
Keith Novak is a managing director with the Cyber Risk practice of Kroll, based in the New York office. Keith has worked in the information technology field for more than 25 years, and is an accomplished manager and practitioner with extensive experience designing, implementing and securing systems and networks.
In his current role, Keith partners with clients at the strategic, operational and technical levels to proactively build information security programs and help reduce risk according to organizational needs while complying with regulatory requirements.
He has special expertise in healthcare information technology and is highly proficient in the technical and regulatory requirements relating to Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry (PCI) compliance.
Prior to joining Kroll, Keith was Chief Technology Officer/Information Security Officer for the New Jersey Hospital Association, where he was responsible for all operational and regulatory activities of enterprise technology. His duties included ensuring enterprise-wide compliance with HIPAA, PCI and Federal Information Security Management Act (FISMA) standards. During this time, Keith also designed and installed New Jersey’s Healthcare Auxiliary Command Center, which provides 24/7 communications between stakeholder organizations in the event of a disaster or statewide emergency.
Earlier in his career, Keith was Director of Information Technology with QuadraMed Corporation, where he was responsible for the overall vision, design and technical direction of 36 business units across the United States as well as operational management for six East Coast regional offices. He entered the information technology field as a Systems Engineer with AT&T.
Selected Speaking Engagements
- “Be Prepared or Face the Consequences: Responding to a Data Breach”, NJ State Bar Association Practical Cybersecurity Risk Management Strategies, New Jersey
- “Here Today, Gone Tomorrow: Wire Transfer Fraud”, DRI Professional Liability Conference, New York
- “Navigating the Wire Transfer Fraud Minefield”, American Bar Association National Legal Malpractice Conference, Las Vegas
- “Trends in Cybersecurity and Privacy Law”, Association of Corporate Counsel of New Jersey
Certifications
- Certified Information Systems Security Professional (CISSP)
- Certified Enterprise Defender (GCED)
- Certified Penetration Tester (GPEN)
- CompTIA – Network+, Security+
Affiliations and Memberships
- Association for Executives in Healthcare Information Security (AEHIS)
- FBI Infragard – New Jersey
- Health Information and Management Systems Society (HIMSS)
- Rutgers Cybersecurity Advisory Board