Privacy & Security Workshop, April 2016

 Concerns, Trends and Employment in Ethics and Compliance

Privacy & Security: Concerns, Trends and Employment in Ethics & Compliance Workshop


Register now using our EventBrite site

April 29, 2016, 8:45 a.m.- 4:30 p.m.
SF State Downtown Campus
835 Market Street, Suite 597
San Francisco, CA 94103

For more info contact Denise Kleinrichert, Ph.D. (

Agenda Topics and Speakers

8:45-9 am Coffee/Tea

9-9:10 am Opening statements

Denise Kleinrichert, Ph.D., "Dr. K", Director, Center for Ethical & Sustainable Business

9:10-10 am Icebreaker and Introductions

Michelle Nix, Vice President, National IT Compliance, Kaiser Permanente

10-10:30 Context Setting: Why cybersecurity comprehension is important for compliance professionals

Michelle Nix, Vice President, National IT Compliance, Kaiser Permanente

10:30-11:30 Cybersecurity Panel: What keeps you up at night?

Moderator: Michelle Nix, Vice President, National IT Compliance, Kaiser Permanente


  • Scott Morgan, Privacy and Security Compliance Officer, NCO Kaiser Permanente
  • Izak Mutlu, CISO
  • Byron Chun, Vice President, Technology Manager of Wholesale Security Services, Wells Fargo

11:30-12:30 Lunch and Networking

12:30-2:00 Case Study: Incident Investigation and Breach Notifications–Oh My!

Facilitator: Scott Morgan, Privacy & Security Compliance Officer, NCO Kaiser Permanente

Team Facilitators:

  • Okorie Ramsey, CPA, PMP Vice President, Finance Compliance Officer & SOX
  • Yuan Chen, Director, Privacy & Security
  • Michelle Nix, Vice President, National IT Compliance, Kaiser Permanente

2-2:15 Break

2:15-3 Network Building and Things I wish ‘they’ had told me in school.

Michelle Nix, Vice President, National IT Compliance, Kaiser Permanente

Kalpa Chobe Director, IT Compliance Sustainment and PCI Program  

  • Why is that important?
  • What is it?
  • How do you do it?

3-4 How to Apply Networking and Career Development Skills

Orlando Harris, Executive Director - Business Development, Marketing & Career Services

4-4:30 Closing Remarks

Denise Kleinrichert, PhD - "Dr. K" Director, Center for Ethical and Sustainable Business

Speaker Bios

Denise Kleinrichert, Ph.D., Associate Professor, Management/Ethics

Denise KleninrichertDenise is the director of the CESB and an associate professor of management/ethics. She teaches business undergraduate and graduate courses on the ethical, social and environmental aspects of business. She is the chair of SF State’s annual Business Ethics Week and she is a founding faculty member of the CESB High School Summer Sustainability Workshop. Her academic career focuses on teaching and publication in the areas of business ethics, corporate social responsibility, sustainable business practices, gender and social entrepreneurship, board director risk and transparency, and business education. She also has extensive corporate executive experience in the banking, hospital, and insurance industries. She has a Ph.D. and MA in philosophy, MLA in social & political thought, and MBA course work from the University of South Florida. She has a BA in economics from Indiana University.

Michelle Nix, Vice President, National IT Compliance

Michelle NixMichelle joined Kaiser Permanente in 2013 as the vice president of National IT Compliance within the Technology Risk Office. In this role she is responsible for ensuring IT is compliant with relevant federal, state and local regulations. In addition, she leads teams responsible for corrective action plan monitoring and reporting, audit support and assessments, investigation, training, and controls sustainment. Michelle’s prior roles include Relationship Leader for Information Risk Management at PayPal and the Director of IT Risk Management at Juniper Networks and at Fortune 11 McKesson Corporation. In 2011 Michelle received the Executive Women’s Forum and CSO Magazine’s “Women of Influence Award” for Corporate Practitioner. In 2012 she concluded her work as co-chair of the California Office of Health Information Integrity (CalOHII) Privacy Steering Committee which provides state-level privacy standards for health information exchange, an effort she had been supporting for over seven years. Michelle has over 26 years of healthcare technology experience in both the risk management space and the information security space. She holds a Master’s Degree in Healthcare Administration and certifications in the Governance of Enterprise IT (CGEIT), Security Leadership (GSLC) and Healthcare Privacy and Security (CHPS).

Byron Chun, VP Manager, Principle Engineer and Head of Wholesale Security Services

Byron, a native of San Francisco, was recruited from California State Universities by Wells Fargo in 1997 to lead the design and implementation of the first Internet presence for Wholesale. The implementation paved the way to what later became the award winning CEO Portal, as well as a patent for remote check scanning and processing. His innovation does not stop with applications. His groundbreaking approach to building security into agile software design and secure software architectures has enabled Wells Fargo to grow rapidly while maintaining customer confidence in Wholesale products. Vendors and Universities such as Hewlett Packard and Stanford University have products and services that have benefited from the principles conceived by Byron. He currently heads the software security practices organization for Wells Fargo Wholesale. He values education, training, and mentoring and still maintains his education ties by volunteering as a mentor (using the Internet) to disadvantaged high school students in the Shawnee School District (Topeka, KS) as well as Fort Collins School District in the United States.

David S. McWaters, PharmD, JD, Director, Privacy & Security, Incident Management

David S. McWaters, PharmD, JD, Director, Privacy & Security, Incident ManagementDavid is both a pharmacist and a lawyer, and happily practices neither profession. Instead, he is a director, privacy & security, incident management in Kaiser Permanente’s National Compliance, Ethics & Integrity Office. He joined KP in 2001, coming from two internet startups (one successful, one not so much). Prior to that, David was an associate professor of pharmacy practice at the University of the Pacific School of Pharmacy. Currently, among many other things, David is responsible for KP’s Major Breach Plan and Data Loss Program compliance.

Scott Morgan, Executive Director, National Privacy & Security Compliance Officer

Scott MorganScott serves as Kaiser Foundation Health Plan’s national privacy and security compliance officer, responsible for programs to support Kaiser Permanente’s compliance with the HIPAA Privacy and Security Rules and other related laws and requirements. He started in his current role at the beginning of 2005 and has been working on privacy and security compliance since 2000. Scott’s background before privacy work included medical center administration and project management. He received a Master of Public Health degree in the Health Policy and Administration Program at the UC Berkeley School of Public Health.

Izak Mutlu, VP Manager, Vice President of Information Security,

Izak Mutlu, VP Manager, VP of Information Security, Salesforce.comFor the last ten years Izak has been the vice president of information security at As the CISO he has been responsible for managing globally the information security activities, including architecture, design, implementation, and operations. Izak has been instrumental getting globally fully certified with the ISO 27001 international standard, as well as the PCI, US Government FedRamp and several other certifications. Previously, Izak was the Chief Information Security Officer at Silicon Graphics and Solectron, responsible for setting up security organizations for both companies worldwide. At Solectron, he was also the senior IT director, and was responsible for the negotiation of a $1.8 Billion outsourcing deal for managing infrastructure and applications and networking for the entire company. Izak has over 30 years of information systems, security, networking and telecommunications experience. He has also held senior positions with EDS, Amdahl and Philips Semiconductor. Izak is also the chairman of the CSO Council in the Bay Area, promoting the sharing of best practices among peers made up the top 30 Bay Area companies. Izak has an industrial engineering degree from the University of Massachusetts and also holds a CISM security certification.

Okorie Ramsey, Vice President, Finance Compliance Officer & SOX for Kaiser Foundation Health Plan, Inc. and Kaiser Foundation Hospitals

Okorie Ramsey, Vice President, Finance Compliance Officer & SOX for Kaiser Foundation Health Plan, Inc. and Kaiser Foundation HospitalsOkorie advances the finance compliance program and enhances the Sarbanes Oxley (SOX) and Model Audit Rule (MAR) compliance processes, procedures and tools to support Kaiser Permanente’s commitment to adherence with applicable federal and state laws, regulations, internal policies and SOX and MAR standards. Okorie is a thoughtful leader who acts strategically and operates with a focus on people, process and controls to achieve financial and operational effectiveness. Prior to this role, he served as the director and managing director of Sarbanes/Oxley and Financial Governance for the Northern California (NCAL) Region of Kaiser Permanente. In this role, he oversaw a team responsible for strengthening the internal control environment within the NCAL Region through advisory support to business partners with the responsibility for development of practical and sustainable internal controls. He also facilitated the development and maintenance of regional policies and implemented a people development and management training program for the NCAL Controller’s Group, as well as provided oversight and support to the NCAL Finance Transformation Team.

Glenda Thornton, Program Manager, Compliance, Ethics, & Integrity Office, Kaiser Permanente

Glenda joined Kaiser Permanente in 2002 and currently serves as a program manager for the Northern California Privacy Unit. Glenda is a privacy subject matter expert and consultant for Kaiser Permanente Northern California’s 14 medical centers, Kaiser Permanente's Post Acute Care Center, as well as region offices. Her primary duties include managing large scale privacy incidents for the region, conducting internal investigations related to privacy violation allegations, responding to HIPAA complaints filed with the Office for Civil Rights, and the management of regional privacy/security policies and procedures. Glenda holds a bachelor degree in business management from the University of Phoenix, certifications from the Health Care Compliance Association in Health Care Compliance and Health Care Privacy Compliance, and is a certified improvement adviser.