Candidate Information Name Available: Register for Free Title Security Specialist Compliance Analyst Target Location US-DC-Washington Email Available with paid plan Phone Available with paid plan	20,000+ Fresh Resumes Monthly     View Phone Numbers     Receive Resume E-mail Alerts     Post Jobs Free     Link your Free Jobs Page     ... and much more Register on Jobvertise Free
Search 2 million Resumes Keywords: City or Zip:	Related Resumes Security Specialist Team Lead Upper Marlboro, MD Security Clearance Specialist Fredericksburg, VA Security Clearance Specialist Upper Marlboro, MD Security Associate Specialist Greenbelt, MD IT Security Specialist Silver Spring, MD Security Officer Special Education Annandale, VA Compliance Specialist Audit Manager Lanham, MD

Candidate's Name  (Roger)EMAIL AVAILABLE PHONE NUMBER AVAILABLELinkedIn: https://LINKEDIN LINK AVAILABLE SUMMARY:Professional with 7 years plus of experience in Information Security Management, Compliance, and Third- Party risk assessment. Responsible for implementing, maintaining, and improving policies, procedures, and internal controls to assure compliance with applicable regulatory and legal requirements as well as industry best practices. Leverage multiple industry frameworks and regulatory standards including ISO 27001, NIST 800-53, NIST CSF, GDPR, PCI-DSS, HIPPA, etc. Setting up procedures and guidelines for implementing, monitoring, reviewing, and continually improving risk management. Outstanding organizational and problem-solving ability with a strong Cybersecurity Technology background. Excellent written communication and documentation skills. Dependable, resourceful, and a team player. PROFESSIONAL EXPERIENCE11 / 2020 to Present: Alutiiq Advanced Security Solutions Information Security Specialist.Duties:Experience implementing ISO/IEC 27001: (the leading ISO standard for information security management); Ability to effectively present to executive management, IT security risk assessment ad risk mitigation based on a cost-effective approach;Clearly communicate threats, vulnerabilities, and risk information to executive management;Identifying, prioritizing, and classifying information security risks using ISO 27001 standard methodologies; Establishing assets identification and evaluation using quantitative and qualitative assessment methods involving stakeholders;Manage all security systems and their corresponding or associated software including firewalls, intrusion Detection systems, cryptography systems, and anti-virus software;Conduct user access reviews to ensure that users access rights to the organizations information system are authorized and appropriate; Monitor changes to System configurations to stay informed about any deviations from normal benchmarks, which could pose a security risk.Routinely perform security self-assessments of the company environment;General knowledge of IT environment, information security, privacy, threat, and vulnerability management; conduct compliance and vulnerability assessment;Use both automated method and manual to identify, assess and report security risks.Collaborate with information technology staff to design and implement disaster recovery plans for operating systems, databases, networks, Servers, and software applications with an emphasis on security;Providing thoughtful ideas for process improvement and enhancement,Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, and the development of new attacks 05 / 2014 to 06 / 2020 DC / DOC3rd Party Risk ManagementCorporate Risk and Compliance AnalystDuties:Participate in key phases of vendor lifecycles from pre-onboarding to offboarding of vendorsResponsible for identifying, assessing, mitigating, and monitoring 3rd partys inherent risks / Provide management with Risk assessment report for onboarding processes;Conduct detailed vendor risk assessments, working closely with key partners, to identify and evaluate risks before establishing or continuing operations with third-party vendors;Coordinate and collaborate with stakeholders to identify and communicate risk from third- party relationships, and drive related mitigationsAccurately determine the risk rating with qualifications based on the potential impact and likelihood;Track findings that arise during vendor onboarding, assess resulting risks, and collaborate with stakeholders to drive mitigation to acceptable levelsFollow up with Client stakeholders on the completion of outstanding Due Diligence Questionnaires;Respond to emerging threats by coordinating with vendors to understand supply chain impact.Use a risk-based approach to conduct a reassessment of vendors periodically and monitor third-party vendors security practices and compliance with contractual obligations.Partner with Procurement and Legal in the contract-negotiation process is vital to ensure appropriate security obligations are incorporated in vendor agreement/contract.Develop and maintain high-quality risk assessment documentation covering findings, risk statements, risk ratings, justifications, and recommendations in the Splunk GRC tool and risk register;Provide sufficient information to risk owners and vendors in the development of treatment plans for the effective management of risk. Monitor the execution of risk treatment(s) and evaluate the residual risk;Manage multiple projects at one time: meeting deadlines and expectations. Cybersecurity Skills:Microsoft Security, Linux Security, DLP solutions implementation, Vulnerability scanning(Nessus), Firewall and Encryption, Incident Response, and business contingency planning EDUCATION:2020 - 2021 American UniversityAdvanced Cybersecurity Professional Certificate2004 - 2005 New York City College of TechnologyComputer Engineering1992 - 1996 University of LomB.S.: Computer Science and Mathematics.CERTIFICATIONSSecurity+ SY0-60103 -14  2022 : Certified Information Systems Security Professional