Circle Image

Brian Kunick

Managing Partner
Email: Brian.Kunick@DigAssurance.com
Phone: +1.262.347.6524
Brian Kunick vCard

Brian Kunick brings over 25 years of experience maturing client environments ranging from new business startups to multi-billion dollar enterprises. From new business entries to complex and highly-regulated entities, Brian has provided practical and effective solutions aligning fully with business and regulatory requirements.

Prior to focusing on Information Technology (IT) operations, security, privacy and governance/risk/compliance (GRC), Brian served as the Chief Financial Officer of businesses in the retail, non-property/casualty insurance, business consulting and transportation industries. In doing so, Brian lead his teams to not only serve the financial operations, but to transform IT into a valued business partner of the organization's operational segments including human resources, production, logistics, legal and executive functions thereby enabling success of the total operation.

Brian's collective experience in both Technology and Finance roles enable him to visualize complex scenarios affecting the business. Accordingly, he is able to define cost effective solutions which are meaningfully aligned with the business. Some recent areas of contribution include complex Ransomware environment prevention and readiness, compliance readiness, establishment of Enterprise level GRC, security program charters and deployment, risk management of associated parties and effective security awareness programs.

EXPERIENCE

  • Define and embed successful Ransomware prevention solutions for multiple environments including healthcare, retail and professional services.
  • Create and deploy the regulatory compliance program for the United States largest Section 125 and Section 129 pre-tax benefit provider.
  • Implement PCI-DSS compliance (audit) readiness for clients in the manufacturing, distribution, retail and grocery sectors along with "continuous compliance" programs.
  • Establish PCI-DSS Level 1-4 programs and advance Levels 2-4 clients to Level 1 compliance. Also, bringing clients forward to meet compliance with advancing PCI-DSS versions.
  • Bring PCI-DSS scope reduction to healthcare clients while expanding the availability of card payments channels to additional business segments.
  • Initiate the HITRUST certification process for one of the nation's 10 largest healthcare organizations.
  • Lead multiple organizations to NIST CSF compliance and embed the necessary requirements and controls needed in order to maintain continuous compliance.
  • Present, charter and deploy effective security awareness programs with effectiveness demonstrated to the business and auditors via metrics and management processes.
  • Develop enterprise GRC documents for newly formed clients and mature documents and processes for established clients. Additionally, provide management programs to ensure documents review and business alignment perpetually meet auditors requirements.

  • SERVICES

  • DigAwareness™ Security Awareness
  • Ransomware Prevention and Remediation
  • vCIO on Demand
  • vCISO on Demand
  • Gap Analysis
  • Risk Assessment
  • Security and Compliance Controls
  • Policy/Procedures/Standards/Guidelines
  • PCI-DSS Remediation/Readiness
  • HIPAA/HITECH Compliance
  • HITRUST Compliance
  • NIST 800 Series
  • NIST CSF
  • Enterprise Risk Management
  • Vendor/3rd/4th Party Risk Assessment
  • Continuous compliance program / process
  • CREDENTIALS

  • HCISPP – Healthcare Information Security and Privacy Practitioner
  • ISSMP – Information Systems Security Management Professional
  • CISSP – Certified Information Systems Security Professional
  • CGEIT – Certified in the Governance of Enterprise IT
  • CISM – Certified Information Security Manager
  • MCSE – Microsoft Certified Systems Engineer
  • MCSA – Microsoft Certified Systems Administrator
  • Security+ – CompTIA Security Expert

  • ACTIVITIES

  • Advisory Board Member - Marquette University | Cybersecurity
  • Cyber Liaison Officer – WI Department of Justice, Division of Criminal Investigation & WSIC
  • President (Past: Executive Vice President & Vice President) – Information Systems Security Association-Wisconsin
  • Board of Directors – Information Systems Security Association-Wisconsin
  • Senior Member: ISSA - Information Systems Security Association
  • Member: ISC² - International Information System Security Certification Consortium
  • Member: ISACA - Information Systems Audit and Control Association
  • Member: IAPP - International Association of Privacy Professionals
  • Author: ISC² CISSP Credential, Examination Criteria
  • Author: ISC² CISSP-ISSMP Credential, Examination Criteria
  • Author: ISC² HCISPP Credential, Examination Criteria