Stacy Scott is a managing director in Kroll’s Cyber Risk practice, based in Los Angeles. In addition to founding and operating her own consultancy, Stacy has served in high-profile roles with a leading cyber security consulting firm, a Big Four accounting firm, and the largest not-for-profit healthcare system in Texas. She joined Kroll with over 16 years of experience, during which she built a successful track record of developing and implementing strategic information security initiatives that help organizations better safeguard data, manage risk, and enhance business operations.
Prior to joining Kroll, Stacy was the President and Founder of Wisterwood Advisory Services. From 2014-2016, Stacy served as Vice President, Security Science for Stroz Friedberg in Dallas. She was the firm’s HIPAA Security Rule subject matter expert. From 2006-2014, Stacy was Director, Enterprise Architecture and Security, for Baylor Scott & White Health, the largest not-for-profit healthcare system in Texas, with over 34,000 employees, 5,400 licensed beds, and 43 locations. In this role, which was the healthcare system’s highest-ranking information security position, Stacy directed and oversaw the development and implementation of the enterprise’s overall information security architecture as well as security strategy and programs, managing a multimillion-dollar budget. Stacy’s accomplishments included developing and executing the plan to overhaul security tools in order to mature monitoring processes and rules to enable rapid detection and response to potential security incidents. These efforts reduced the risk of compromise to enterprise systems, including the possible loss of financial data and personal health information.
During this time, Stacy also served as the healthcare system’s HIPAA Security Officer. She possesses a deep understanding of financial and healthcare regulations, including NIST Policy, Federal Trade Commission Red Flag Rules, HIPAA Security Rules, PCI (Payment Card Industry) Data Security Standards, and the American Recovery and Reinvestment Act (ARRA) Health Breach Notification Rule. Stacy also chaired the system’s information security council that worked to assist business users in making the appropriate security risk decisions consistent with the organization’s goals and risk levels. Earlier in her career with Baylor Scott & White, Stacy was Director, Standards, Audit, & Integration; Manager, Internal IT Audit; and Information Security (IS) Security Engineer. Stacy began her professional career as a Senior Information Risk Management Consultant for KPMG, where she conducted assessments of information system security access, change and lifecycle development management, and computer operations for major ERP systems, such as SAP, Oracle, JD Edwards, and PeopleSoft.
Select Speaking Engagements
- “Startups & CISOs” – Cyber Week Panelist, Atlanta Cyber Week 2017, Advanced Technology Development Center, Georgia Tech, October 2017
- “Practical Cyber Security”, International Council of Shopping Centers (ICSC): Asset Management & Property Operations Symposium, 2017
- “BudgetHack – 5 Keys to Effectively Prioritize Your Security Budget”, HIMSS 15 Conference (Chicago) – Cyber-Security Command Center, 2015
- “PHI Incident Response & Breach Notification”, QIP Solutions Webinar, 2014
Education and Certifications
- B.B.A., Information & Operations Management. Texas A&M University
- Certified Information Systems Auditor
- HITRUST Common Security Framework Practitioner
Affiliations and Membership
- CHIME – College of Healthcare Information Management Executives
- HIMSS – Healthcare Information Management Systems Society
- ISACA – Information System Audit & Control Association
- AITP – Association of Information Technology Professionals
- National Association of Professional Women
Awards and Recognition
- Woman of the Year, National Association of Professional Women, 2012
Global, end-to-end cyber risk solutions.
Supply Chain Risk Management Services
Helping clients build resiliency by proactively identifying, assessing, mitigating and monitoring their hidden supply chain risks.
CCPA Compliance Assessment
Data privacy and compliance experts translate the technical into practical and cut through less-than-specific legal requirements to navigate the CCPA compliance journey.
Kroll’s Security Concepts Podcast
Five Considerations on Service Providers Privacy and Security
Global Supply Change Risks: The Crew Change Crisis
Case Study – Online Skimming Attack Facilitated by Work-From-Home Arrangements
Kroll—Including Duff & Phelps Business—Announces 31 Managing Director Promotions
Kroll Expands Cyber Risk Offering with Acquisition of Redscan
Duff & Phelps Announces Plans to Unify Company Under Kroll Brand
Kroll Cyber Risk Practice Announces New Hires to Fuel Global Expansion