Microsoft Office
Nicole Sigler
IT Security And Compliance
Fishers,IN
Summary
Performance-driven Vice President with over 20 years of experience aligning systems with business requirements, policies, and regulatory requirements (HITRUST, NIST CSF, NIST 800-53, HIPAA, PCI DSS, CMMC, FedRAMP, GDPR). Passionate about applying excellent organization and communication skills to manage and lead teams. Results-oriented individual well-versed in interfacing and consulting on business processes to drive results based on sound overall business judgment. IT security and audit experience across multiple industries (healthcare, manufacturing, retail, insurance, energy, finance).
Overview
20
20
years of professional experience
2
2
years of post-secondary education
1
1
Certificate
2
2
Languages
Work History
VP of Security and Compliance
Olio Health
10.2022 - 10.2024
- Successfully completed initial HITRUST certification in less than 6 months with only 3 continuous audit program (CAPs) items
- Created and managed 10 HITRUST compliant policies and over 20 procedures that scored 100% with HITRUST
- Implemented the initial security and compliance program for the SaaS solution
- Streamlined compliance processes, decreasing time to gather evidence by 25%
- Overhauled the software/vendor request process to improve the end user experience
- Utilized Vanta's GRC to automate the risk assessment processes and reduce compliance audit times by 20%
- Managed over 50 vendors and software in Vanta
- Facilitated the implementation of compliance tools (i.e
- Vanta, Zendesk, Jumpcloud) to strengthen the compliance program
- Supervised relationships with 3 compliance vendors
- Facilitated the vulnerability management process and ensured timely remediation of vulnerabilities
- Prioritized risks and audit findings identified from audits and risk assessments to implement remediation and correction action plans
- Conducted annual table top exercise on the BCP/DRP and SIRP
- Collaborated with the HR and engineering teams on security initiatives
Principle IT Security Consultant
Pondurance
11.2014 - 10.2022
- Conducted HIPAA and NIST risk assessments for healthcare, manufacturing, retail, and insurance fortune 500 companies
- Conducted security incident response tabletop exercises for multiple clients
- Virtual CISO for manufacturing, healthcare and retail clients
- Implemented the initial security program for a fast growing healthcare software company
- Conducted PCI DSS assessments
- Designed and implemented Business Continuity and Disaster Recovery Plans for retail and insurance companies
- Ensured customer success with engagements
- Engaged customers in additional services
IT Compliance/Information Asset Protection
Cummins
01.2008 - 11.2014
- Managed the compliance requirements for onboarding applications for the Role Based Access Control pilot
- Assisted the Information Security team to revise the Vendor Security Assessment process
- Developed and facilitated training for IT Compliance reviewers for completion of evidence submissions
- Managed the relationship with our supplier contact for IT general controls services
- Submitted the IT general controls compliance results/evidence to the IT Senior Leadership Team and the external auditor on a timely basis each quarter
- Implemented a process to measure the IT controls quarterly reviews results
- Implemented, monitored and improved the system of controls to meet all legal, regulatory,and business requirements identified for Cummins IT Controls
- Managed and provided guidance to a team of 16 contractors assisting with the testing of IT control submissions
- Planned, executed, reviewed, and facilitated remediation for all internal and external IT general controls audits
- Implemented the IT application controls risk assessment controls and process and facilitated training on the process
- Decreased the average age to close and percent closed past due corrective action requests CARs by implementing process improvements for compliance audits
- Identified, monitored, and remediated risks associated with operational and Sox controls
- Participated on an ITAR 6S project to identify ITAR compliance requirements
- Revised the data classification levels and the data classification policy
- Trained employees on how to classify and handle data
- Collaborated with the IT security team on incidents related to data leakage
- Assisted employees on locating, storing, and the proper handling for intellectual property
Education
Bachelor of Science - Double Major in Accounting & Information Systems
Ball State University
Muncie 05.2002 - 05.2004
Skills
Information Security
IT Audit
PCI
Risk Assessments
GRC
Security awareness training
SaaS
Business Process Management
Security Incident Response
BCP/DRP
Six Sigma
Sox
Risk Management
Organizational Change Management
Public accounting
SOC2
Cloud Security
Problem Solving
Access reviews
Budgeting
Forecasting
AOP
EOS
Project management
Growth planning
Executive-level support
Decision-making
Relationship building
Teamwork and collaboration
Consulting
Policies and procedures
Written communication
Time management
Process improvement
Multitasking
Training and development
Vulnerability assessment
Endpoint security
Data protection
Identity and Access management
Accomplishments
- HITRUST certification
- Initial r2 HITRUST certification for 270 requirements
Certification
Certified Information Systems Auditor (CISA)
Software
AWS
SentinelOne
JumpCloud
Vanta
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Timeline
VP of Security and Compliance
Olio Health
10.2022 - 10.2024
Certified Information Systems Auditor (CISA)
11-2017
Principle IT Security Consultant
Pondurance
11.2014 - 10.2022
IT Compliance/Information Asset Protection
Cummins
01.2008 - 11.2014
Bachelor of Science - Double Major in Accounting & Information Systems
Ball State University
05.2002 - 05.2004