H-ISAC Board of Directors


Aetna, Inc. – James Routh – CISM, CSSLP, Chief Information Security Officer
Mr. Routh leads Global Information Security with over 20 years of experience as a practitioner, management consultant and leader of technology and information security functions for global service firms. Prior to Aetna, he was the Global Head of Application and Mobile Security for JP Morgan Chase, and CISO for KPMG, Depository Trust & Clearing Corporation, and American Express. Mr. Routh is also Chairman of the FS-ISAC Products & Services Committee and former Board member.

Amgen – Gregory Barnes – Global Chief Information Security Officer
Mr. Barnes is the Global Chief Information Security Officer at Amgen and has over 20 years of experience as a practitioner. He began his security career in the United States Air Force, where he managed classified intelligence and cyber operations systems. Prior to joining Amgen, Mr. Barnes served as the CISO for Horizon Blue Cross Blue Shield of New Jersey, worked for Health Care Service Corporation as the ISO for Blue Cross of Oklahoma, and Lucent Technologies as a Managing Principal. At Lucent, he lead multiple highly skilled technology teams, designing advanced technology networks for MCI/Worldcom and conducting numerous program designs, penetration tests and technology engagements for Exxon, Washington Mutual, Cisco, State Farm, Williams Communications, WalMart and others. Mr. Barnes served as a former Chair to the Payer Subsector of the Healthcare and Public Health (HPH) Sector Coordinating Council (SCC,) and former Blue Cross Blue Shield Association (BCBSA) Cyber Security Subcommittee advisor.

BlueCross BlueShield of Western New York – Scott Morris – Chief Information Security Officer
Scott Morris serves as Chief Information Security Officer for BlueCross BlueShield of Western New York headquartered in Buffalo, New York. Morris is responsible for the development, governance and assurance of the health insurance company’s technology risk and third party risk programs, as well as the management of all information and cyber security domains. A seasoned information security executive possessing nearly two decades of experience, Morris has a successful track record of developing project methodologies, architectural governance, enterprise documentation, and team development. Morris is actively engaged in the cyber community, serving on the executive board of directors for InfoTech Niagara, the Advisory Board for local accounting firm, and is a frequent speaker at several national and local events and conferences.

CVS Health – Frank Price – Chief Information Security Officer
Frank Price serves as Chief Information Security Officer of CVS Health, the largest pharmacy healthcare provider in the United States, and is responsible for the company’s Enterprise Information Security Program. Prior to joining CVS Health in 2013, Frank worked in the telecommunications sector as Chief Information Security Officer of Alcatel-Lucent and in the healthcare sector as Vice President of Global Information Security at Medco Health Services, Inc. (now Express Scripts.) Frank has also held Information Security roles in the banking sector at Dai-Ichi Kangyo Bank and Long Island Savings Bank. He obtained his Bachelor of Science degree in Information Systems Management from New York University.

Wafaa Mamilli
Eli Lilly – Wafaa Mamilli, VP- Chief Information Security Officer
Wafaa Mamilli leads the worldwide information security organization at Eli Lilly and Company. Prior to her current position, she held several International leadership responsibilities across the Lilly value chain partnering with Drug Development, Manufacturing & Quality, Sales and Marketing and Global Services to excel at supporting base operations while bringing innovative digital and analytics powered solutions to the business.

Emory University – Brad Sanford – Chief Information Security Officer
Brad Sanford currently serves as the Chief Information Security Officer for Emory University where he has overarching information security responsibilities for both Emory University and Emory Healthcare. Brad has over 25 years of IT experience working for organizations such as Humana, Vanderbilt University, Hospital Corporation of America, and Emory University where he has focused on creating and leading Information Security programs and developing innovative Information Security solutions. Brad was a finalist for Southeast Information Security Executive of the Year in 2011 and was the recipient of the 2011 Healthcare Information Security Executive of the Year award for North America. Brad is an active member of the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC). Additionally, Brad serves on the SANS Educational Advisory Board and served on customer advisory boards for Lancope and TippingPoint. Brad is also an Emory University faculty member within the Rollins School of Public Health where he serves as a periodic lecturer and has taught a graduate course on Information Security and Privacy.

Intermountain Healthcare – Karl West – Chief Information Security Officer and Assistant Vice President
Karl West has been involved in information technology and security for more than 30 years. His current responsibilities span all aspects of Cybersecurity and Strategy at Intermountain Healthcare, an integrated delivery network of 22 hospitals and 185 clinics in Utah and Southern Idaho. Security specialties include governance, architecture, risk and compliance, Identity and Access, eDiscovery, forensics, and incident management. He is currently a member of the Utah Health Information Network (UHIN) Privacy and Security Board, a member of the Association for Executives in Healthcare Information Security (AEHIS), which is part of CHIME, and also Weber State College’s Computer Science department.

McKesson – Spencer J Mott, SVP and Global CISO
Worldwide responsibility for Information Security and Risk Management with a staff of 200 and operating in a highly federated and diverse global healthcare business including drug distribution, manufacturing, devices, pharmacies, clinics and patient support programs. Prior to McKesson served as the Interim CIO at Amgen Biotechnology and also as CISO. Thirty years experience in the security sector including CISO at Electronic Arts, the Motion Picture Association and 15 years in the Metropolitan Police including the UK Security Services.

Merck & Co. – Terence Rice – Vice President, Information Risk Management and CISO
Mr. Rice is responsible for Information Security, IT Regulatory Readiness, Quality/Technical Assurance, Business Continuity Planning and Policy, and has held multiple roles at Merck, as Executive Director, Information Risk Management & Compliance within the Enterprise Technology & Application Services organization. Prior to Merck, Mr. Rice served as Director of Global Information Security for Johnson & Johnson, and then in the consulting industry in a variety of roles. Mr. Rice holds a BS degree from West Point; and a Masters of Science degree from George Washington University.

Medtronic – Patrick Joyce – Vice President – Information Technology, Chief Security & Privacy Officer (CISO)
Patrick Joyce is responsible for all global functions, strategies, operations and execution related to all forms of security and privacy across the company, including IT/cybersecurity, physical/facility and travel security, identity & access management (IAM), the product/device security programs and data privacy. Within Global IT, he is also responsible for the global process teams supporting Master Data Management, IT Quality Management and Legal/Compliance.
Patrick joined Medtronic in 2005 to initially build the Corporate IT Audit function, providing audit and consulting services across Medtronic’s global business units, corporate functions and IT organizations. In subsequent roles, he has also had responsibility for leading Medtronic’s Global IT Program & Portfolio Management Office, as well as Medtronic’s Global Physical Security organization and many of the IT Core Process Teams.

Partners Healthcare – Jigar Kadakia –  Chief Information Security and Privacy Officer CISSP, CIPP, CRISC
Jigar is the Chief Information Security and Privacy Officer for Partners Healthcare. He has more than 17 years of information security experience across multiple industries with a focus on healthcare delivery. Jigar holds a Bachelor of Science degree in Chemical Engineering from the University of Cincinnati and a Master in Business Administration from Xavier University.

Pfizer – Brian D. Cincera – Vice President
Brian has global responsibility for Pfizer’s information security and technology risk management program.  In his role, Brian oversees strategy development, cybersecurity risk management, policy and governance, protection operations and workforce awareness.  As part of Pfizer’s company-wide enterprise risk management program, Brian is responsible for leading its information security risk governance process including regular reporting to Pfizer’s executive leadership and members of its Board of Directors. Brian joined Pfizer in 2005 and works in Collegeville, PA.

Royal Philips –  Michael McNeil – Global Product Security & Services Officer
Michael C. McNeil is the current Global Product Security & Services Officer for Royal Philips. In this capacity, McNeil is responsible for leading the global product security program for the company and ensuring consistent repeatable processes are deployed throughout their products and services in the Healthcare market. Prior to this assignment, McNeil was the former Global Chief Privacy & Security Officer at Medtronic responsible for the development and design of their initial product security and incident response management programs; Chief IT Security Officer at Liberty Mutual Group; Global Chief Privacy Officer at Pitney Bowes, and Vice President, Chief Privacy Officer of Data Services for Reynolds & Reynolds.

Takeda – Mike Towers – CISSP – Chief Security Officer
Mike is accountable for designing, implementing, operating and monitoring a comprehensive, global security and risk management program to include the vision, strategy and objectives to ensure that critical assets are adequately protected. He is responsible for managing security risks in a manner that meets compliance, quality, legal and regulatory requirements, and aligns with and supports the risk posture of the company. He develops and implements policies, standards and process to ensure a world class information and cybersecurity program. Prior to Takeda, Mike was CISO at Allergan plc, accountable globally for protecting the confidentiality, integrity and availability of Allergan’s vast information assets across an R&D, supply chain and commercial enterprise. Previously, Mike was VP, Information Security Assurance at GlaxoSmithKline (GSK).


H-ISAC – Denise Anderson – President
Denise Anderson is President of the Health Information Sharing and Analysis Center (H-ISAC). Prior to H-ISAC, she was a Vice President of FS-ISAC where for almost nine years she helped the ISAC grow and achieve its successful status in the information sharing community. She has over 25 years of executive management level experience in the private sector. Denise currently serves as Chair of the National Council of ISACs (NCI). She was instrumental in implementing a CI/KR industry initiative to establish a private sector liaison seat at the National Infrastructure Coordinating Center (NICC) to enhance information sharing between the private sector, CI/KR community and the federal government and serves as one of the liaisons. She is a health sector representative to the National Cybersecurity and Communications Integration Center (NCCIC) — a Department of Homeland Security-led coordinated watch and warning center that improves national efforts to address threats and incidents affecting the nation’s critical information technology and cyber infrastructure. Denise was certified as an EMT (B), and Firefighter I/II for twenty years and as an Instructor I/II and state EMT evaluator in Virginia for over ten years. Denise holds an MBA in International Business and is a graduate of the Executive Leaders Program at the Naval Postgraduate School Center for Homeland Defense and Security.