Stephen B. Kaplan, JDChief Privacy and Security Officer
areas of expertise
- Policy & Procedure Development
- Risk Assessments
- PCI DSS Readiness Assessment
- Bachelor of Arts, University of Florida
- Juris Doctorate, Emory University Law
Stephen serves as a Chief Privacy and Security Officer for GoldSky Security.
Stephen has served companies across in a compliance, security, and privacy roles since 2002, including acting as the Chief Privacy & Security Officer for multiple organizations. Mastering diverse roles in technology, policy, regulations, and risk management, he accumulated extensive experience and knowledge in a wide breadth of industries.
In addition to delivering results on a project basis, Stephen holds increasing responsibilities in executive level privacy and management roles for various companies, improving and overseeing the completion of information management initiatives.
As a consultant, he advises on and assists with the development and implementation of the entity’s data privacy policies and practices, working across business groups to drive data privacy excellence.
Recently, he has led the security and privacy improvement of companies in the Healthcare, SaaS, Insurance Industries as well several 501c(3) organizations, performing gap assessments against applicable frameworks and regulatory mandates. From the gap assessments, Steve and his team facilitated implementation of remediation efforts and proper missing controls, including:
- Information Security Policies and Procedures
- Risk Assessments
- System Security Plans
- Incident Response Plans, Training and Testing
- Configuration Management Plans
Stephen approaches his work from a “Client Up” perspective, taking great care to learn a client’s business functions and objectives and then applying a privacy & security framework overlay rather than beginning with a regulatory schema or baseline and simply “draping it” over the business. He is a consummate professional and extremely passionate about helping his clients reduce the risks of cyber-attacks and assist in achieving regulatory compliance mandates.