Jonathan E. Cox, MCSECOO, CISO & Managing Partner
Areas of Expertise
- Security Risk Assessments
- Security Infrastructure Design
- Incident Response Planning
- DR-BCP Advisory
- Compliance Advisory
- Internal Audit Services
- BS, Management Information Systems, USF
Jonathan serves as a Principal Security Consultant and Managing Partner for GoldSky Security. His security and compliance expertise spans over 14+ years and focuses on infrastructure design, risk assessments and leading complex security & compliance management projects.
Jonathan brings a deep understanding of information security controls and compliance framework mandates to his clients.
He has been responsible for leading the security efforts of several company’s and their clients servicing the Banking, Healthcare, Legal, Insurance, Manufacturing, Telecommunications, and DoD Industries, performing gap assessments against NIST 800-171. From the gap assessment, Jonathan and his team assist organizations in implementing all the missing controls, which included:
- Information Security Policies and Procedures
- Risk Assessment
- System Security Plan
- Incident Response Plan, Training and Testing
- Configuration Management Plans
- Firewall Review and Update
- Change/Patch Management Review
Prior to consulting for GoldSky, Jonathan served as Chief Operations Officer for Medicat. He was responsible for developing and managing Medicat’s SaaS EMR software platform that services over 500 Colleges and University’s Student Health Centers.
Jonathan led the company’s efforts to achieve SSAE 18 SOC 2 Type II and +HITRUST CSF 8.1 certification. He also led the compliance support efforts for several clients and their audits based on the NIST 800-53 rev. 4, FedRAMP, FISMA, PCI, ISO 27001, NIST 800-30, and HIPAA/HITECH audits.
Throughout Jonathan’s career, he has consulted with company’s in providing his expertise in ISO 27001 gap analysis, policy and procedure development, security assessments, and security framework development. Additionally, Jonathan was responsible for creating an Information Security Training Program for all employees and managing third party and customer audits, including SSAE 18, PCI DSS and FISMA.