David L. Coss, PhD, MBA

David L. Coss is a senior cybersecurity and governance leader with more than two decades of experience driving enterprise security, risk reduction, and regulatory compliance across healthcare, technology, and highly regulated industries. Known for aligning cybersecurity strategy with business objectives, he has delivered more than $500M in cumulative risk mitigation and operational savings throughout his career.

David specializes in building and maturing GRC programs, including enterprise risk management, IT SOX, internal controls, third-party risk, data privacy, and audit readiness. His expertise spans NIST, SOC 2, HIPAA, HITRUST, and CMMC, along with emerging domains such as AI governance. At Magellan Health, he led the drafting of the organization's enterprise AI Governance Program policy and established the AI Risk Assessment process, enabling safe adoption of AI technologies while maintaining compliance and accountability.

A strategic operator with proven leadership experience, David excels at creating governance structures, reducing organizational risk, and improving cross-functional collaboration between Security, Legal, Compliance, Technology, and executive stakeholders. He has a strong track record of building high-performing teams, standardizing security processes, and guiding companies through regulatory scrutiny and major technology transformations.

David holds a PhD in Business (Information Systems), an MBA in MIS, and serves as an adjunct professor teaching cybersecurity governance and risk management. He is recognized for his ability to translate complex cybersecurity issues into actionable business decisions that enable growth, resilience, and long-term value.