Profiles search

Nicholas Davis

Information Security Director | Healthcare Cybersecurity | Governance, Risk and Compliance (GRC) | CISSP | CISA | CRISC | CCSP | HCISPP | ISC² Official Training Partner Authorized Instructor
Verona, WI, United States

Details

Education: MBA

Information Systems

University of Wisconsin-Madison

1995 : 1998

BA

French Language

University of Wisconsin-Madison

1989 : 1993

BA

Journalism

University of Wisconsin-Madison

1989 : 1993

High School Diploma

General Studies

St. John's International School, Waterloo, Belgium

1982 : 1989
Experience: • Lead a large and diverse cybersecurity team in the development, implementation, and monitoring of a comprehensive enterprise-wide information security and risk management program and roadmap, with a focus on protecting sensitive healthcare data.

• Provide strategic guidance and consultation to executive leadership and technical leads on security issues and threats, including malware, ransomware, phishing attacks, and data breaches, that are specifically relevant to the healthcare industry.

• Drive and influence software and infrastructure security across the organization, including penetration testing, vulnerability assessment, and security awareness training, to protect patient health information (PHI).

• Guide the technical development of security tools and product features to reduce security risk, such as firewalls, intrusion detection systems, and encryption, appropriate for the high availability operating environment.

• Proactively identify security issues and potential threats using threat intelligence, security analytics, and machine learning, to protect against targeted attacks.

• Provide strategic risk guidance and consultation for corporate IT projects, including the evaluation and recommendation of technical standards and controls, such as ISO 27001, HIPAA, and PCI DSS.

• Identify, track, and communicate detailed metrics and reporting indicating overall security risk factors, such as the number of security incidents, the cost of security breaches, and the compliance status of the organization, with a focus on meeting HIPAA requirements.

• Align the program with NIST 800-53, HIPAA, PCI, and other industry standards and frameworks, such as the Center for Internet Security (CIS) Controls, to ensure compliance with healthcare regulations.

• Promote a culture of strong information security, increasing overall awareness and compliance with security policies and procedures, to protect the confidentiality, integrity, and availability of PHI.

2021 : Present

UW Health

Director of Information Security

• Led and collaborated with internal stakeholders to ensure compliance with industry frameworks, system security plans, internal policies and standards, software deployment, change control, contractual and regulatory requirements.

• Anticipated, assessed, and mitigated operational, third-party vendor, and compliance risks from current and changing business practices, systems, policies, regulations, and laws using threat intelligence, security analytics, and machine learning.

• Prepared briefings and executive-level reports for the Board of Regents, Internal Audit, Risk Management Committee, and CIOs on cybersecurity risks and mitigation strategies.

• Oversaw the risk register, risk exceptions, metrics, reporting, and the management of identified risk, remediation action plans from IT audit, technology risk assessments, vulnerability scans, penetration testing, etc.

• Coordinated information security internal audit and external audit responses, regulatory, GLBA and SOX reviews representing information security and technology risks. Coordinated responses to RFI/RFPs and client security related questionnaires.

• Led the development, education, and adherence of change management processes to effectively ensure proper review and approval within defined service-level metrics.

• Led the negotiation and renewal of cyberliability insurance.

2019 : 2021

University of Wisconsin System

Director of Information Security Governance, Risk and Compliance

• Led the development and implementation of a comprehensive cybersecurity program for UW System institutions, including the development of an enterprise security framework based on NIST 800-53 guidance, working with campuses to deploy security controls and ensure compliance with policies, serving as a central point of contact for information security budget items and external vendors, and leading a security assessment team that conducts risk assessments and vulnerability testing.

• Developed cloud systems information security procurement standards and acted as a centralized contact and communication point for IT Security issues.

• Provided opinions to senior legal counsel on information security matters

• Led the University of Wisconsin Technology and Information Security Council.

• Managed and trained security staff, by leading the creation of position descriptions, conducting the interview process, performing candidate selection and the hiring of information security analysts, including onboarding, short- and long-term work assignments, performance management, career development, and overall direct supervision.

• Evaluated, acquired, and implemented ongoing cloud based measured phishing awareness campaigns, serving 77,000 UW faculty and staff, across all campuses.

2015 : 2019

University of Wisconsin System

Chief Information Security Officer (CISO)

• Provided SME advisory services to enhance enterprise cybersecurity readiness using the FFIEC Cybersecurity Assessment Toolkit.

• Assessed cybersecurity inherent risk profile and maturity of technical, administrative, and physical controls.

• Developed a control crosswalk document aligned with NIST 800-53 control families.

• Produced a gap analysis and roadmap of next steps to bridge current state to desired level of maturity.

• Produced due diligence evaluation reports on third-party subservice providers.

• Presented current state of cybersecurity to the bank’s Board of Directors.

• Developed cybersecurity maturity action development plan, including new technology deployments, risk mitigation activities, and supporting policies and procedures development.

• Created and delivered in-person information security awareness and compliance training to all employees.

• Performed a comprehensive hardware and software inventory of the bank’s IT assets, including asset risk assignment.

• Developed, populated, and managed a comprehensive online hardware and software asset inventory tracking system for the bank.

• Compiled a complete set of information security policies in support of the bank’s information security program.

• Acted as the bank’s information security representative, during its annual audit exam from the State of Wisconsin Department of Financial Institutions.

2020 : 2021

Home Savings Bank

FFIEC Cybersecurity Compliance Advisor

• Served as contracted external subject matter expert in information security, evaluating and monitoring European Commission Horizon 2020 and Horizon Europe funded projects.

• Conducted independent written evaluations of MSCA-ITN projects.

• Served as Project Monitor, tracking the progress of funded projects and ensuring that they met their objectives.

• Reported on progress to the European Commission.

2018 : 2021

European Commission

Contracted Expert, H2020 and Horizon Europe Programs
Company: UW Health
Years of Experience: 20
Spoken Language: English, French

Skills

Auditing, Authentication, Authentication Systems, being a good guy, Belgium, CISA, CISO, CISSP, cloud computing, Cloud security, Computer Security, Consulting, Cyber-security, Cyber espionage, Digital Signatures, Disk Encryption, Email Encryption, Encryption, Encryption Software, FERPA, FISMA, french, gdpr, HIPAA, information assurance, Information Security, Information Security Awareness, Information Security Consultancy, Information Security Governance, Information Security Standards, Information Technology, IT Audit, Multi-factor Authentication, Network Security, niacap, NIST 800-53, PCI DSS, PCI Standards, Physical Security, PKI, Ransomware, risk management, RSA Security, Sarbanes-Oxley, Secure Authentication, secure email, Security Audits, Security Clearance, SOX, Two-factor Authentication, mba, Windows, Entrust PKI, RSA SecurID, RSA Tokens, RSA Ace Server, vasco digipass, Authentication Protocols, Data Modeling, Two-factor, Multi-factor

About

A highly experienced and accomplished cybersecurity professional with a demonstrated track record of success in leading and managing large-scale cybersecurity programs. Proven ability to establish and maintain the enterprise vision, strategy, and program to ensure the confidentiality, integrity, and availability of all information assets and supporting technologies. Expertise in identifying, developing, implementing, and maintaining processes across the organization to reduce information technology risks, manage incident response, and establish appropriate standards and controls. Proactive identification and mitigation of cybersecurity threats using threat intelligence, security analytics, and machine learning. Demonstrated ability to align the cybersecurity program with corporate objectives and compliance requirements, such as HIPAA, PCI DSS, and NIST 800-53. Strong leadership and communication skills, with the ability to build and motivate high-performing teams. Passionate about promoting a culture of security awareness and compliance throughout the organization. CISSP, CISA, CCSP, CRISC, and HCISPP certified.