Open to opportunities

Melissa Thornton

@melissathornton

Message

Healthcare security leader specializing in HIPAA, HITRUST, and risk-aligned governance.

United States

Message

What I'm looking for

I seek senior security leadership roles where I can align security and business goals, build scalable governance, advise executives, and drive compliance and operational resilience in healthcare or regulated growth-stage organizations.

I am a business-savvy healthcare security leader who builds and matures cybersecurity and governance programs for HIPAA-regulated, growth-stage organizations. I align security strategy with business objectives while safeguarding PHI across cloud-based and distributed workforces.

I have led enterprise HITRUST and HIPAA initiatives, implemented Zero Trust architecture and 24/7 SOC operations, and developed AI risk governance and practical risk management approaches that reduce complexity while improving resilience. I have delivered measurable results including faster alert acknowledgement, reduced phishing rates, and improved incident resolution times.

I advise executives and boards, provide fractional CISO services to SMBs, and have run IT and security functions as a director and executive, positioning organizations for compliance, growth, and successful exits.

Experience

Work history, roles, and key accomplishments

Current

Cybersecurity Consultant

Current

Cybersecurity Advisory Group

Jul 2022 - Present (3 years 8 months)

Provide fractional CISO advisory services to SMBs and startups, aligning security investments to business growth and supporting regulatory readiness, vendor risk reviews, and executive risk reporting.

CISO Advisory Risk Assessment Regulatory Compliance Vendor Risk Management Policy Development Executive Reporting

Senior Director, Information Security

Evergreen Nephrology

Mar 2024 - Feb 2026 (1 year 11 months)

Architected and operationalized a companywide cybersecurity and governance program in a HIPAA-regulated, cloud-first healthcare organization; led HITRUST and HIPAA risk efforts and reduced mean time to acknowledge SOC alerts to <15 minutes while improving response efficiency ~60%.

HIPAA compliance HITRUST Zero Trust Architecture SOC Management Microsoft Security Incident Response Vendor Management

Director of IT & Information Security

Durante Rentals

Aug 2019 - Jun 2022 (2 years 10 months)

Built the company’s first formal information security and risk management program for a $45M private equity-backed organization, introduced vulnerability management and incident response processes, and reduced incident MTTR by 35%.

Information Security Vulnerability Management Incident Response Security Awareness Asset Inventory Governance

CEO & CISO

LSW Chauffeured Transportation

Jan 2008 - Aug 2019 (11 years 7 months)

Scaled operations and professionalized governance and security practices leading to a successful acquisition; achieved SOC 2 Type II attestation and embedded risk management into operations to improve valuation and buyer confidence.

Executive Leadership SOC II Risk Management Business Continuity Contract Negotiation & Compliance