Established a formal risk management program based on NIST SP 800-30 and HIPAA, HITECH and Meaningful Use requirements. Creating a repeatable process for assessing and managing risks. Implemented data governance controls to ensure protection of ePHI data. Incorporated exception management process to manage exceptions until addressed. Transformed enterprise architecture initiatives to take a risk-based approach in making architectural decisions.