Chief Information Security Officer (CISO)/ Senior Official for Privacy
Centers for Medicare and Medicaid Services (CMS)
Emery Csulak is the Chief Information Security Officer (CISO)/ Senior Official for Privacy for the Centers for Medicare and Medicaid Services (CMS). He leads enterprise and privacy functions at CMS and ensures the Agency complies with secure IT requirements while encouraging innovation. Recently, as established under the Cybersecurity Act of 2015, he co-chaired the Health Care Industry Cybersecurity Task Force to analyze the challenges the health care sector faces when securing and protecting itself against cybersecurity incidents. Mr. Csulak has over 20 years of experience in information technology, information security and management consulting. As information technology has grown more complex with the advent of innovative technologies that allow for the rapid collection, storage and distribution of vast amounts of information and data, so too has the importance of safeguarding the privacy of health and other sensitive information collected by CMS. Our Agency is entrusted with the health information of over 100 million Americans, and it our fundamental responsibility as stewards of this information to ensure its confidentiality is protected. Emery leads CMS's efforts to ensure we meet the standards of excellence demanded by that stewardship responsibility, and protect it from bad actors both foreign and domestic. Prior to CMS, Mr. Csulak was the Deputy CISO for the Department of Homeland Security (DHS) where he developed the DHS Information Security Performance Plan and Scorecard in support of the Federal Information Security Management Act (FISMA). While at DHS, he was a founding member of the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing adoption with the federal government. He served as the DHS Technical Representative supporting the Joint Authorization Board (JAB). Mr. Csulak is a certified Project Management Professional (PMP) and Certified Information Systems Security Professional (CISSP).