Nathan Settelmaier

InfoSec Program Manager | CIPP/US

Dallas, TX, United States

Details

Experience: Full-service FinTech firm providing B2B cloud-based commercial real estate finance solutions to global institutional clients

- Managed cybersecurity and compliance initiatives across subsidiary companies and platforms, reporting directly to the CTO

- Owned inbound client diligence program, ensuring 100% of deliverables were completed on time as part of the contracting process across 10+ new clients

- Performed internal consulting & contract review to advise in-house counsel on cyber-specific aspects of contract negotiation

- Reviewed subservice provider documentation, including SOC 2 and CMMC reports and attestations to ensure sufficient technical compliance with industry standards

- Collaborated with cross-functional Legal, Engineering, and Business teams to complete holistic vendor security assessments across various GRC & vendor assessment platforms

2022 : Present

CWCapital

Information Security Program Manager

Technology/Media/Telecom Client - Third Party Risk Analyst

- Assessed data privacy and security capabilities of 100+ third party vendors to protect sensitive client and user data

- Ensured compliance of 200+ third party applications against privacy standards, regulations, and risk management frameworks such as SOC 2, ISO 27001, GDPR, and CCPA

- Collaborated with security, business, and legal teams to assess and validate vendor privacy and security controls

- Communicated directly with third party vendor and client leadership on actions to improve security posture

Deloitte - Internal Development

- Coordinated with key stakeholders to support cross-functional integration in the Life Sciences and Healthcare industries for cloud-related projects, resulting in $10m+ of additional revenue attributed to the service offering

- Contributed to and participated in cloud security client proposals

- Managed team of 3 analysts to oversee onboarding of 20+ new hires to internal AWS group

- Coordinated and presented at monthly internal AWS meetings on current sales, projects, and metrics

- Awarded one-time bonus from leadership for assisting with company eminence and internal collaboration

- Selected based on merit and internal contributions to be sponsored to attend AWS Re : Inforce 2022

2021 : 2022

Deloitte

Cyber Analyst

- Created and implemented Google Cloud (GCP) based education platform to host distanced learning through Covid-19

- Managed groups, users, and roles within Google IAM console

- Created documentation to explain the new system and operation to key stakeholders (parents, students teachers and staff)

2019 : 2021

Waypoint Montessori

IT Consultant

- Worked as lead and assistant referee to manage flow and fairness of competitive youth soccer games across North Texas

2013 : 2020

U.S. Soccer Federation

Soccer Referee

Company: CWCapital

About

I graduated 2 years early from the University of Texas at Arlington and at 20, began working in Deloitte’s Risk and Financial Advisory practice working with a Fortune 500 Silicon Valley client in their third party risk management team. Through close collaboration across various cross-functional legal, business, and engineering teams, I conducted DPIAs to ensure compliance of third party vendors and applications with global data privacy and security criteria, such as SOC 2, ISO 27001, GDPR, CCPA, and other global regulations, ensuring sensitive client and user data was adequately protected.

Outside of my client work, I became deeply involved with various internal Deloitte development initiatives, supporting sales pitches, practice development, metrics reporting, and internal eminence efforts. Through these roles, I had the chance to participate in and lead teams across multi-industry cloud-centric engagements, giving me a broad understanding of the technology landscape and needs of many Fortune 500 clients. Most importantly, I met countless amazing colleagues and friends across the world.

After a busy year at Deloitte, gaining firsthand experience with both the business and technical data privacy and protection principles of major global institutions, I joined a financial technology startup as a program manager at the increasingly complex and scrutinized intersection of commercial real estate finance and cybersecurity. I manage the compliance and information security initiatives across subsidiary B2B SaaS companies. I also serve as the external point of contact for all new and existing inbound client cybersecurity diligence requests, and frequently advise in-house counsel on cyber-specific aspects of contract negotiation.

While building out industry-best practices at my current company, I continually strive to improve and specialize in the broad data privacy and security landscape through ongoing education. I passed my Certified Information Protection Professional (US) exam, and am currently studying EU regulation (CIPP/EU) and Project Management Professional (PMP) material. I plan to apply to Master’s programs focused around the intersection and implementation of Cybersecurity & Regulatory Law.

It’s my goal to continue to build on my professional experience and educational background to become a well-rounded global cybersecurity/privacy leader and public policy advocate as the regulatory landscape and technology continues to evolve.