Patrick F. Sullivan

Patrick F. Sullivan

PhD
Principal Consultant

Patrick F. Sullivan is a recognized subject matter expert in planning, implementing, evaluating, and helping customers improve information security and privacy governance, risk management, and compliance systems. He has extensive experience as a lead auditor for ISO 27001 and ISO 20000 as well as extensions for ISO 27701, and GDPR.

Certifications

  • IRCA-qualified ISO/IEC 27001 auditor (Certificate Serial Number IS/07/US/791)
  • APM/ITSMF International-qualified ISO/IEC 20000 auditor (Certificate Number 02387768-01-WD39)
  • PhD, Philosophy, University of Kentucky, 1988

Career Accomplishments

Patrick’s customers include Fortune 500 companies in pharmaceuticals, financial services, travel, industry-specific data management and analytics, and telecommunications. He has worked with government agencies and regulatory oversight bodies in the U.S., Hong Kong and Canada.

  • Provided project implementation planning consulting for successful ISMS certification projects for customers across various industry sectors
  • Managed ISO 27001/27701 and ISO 20000 internal audits
  • Delivered onsite ISO 27001 implementation and audit training for customers
  • Supported the Privacy Act Office of a U.S. federal agency with compliance with the Privacy Act of 1974
  • Assisted the clinical research division of a major U.S. pharmaceutical company with updating its information security compliance framework to reflect ISO 27001 process requirements and controls and coordinated its information security compliance processes with the Global Privacy Office
  • Developed legal and regulatory content for policy management software as Senior Vice President of Policy Advisory Services for a privacy and security compliance technology company
  • Oversaw appropriate integration of information privacy and security consulting methodologies as Vice President of Privacy and Information Policy at a start-up information security and managed services company
  • Helped launch the global Privacy Practice as a senior manager at one of the Big Four professional services firms

Skills and Expertise

  • Designs and implements business-driven, standards-based Information Security Management Systems (ISMS) and Privacy Information Management Systems (PIMS)
  • Develops and implements information security risk management methodologies, and risk-based control objectives and controls for defined business and information environments
  • Experience with privacy and security governance, risk management, and compliance program design and deployment consistent with U.S. and international law and regulation,  industry standards, and U.S. DOJ guidance for the Evaluation of Corporate Compliance Programs
  • Over fifteen years’ experience in university-level teaching and academic research

Professional Experience

Patrick maintains his academic interests as a sought-after speaker at professional conferences and has published articles on information security and privacy management in a number of professional and industry publications. He is a member of Business Ethics Indiana, and a past board chair of the Indiana Security and Privacy Network.

How Can We Help?

Our advisory, consulting and second-party audit services are tailored to each company we serve.

Let's Talk

  • Trust
  • Plain Dealing
  • Tailored Services
  • Safety First
  • Attention to Details