![CarmeloWalsh[.]com](https://www.carmelowalsh.com/wp-content/uploads/2025/03/cropped-20250226_105950000_iOS.jpg)
Strategic cybersecurity and risk executive with over 20 years of experience leading enterprise security, governance, and compliance programs across healthcare, insurance, and financial services. Proven track record of architecting and scaling Cyber Defense programs, transforming Security Operations Centers, and modernizing application security through DevSecOps and risk-based vulnerability management. Adept at bridging business and technical teams, aligning cybersecurity strategy with organizational objectives, and driving customer trust through transparent security assurance. Skilled in GRC leadership, regulatory compliance, and building high-performing security organizations, with demonstrated success in cost optimization, operational excellence, and strengthening enterprise risk posture.
Certified: CISSP, CCSP, CISM, CRISC, CDPSE, OpenFAIR, ITIL
Expertise: Strategic Leadership, Cybersecurity Strategy, Enterprise Risk Management, Business Continuity Planning, Security Program Development, Cybersecurity Transformation, Budget Management, Vendor Management, Cross-Functional Leadership, Incident Response Planning, Threat Intelligence Analysis, Insider Threat Detection, MSSP Management, MTTx Optimization, Developer Enablement, Security ROI Optimization, Stakeholder Engagement
EXECUTIVE EXPERIENCE:
Vice President, Information Security
Magellan Health | 2021–Present
- Spearheaded executive leadership and strategic vision for enterprise technology and cybersecurity initiatives, driving alignment with organizational goals.
- Advise Governance, Risk, & Compliance teams and the Business Information Security Office, ensuring cybersecurity strategy integration across the enterprise.
- Key Accomplishments:
- Architected and scaled core Cyber Defense programs, including Threat & Vulnerability Intelligence, Detection Engineering, Incident Response, Vulnerability Governance, Application Security, Security Data Analytics, and Business Continuity.
- Transformed the Security Operations Center by internalizing MSSP functions, improving mean time to respond (MTTR) by 95% and generating $1M in annual cost savings.
- Instituted an enterprise-wide vulnerability management program with risk-based prioritization, reducing overall vulnerabilities by 94%.
- Modernized the application security program through DevSecOps integration, cutting annual costs by 80% and enabling proactive vulnerability remediation aligned with a Secure SDLC.
- Elevated application security and remediation efforts, boosting the company’s risk posture to the top 0.2% of industry peers.
Director, Business Information Security Officer
Magellan Health | 2020–2021
- Served as the bridge between business operations and cybersecurity, directly supporting customer trust and retention through transparent cybersecurity assurance and engagement.
- Partnered with sales, legal, and compliance teams to review and negotiate complex business contracts, ensuring cybersecurity requirements and data protection clauses aligned with enterprise capabilities.
- Translated technical and regulatory controls into clear, business-focused commitments that reinforced customer confidence and differentiated Magellan’s security posture in the market.
- Met regularly with clients and prospects to explain security architecture, risk management practices, and data-handling safeguards; directly contributing to multi-million-dollar contract wins and renewals.
- Instituted repeatable processes to maintain System Security Plans and Monthly Customer Security Reporting.
- Key Accomplishments:
- Established a common controls framework, standardizing evidence reuse across multiple regulatory (NIST, HIPAA, HITRUST, SOX, SOC2) and client requirements to streamline compliance reporting.
Governance, Risk, & Compliance (GRC) Manager
CSAA Insurance Group | 2013–2020
- Revitalized the Governance, Risk & Compliance (GRC) program, establishing enterprise-wide processes for PCI, Department of Insurance, and Internal Audit compliance.
- Directed efforts to achieve successful PCI compliance certification by collaborating with external assessors and ensuring all controls were properly mapped and effective.
- Key Accomplishments:
- Championed the adoption and deployment of the RSA Archer GRC platform, delivering a fully functional solution that supported audits, findings management, and risk acceptance workflows.
Earlier Career
Wells Fargo – Operational Risk Consultant
Arizona Department of Education – Information Security Officer
Corbins Electric – Director, IT & Security
Nationwide Insurance – Sr. Information Security Analyst
Arizona Dept. of Health Services – Information Security Manager
Alltel Communications – Sr. Technical Analyst
First Horizon National Corporation – Regional IT Coordinator
Arizona Dept. of Corrections – Network Specialist
United States Marine Corps – Corporal, Aviation Ordnance
EDUCATION & CERTIFICATIONS
B.S., Information Technology – University of Phoenix | 2004
Active: CISSP, CCSP, CISM, CRISC, CDPSE, OpenFAIR, ITILv3 Foundation, MITRE ATT&CK, Purple Teaming
Inactive: Novell CNE, CCNA, PCI ISA, PCI/P, AWS CCP
Technical Skills:
- Governance, Risk, & Compliance: NIST CSF, NIST 800-53, NIST 800-171, ISO27001, HITRUST, SOX, HIPAA, SCF, SOC2, Common Controls Framework, FAIR Risk Quantification, FedRAMP, CMMC, DFARS
- Cyber Defense & Operations: SIEM, Security Automation & Orchestration
- Application & Cloud Security: DevSecOps, Secure SDLC, Cloud Security, API Security, Container Security
- Technology & Infrastructure Security: Identity & Access Management, Network Security, Endpoint Security, Data Protection, Infrastructure Hardening, Patch Management, ITSM, Physical Security & Access Control Systems
