Keith Mattox

KeithMattoxKeith Mattox, CISSP, PMP, is a senior consultant in at Clinical Security, LLC. Mr. Mattox has ten years’ experience as a consultant providing information security and compliance solutions at the enterprise and division level. As a program manager with 25 years of IT experience, he has led the development and implementation of information security and compliance programs for financial institutions, pharmaceutical companies, healthcare organizations, electric utilities, and government entities.   He has worked with many clients to refine and formulate policies that clearly state desired behavior and accountability objectives in order meet organizational goals and mitigate risk. Prior to joining CTG, Mr. Mattox served as a security consultant for a de novo internet bank and as the information security manager with over 450 branches. He is based in Raleigh, North Carolina.

Representative Accomplishments

Examples of Mr. Mattox’s career accomplishments include the following:

  • He served as interim CISO at of the nation’s largest county hospital systems, performing HIPAA Gap analysis as part of an overall IT policy framework
  • Led the security team for a major bank in the development of an Internet bank
  • Completed key reports and documentation to meet all FFIEC and OCC regulatory requirements for a nationally charted online bank
  • Planned and conducted extensive risk assessments and due diligence site visits for third-party application providers and integrator and wrote follow-up assessment reports
  • Reviewed dozens of third party SAS 70, SSAE 16, and BITS Shared Assessments to ensure vendors followed security best practices and policies and implemented control requirements that met bank’s security standards
  • Wrote annual information security report to the board of directors required for GLBA regulatory compliance
  • Reviewed and served as a subject matter expert in the development and customization of numerous information security and privacy awareness training courses including, ISO 27001, PCI DSS, HIPAA, NERC, web application security (based on OWASP top 10), Anti-Money-Laundering, and policy agreement tool.


Mr. Mattox is Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP) and Certified HIPAA Professional (CHP). He studied Business Management at the University of Connecticut and Industrial Management and Computer Science at Purdue University. His areas of specialization include:

  •  Information security policy, procedures, and standards development
  •  Security awareness and privacy development and program management
  •  Security training needs and gap analysis  3rd party assessments and compliance reviews
  •  Project and program management
  •  Information security risk management
  •  Secure software development lifecycle management Mr. Mattox is affiliated the Project Management Institute, the International Information Systems Security Certification Consortium ((ISC)2), the Information System Security Association (ISSA), Information Systems Auditing and ControlAssociation (ISACA), and Infragard.
  • For the past two years has served as the GRC session chair for Triangle
  • InfoSeCon, the largest ISSA chapter security conference worldwide. As a volunteer, he has been a trainer for CISSP
  • prep in Business Continuity and Disaster Recovery Planning and Legal Regulations, Investigations, and Compliance
  • domains.