Bobbi Jo Halladay, privacy, compliance and GRC professional

Bobbi Jo Halladay

Privacy · Compliance & GRC · Program Management

halladaybobbijo@gmail.com LinkedIn

Healthcare compliance, carried into privacy and governance. Twenty-three years protecting sensitive information, now applied to GRC and the programs that hold the work together.

View the portfolio Get in touch
23+ years in healthcare compliance CPhT HIPAA · DEA · FDA NIST & ISO portfolio Security+ (in progress) Founder, The Safe Click Project

01 The pivot

Where I came from, and where I am headed

The foundation

Healthcare compliance

Two decades governing HIPAA, DEA, and FDA requirements across independent, retail, specialty, and clinical pharmacy, plus patient care coordination.

The build

Privacy, GRC & risk

A full governance portfolio grounded in HIPAA: risk assessments, NIST and ISO gap analyses, privacy and security policy, vendor risk, and audit readiness, plus hands-on technical training to back it up.

The direction

Where I fit

Privacy and data protection, GRC and compliance, and program and project management, grounded in the healthcare compliance work that started it all.

02 Featured work

Proof, organized by what you need

GRC and AI Governance

GRC & AI Governance

HIPAA risk assessment, NIST CSF and AI RMF, ISO 42001, incident response, vendor risk, and audit readiness.

See the artifacts → Program Management

Program Management

The Safe Click Project run as a CAPM-aligned program: charter, WBS, roadmap, RAID, status reporting, and closeout.

See the artifacts → Security Awareness

Security Awareness

The Safe Click Project: five courses, 20+ lessons, plain-language security for non-technical learners.

See the project →

The intersection few candidates can claim

Where an AI tool touches protected health information, AI governance and HIPAA obligations overlap. I can speak to that intersection from real experience, which is exactly what an AI GRC role needs.

Let's talk