Kirsten Miller
Details
Computer and Information Systems Security/Information Assurance
Western Governors University
2012 : 2014
Master of Business Administration (M.B.A.)
Finance, General
University of Nevada-Las Vegas
2001 : 2003
Bachelor of Arts (B.A.)
Art History
Sonoma State University
1996 : 1998
2022 : Present
Golden 1 Credit Union
Information Security Officer
2020 : 2022
VSP Global
Manager, Security Governance, Risk and Compliance
• Conduct information security risk assessments for various solutions and technologies for all Global businesses, in all security domains to identify and mitigate control deficiencies; top producer in team for security assessments and risk analysis/reporting.
• Consult and advise internal customers on requirements and controls for regulatory and policy compliance.
• Design and document internal processes to support efficient, effective Risk Management, including security and risk assessments, corrective action planning and risk registration and review; authored Leadership read out reporting.
• Advise on policy, standards and guidelines creation and improvement to support proactive information security and regulatory compliance.
2018 : 2020
VSP Vision Care
Sr. Security Risk Analyst, Risk Management
Responsibilities
Lead team responsible for all facets of departmental and third party compliance (security and regulatory), in 4 distinct operations; provide compliance oversight for full lifecycle management of 27 contracted suppliers.
Conduct compliance and information security analysis of internal and third party operations, projects, policies, standards, and technology; advise Management with respect to requirements and strategies to achieve compliance with information security and regulatory compliance. Lead departmental response for regulatory compliance and information security audits, including coordination, deliverables, issue management and corrective action implementation against findings. Develop, maintain and implement departmental frameworks, standards, interaction models and procedures (scope, objective, roles and responsibilities, process and controls) for policy, regulatory and information security compliance.
Accomplishments
Developed and implemented corrective actions and controls enhancements to mitigate risk and close security and compliance gaps on time for 25 third party assessments and 3 major functional audits in last 18 months. Led projects achieving departmental standardization : Problem and Incident Management, Change Management, Corrective Action Planning and Issues Management, Third Party Risk Assessments, Regulatory application and controls assessment, Business Continuity/Disaster Recovery. Designed and delivered training program for new team members covering 10 compliance and security objectives, with deep dive focus in 12 topics to support the develop the knowledge base of the team.
2017 : 2018
Citi
Senior Manager, Business Control
Responsibilities
Assessed information security of third party suppliers for global business with operations in North America, based on ISO 27001 standard covering IS policy, confidentiality, integrity and availability of administrative, physical and technical objectives (authentication and access, incident management, human resources and training, firewall and infrastructure configurations, business continuity, SDLC, web-hosting, cloud security, physical security, data handling and subcontractors).
Accomplishments
Drove completion of over 100 assessments over 2 years, managing 10-12 concurrent assessments per month. Maintained on-time completion of reporting at 100% with average days to complete post assessment activity 14 days better than goal. Contributed to program enhancements with process improvements in managing assessment volume to meet timeliness objectives, design of deliverables requests to support review, and training for new assessors during their certification period.
2015 : 2017
Citi
Information Security Assessor (Sr. Manager)
Skills
Analysis, Auditing, Business Process, Change Management, CISA, COBIT, Cybersecurity, Disaster Recovery, Encryption, Financial Analysis, Financial Services, Incident Management, Information Assurance, Information Security, Information Security Management, Information Technology, ISO 27001, IT Audit, IT Management, Leadership, Management, Network Security, NIST, Organization Skills, Payment Card Industry Data Security Standard (PCI DSS), Physical Security, Policy Writing, Presentation Skills, Problem Solving, Process Improvement, Project Management, Risk Analysis, Risk Assessment, Risk Management, Security, Security Audits, Security Compliance, Security Risk, Strategic Planning, Strategy, Team Leadership, Third Party Vendor Management, Training, U.S. Federal Information Security Management Act (FISMA), Vendor Management
About
Effective leader of people and projects, with practical approach to technical and operational process improvement and security. Experienced organizer, designer and implementer of efficient, effective processes and controls with ability to translate and communicate technical jargon. Knowledgeable in working with regulation, governance frameworks and corporate policy in educational and business settings. Self-motivated, analytical and able to delegate or work individually to ensure deliverables are met.
Certifications and Relevant Experience include:
*CISSP
* CISA
* CHFI v.8 and CEH v.7
* ISO 2700x series, COBIT, NIST RMF
Information security & safeguards (CISSP, CISA)
Compliance risk assessment & control design
Audit & technology issue resolution
Business continuity, resiliency, recovery
ISO 2700x series, COBIT, NIST RMF, PCI, HIPAA
Strong knowledge of technology (application, OS, network, database)
Effective builder of partnerships and teams, self-directed
Strong conceptual thinking, communication, presentation skills
Profile Photo
