| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
EMAIL AVAILABLE PHONE NUMBER AVAILABLELINKEDIN LINK AVAILABLESummaryPROFILE SUMMARYHighly skilled IT Controls Specialist with a strong background in IT General Controls, SAP, Audits, Policies, procedures and Risk Management. Proficiency in managing email security, data loss prevention (DLP), and content proxy tools. Expertise in enhancing IT processes to ensure regulatory compliance and standards such as HIPPA, ISO27001, PCI and SOX and work with internal audit staff to conduct regular tests and audits. Combining technical expertise with governance, I am dedicated to promoting effective risk management practices within the organization.ExperienceInformation Security AnalystGraingerFeb 2023 - Jul 2023 (6 months)Assist with implementing the information security strategy for the Grainger subsidiaries, Collaborate with global subsidiary teams to ensure appropriate solution design and architecture, project planning, schedule, and delivery.Support global cybersecurity projects, ISO 27001, PCI DSS and NIST. Collaborate with cross-teams at Grainger and Graingers global subsidiaries, such as enterprise security, technology, portfolio management, legal, privacy, corporate functions, and suppliers/vendors. Develop monitoring metrics and dashboards for teams and senior management measuring progress and risk mitigation for services delivered.Maintain governance findings data within GRC tool such as OneTrust. Information Security AnalystMilDEENG SystemsMar 2021 - Jan 2023 (1 year 11 months)Gather, integrate, and provide for reporting of relevant and credible information indicative of a potential or actual insider threat to deter employees from becoming insider threats; detecting insiders who pose a risk to classified information; and mitigating the risk of an insider threat.Collects, reviews, interprets, correlates, and analyzes employee-related data to identify behaviors indicative of an insider threat utilizing a variety of classified and unclassified databases.Perform project planning and scheduling, manage tasks, and coordinate project resources to meet objectives and timelines.Making sure the organization complies with security frameworks (eg FedRAMP, ISO 27001, CMMC, NIST 800-171 CUI).Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures and standards in order to validate maintenance of secure configurations. Track enterprise compliance across multiple security frameworks including ISO 27001, NIST and FISMA and maintain up-to-date records of requirements and corresponding mitigating controls.Monitor third-party risk assessments and assist in performing internal risk assessments. Candidate's Name - page 1Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.Monitor organization change management process to ensure compliance.Develop key performance metrics to track and ensure compliance with established policies and standardsCompliance AnalystCrowdStrikeAug 2019 - Aug 2020 (1 year 1 month)(1 year 1 month)Support development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained.Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance group.Plan, execute and lead security audits across an organization related to SOC, ISO 27001 and other compliance initiativesHighlighting shortcomings in the operation of platform security and compliance processes ensuring they are appropriately addressedCoordinate efforts for internal and external auditsUsing existing firm policies and standards, and applicable industry regulations to plan, maintain, and operate compliance activitiesDevelops, reviews, prepares and analyzes compliance and assessment documentsConduct periodic reviews/audits of systems to insure adherence to current procedures and policies by all areas within the firmWork with business units and IT support staff to design remediation where deficiencies are identifiedPerform vulnerability assessments and develop related mitigation strategiesWork with outside consultants as appropriate for independent security audits and/or testing NetskopeCompliance AnalystNetskopeJan 2018 - Jul 2019 (1 year 7 months)Perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategiesValidate and verifies system security requirements definitions and analysis and establishes system security designsDesign, develops, implements and/or integrates IA and security systems and system components including those for networking, computing, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements.Implement and align the Information Security program within companys policies and procedures to protect confidentiality, integrity, and availability of corporate data and resources.Research, evaluate, and recommend security solutions and practices to enhance the companys Information Security Program.Monitor, analyze, review, and respond to all related security incidents, risks, and threats to the organization.Conduct and review monthly vulnerability assessments and penetration tests on endpoints, applications, and network infrastructure to summarize the assessments, and recommend remediation. Candidate's Name - page 2Implement clear and actionable vulnerability remediation plans and collaborate with IT teams that are executing the remediation.Respond to cyber incidents and threat reports by providing insightful research and analysis.Interface with third party vendors that are responsible for delivering security services.Administer security awareness, cybersecurity training, and phishing exercises for all users.Perform vendor security assessments to identify potential security risks.Participate in the companys annual SOC 2 Type II audit.Manage IT Security service delivery by determining request priorities to ensure customer requests are triaged and resolved in an appropriate manner.EducationIllinois State UniversityInformation Technology/Bachelors, Telecom Management Skillsinformation security ISO 27001 Payment Card Industry Data Security Standard (PCI DSS) U.S. Health Insurance Portability and Accountability Act (HIPAA) FedRAMP FedRAMP SAP ERP SOX 404 TopDown Risk Assessments (TDRA) Auditing Policies & Procedures Candidate's Name - page 3 |
