Profiles search

Uriel Mcmillan

Senior Cloud Information Security Engineer at NICE Ltd
Seattle, WA, United States

Details

Education: Masters of Science in Security Technologies

Security Technologies

University of Minnesota

2012 : 2013

Bachelor of Applied Science in Information Assurance

Computer and Information Systems Security/Information Assurance

Metropolitan State University

2009 : 2011

Diploma in Information Assurance

Computer and Information Systems Security/Information Assurance

Minneapolis Community and Technical College

2009 : 2010
Experience: Manage the compliance programs and projects for HIPAA, ISO 27001, PCI DSS, and SOC 2 Type II with all 5 Trust Services Criteria and HITRUST controls.

Manage multiple successful annual on-site client and industry audits and risk assessments on time and on budget. This includes client/auditor relationships, preparation, evidence gathering, interviews, and remediation of issues.

Moved to Service Now GRC from spreadsheets, including UCF-CCH integration for Authority Documents.

Serve as a compliance and security subject matter expert for all relevant client requirements and control frameworks, including PCI, SOC2, HIPAA, CCPA and GDPR, through various means including analyzing current and future requirements and architectures, and contributing to various IT/SDLC projects.

Follow security, compliance, and technology best practices and trends and make recommendations on actions that should to be taken to take advantage of, or reduce the impact of, these trends.

Respond to risk assessments and security evaluations for both current clients and client sales leads.

Perform annual risk assessments and compliance plans which are reviewed and approved by the Security Steering Committee.

Manage, create, and contribute to information security policies, standards, and procedures.

Manage and foster excellent relationships with external auditors, internal subject matter experts (SMEs), and IT, Operations, Development, and Business managers and other internal key business partners.

Manage compliance program communications, including collaborating with internal teams, raising visibility of issues or potential helpful initiatives to Information Security Management, corporate newsletter contributor, and recommend company wide notifications about relevant security issues found in the wild.

Manage the annual security awareness, secure development, and HIPAA trainings.

Am a security and compliance advocate within the organization.

2018 : Present

NICE Ltd

Senior Cloud Information Security Engineer

Manage the compliance programs and projects for HIPAA, ISO 27001, NIST, PCI DSS, and SSAE-16.

Manage multiple successful annual on-site client and industry audits and risk assessments. This includes the relationship with the client/auditor, preparation, deliverables, interviews, and remediation of issues.

Serve as a compliance and security subject matter expert for all relevant client requirements and control frameworks, including PCI, SOC2 and HIPAA, through various means including analyzing current and future requirements and architectures, and contributing in various IT project meetings.

Follow security, compliance, and technology best practices and trends and make recommendations on actions that should to be taken to take advantage of, or reduce the impact of, these trends.

Respond to risk assessments and security evaluations for both current clients and client sales leads.

Perform annual risk assessments and compliance plans which are reviewed and approved by the Security Steering Committee, and perform risk assessments for new software.

Manage, create, and contribute to information security policies, standards, and procedures.

Manage and foster excellent relationships with external auditors, internal subject matter experts (SMEs), and IT, Operations, Development, and Business managers and other internal key business partners.

Manage compliance program communications, including collaborating with internal teams, raising visibility of issues or potential helpful initiatives to Information Security Management, corporate newsletter contributor, and recommend company wide notifications about relevant security issues found in the wild.

Manage the annual security awareness, secure development, and HIPAA trainings.

Advocate across teams for security and compliance.

2016 : 2018

Mattersight Corporation

Director of Compliance

Own Audit and Compliance functions, including internal and external audits, client requests for information, risk assessments, and working with teams to ensure industry standards and regulatory compliance.

Managed and coordinated the successful external GAP Analysis for ISO 27001, SOC2, and PCIv3.

Combined the PCIv3 and SSAE-16 SOC2 external audits, reducing direct and indirect costs of audits.

2014 : 2016

Mattersight Corporation

Senior Information Security Auditor

Own Audit and Compliance functions, including internal and external audits, client requests for information, risk assessments, and working with teams to ensure industry standards and regulatory compliance.

2011 : 2014

Mattersight Corporation

Information Security Auditor

Audit and Compliance Administration : Managed, administered, and performed audit support activities.

Access / Identity Management : Managed, configured, and administered the identity management system.

Centralized Logging Administration : Administered the QRadar system including alert review / response.

Documentation Management : Managed the annual review of all policies, standards, and procedures.

Physical Security Management : Managed, configured, and administered physical security systems.

Public Key Infrastructure (PKI) Support : Certificate revocation and Certificate Revocation Lists (CRLs).

2010 : 2012

Mattersight Corporation

Information Security Engineer
Company: NICE Ltd
Years of Experience: 30

Skills

Agile Methodologies, Business Strategy, Cloud Security, Communication, Compliance Management, Computer Security, Cyber-security, Data Privacy, Data Security, Disaster Recovery, Diversity & Inclusion, Employee Learning & Development, Employee Training, General Data Protection Regulation (GDPR), Human Resources (HR), Information Security, Information Security Governance, Information Security Management, ISO 27001, Microsoft 365, Network Security, Organizational Culture, Organizational Leadership, PCI DSS, People Development, Physical Security, Privacy Issues, Project Management, Quality Assurance, Risk Assessment, SDLC, Security, Security Audits, Security Management, Security Policy, SharePoint, software development life cycle (sdlc), Software Quality Assurance, SQL, SSAE 16, Staff Development, Standards Compliance, Threat & Vulnerability Management, Training & Development, Unix, Vulnerability Assessment, Windows, Workplace Relations, Test Planning, Test Automation, Manual Testing, Troubleshooting, Red Teaming, Software Quality, Threat & Vulnerability, Penetration Testing, Integration

About

Experienced professional with over twenty years in the technology sector and ten years in Information Security and Compliance. Combines deep industry knowledge about control frameworks and requirements with experience managing important compliance programs to protect information and assets, and prove it. Team oriented individual contributor who excels at working with both internal and external technical and business stakeholders to achieve security and compliance goals. I wake up every day energized knowing that I am doing my part to protect people and organizations from malicious adversaries.