Kirk Jones
Director, Information Risk and Security Management and Information Security Officer
Kirk provides strategic and tactical leadership over the functions supporting information security, information security compliance, information risk management, and business continuity.
Kirk's experience spans both the security and privacy landscapes. To help protect FedPoint's critical information and business systems as well as ensure a secure operating environment for FedPoint customers, partners, and employees, Kirk and his team utilize and implement information security best practices in domains such as risk management, architecture, policy, compliance, third-party risk, awareness and training, vulnerability management, incident response, and contingency planning.
Kirk has been a leader in information technology and security for more than 20 years in the health care, insurance, and technology industries.
Prior to joining FedPoint, he spent four years at Workgrid Software, heading the cybersecurity, privacy, and IT compliance functions for a SaaS product entirely in the cloud. There he led the security assessment and SOC 2 compliance programs. Kirk spent four years at Liberty Mutual, leading domestic and international security risk assessments for internal systems and M&A engagements. He also spent two of those years at Liberty leading the cybersecurity customer and regulatory engagement program.
In health care, Kirk spent seven years as the Information Security Officer at Massachusetts General Hospital in Boston and four years as an Information Services Risk Manager at Steward Health Care System.
Additionally, Kirk served for 18 years on the board of Danvers Community Access Television, a local television studio in Massachusetts, where he served as treasurer and vice chairman.
Kirk has a master's degree in informatics from Northeastern University with a specialization in security management. Kirk also received his bachelor's degree from Northeastern, where he double majored in management and management information systems. He also holds multiple professional certifications in information security, risk management, and privacy.