Resume
Bobbi Jo Halladay
Healthcare compliance professional moving into privacy, GRC, and program management.
Location available on request · halladaybobbijo@gmail.com · LinkedIn
PDF coming soon. Drop the final file in /assets to activate this button.
Summary
Compliance professional with 23+ years governing HIPAA, DEA, and FDA requirements across pharmacy and patient care, now applying that risk, privacy, and documentation discipline to GRC and program delivery. Built a full GRC and AI governance portfolio spanning HIPAA risk assessments, NIST and ISO gap analyses, privacy and security policy, and audit readiness, backed by hands-on technical training. CPhT, cybersecurity bootcamp graduate, Security+ in progress.
Core skills
Governance & Risk: HIPAA, NIST CSF 2.0, NIST SP 800-30 risk assessment, NIST AI RMF, ISO/IEC 42001, incident response (NIST SP 800-61), third-party risk.
Privacy & Compliance: HIPAA Privacy, Security, and Breach Notification rules; data protection and minimum necessary; DEA and FDA requirements; policy writing; audit readiness; documentation standards.
Program & Project Management: charter, WBS, roadmap and scheduling, RAID and risk registers, stakeholder and communication planning, status reporting (CAPM-aligned).
Security Awareness: curriculum design, plain-language training for non-technical audiences, content production.
Technical: home lab with UniFi, VLAN segmentation, Pi-hole, Raspberry Pi IDS; networking fundamentals.
Experience
Patient Care Coordinator
CarepathRx (CarepathRx / Cigna / Chartwell) · through April 2026
- Coordinated complex cases across patients, providers, and insurers while safeguarding protected health information.
- Maintained HIPAA-compliant handling of sensitive data and documentation.
Pharmacy roles (Specialty, Clinical, Retail, Independent)
Grantsville United Drug, Target Pharmacy, and specialty/clinical settings · 1997 onward
- Operated continuously under HIPAA, DEA, and FDA requirements handling PHI and controlled substances.
- Held documentation and accuracy to a regulated standard across two decades.
Projects
Founder, The Safe Click Project
thesafeclickproject.com
- Designed and produced five courses and 20+ lessons of plain-language cybersecurity education with no team or budget.
- Managed the effort end to end as a CAPM-aligned program.
GRC & AI Governance Portfolio
- Authored a HIPAA risk assessment, NIST CSF 2.0 gap analysis, security policy package, NIST AI RMF profile, ISO 42001 gap analysis, AI acceptable use policy, incident response plan, vendor risk program, and HIPAA audit-readiness workbook.
Education & certifications
- CPhT (Certified Pharmacy Technician)
- University of Utah Cybersecurity Bootcamp
- BS in Marketing, Western Governors University (in progress)
- CompTIA Security+ (exam July 10, 2026)