and system administrators, to ensure the alignment of security policies with regulatory requirements and industry best practices.

Clinical Informatics Lead

NPS Medicinewise
04.2012 - 07.2017
  • Responsible for the development of health technology assessments for a range of healthcare providers decision makers and the medical industry
  • Worked closely with project managers scientists nurses doctors, client analysts and executives to help them understand and implement digital health services
  • Senior management experience including development and delivery against organisational strategic plans and reporting to Board.

Laboratory Manager

iGenix Inc
01.2010 - 01.2012
  • Evaluated facility operations and personnel for safety and health regulations compliance
  • Kept laboratory in compliance with all applicable guidelines and laws
  • Maintained confidentiality of all patient information to conform to HIPAA and other regulatory standards
  • Directed efforts to mitigate threats to personnel and infrastructure, reduce risks and optimise access to critical information
  • Resolved issues with product development from inception through post-commercialisation processes
  • Trained staff, scheduled work hours and assigned projects for all staff members.

Project Manager

University of California Los Angeles (UCLA)
02.2009 - 01.2010
  • Managed all aspects of clinical research projects, including study protocols, amendments, investigator brochures and clinical study reports
  • Knowledge of federal, state and institutional human subject research guidelines and regulations (GCP, ICH, FDA, HIPAA and IRB)
  • Liaison with clinical team for study recruitment, scheduling and documentation.

Business Analyst

Queensland Institute of Medical Research
01.2007 - 01.2009
  • Managed testing and validation in preparation for Phase I human clinical trials
  • Prepared and implemented Standard Operating Procedures under GMP and GLP
  • Day to day organisation of a research laboratory and design of experimental procedures.

Project Manager

Advanced Water Management Centre, University of Queensland
01.2006 - 01.2007
  • Responsible for project management and laboratory research
  • Program management in advanced microbiology, process simulation, control and resource management from laboratory to full scale.

Project Manager

Queensland Institute of Medical Research
01.2003 - 01.2006
  • Lead clinical working groups to identify and develop requirements, design specifications and test scripts for research products.

Project Manager

Agenix Biomedical
01.2002 - 01.2003
  • Implemented strategic plans that streamlined operations, increased efficiencies and productivity under GLP conditions.

Laboratory Information System Implementation Specialist

Greenslopes Private Hospital
01.1999 - 01.2002
  • Responsible for planning, executing, and managing implementation of medication and blood administration and specimen collection
  • Ensured that the implemented solution meets workflow requirements of the clinical users.

Education

Master of Science - Applied Science

Queensland University of Technology
Brisbane, QLD
11.2003

Skills

  • Certified Information Systems Security Professional (CISSP)
  • Certified Data Privacy Solutions Engineer (CDSPE)
  • ISO/IEC 27001 Lead Implementor
  • Governance, risk & compliance (GRC)
  • Security of Critical Infrastructure
  • Information protection and analysis
  • Incident Response
  • Data loss prevention (DLP)
  • Business Resilience and Disaster recovery planning
  • Vulnerability management

Websites

Timeline

Senior Manager Cyber Risk and Compliance

Macquarie Group
07.2022 - Current

Principal Security Advisor

Trustwave
01.2021 - 07.2022

Assurance and Incident Lead

Australian Digital Health Agency
02.2018 - 01.2021

Senior Business Analyst

General Practice Training Queensland
07.2017 - 02.2018

Clinical Informatics Lead

NPS Medicinewise
04.2012 - 07.2017

Laboratory Manager

iGenix Inc
01.2010 - 01.2012

Project Manager

University of California Los Angeles (UCLA)
02.2009 - 01.2010

Business Analyst

Queensland Institute of Medical Research
01.2007 - 01.2009

Project Manager

Advanced Water Management Centre, University of Queensland
01.2006 - 01.2007

Project Manager

Queensland Institute of Medical Research
01.2003 - 01.2006

Project Manager

Agenix Biomedical
01.2002 - 01.2003

Laboratory Information System Implementation Specialist

Greenslopes Private Hospital
01.1999 - 01.2002

Master of Science - Applied Science

Queensland University of Technology

Similar Profiles

CREATE PROFILE
Joanne Fisher, CISSP, CDPSE.