| 20,000+ Fresh Resumes Monthly | |
|
|
| | Click here or scroll down to respond to this candidateCandidate's Name
Cumming, GA Street Address
PHONE NUMBER AVAILABLEEMAIL AVAILABLEhttp://LINKEDIN LINK AVAILABLEVALUE SUMMARYExperienced problem-solving liaison for cybersecurity technical development & the business to ensure cybersecurity principles, processes & methods are implemented to protect business data. Ability to address business interpretation of compliance security directives to ensure both business needs & information security technical solutions are implemented to meet federal directives & support compliance audit functions. Ensure security standards & policies are applied & continue meeting business needs for profitability. Proven strong professional interpersonal & leadership skills, including the ability to communicate concepts to both technical & non-technical users & groups. Maintain a fundamental understanding of Identity & Access Management security standards & ability to apply risk management principles to all aspects of the business.Key SkillsCybersecurity Projects in regulated industries, finance & healthcare industries, compliance efforts & understanding of governance requirements & guidelinesUse cases, Functional Requirements, Non-functional Requirements, Reporting Requirements, process diagrams, context diagrams, current state & future state process flow diagrams, logical/physical diagramsProcedures, processes (as-is & to-be), user help documents, training, segregation of duties for entitlements, SOX, SOC2 & 3, PKIStrong facilitation, oral & written communication skills with all levels of an organization,Self-motivation & self-starter, curious, eager to learn new technologies & work in a dynamic team environmentFinancial services background & understandingTechnicalSolid understanding of computing environment, systems concepts, enterprise web applications design, security concepts, database design, data schema, data integration, data mapping, QA testing, test plans, test cases, scripts, CSV templates, UAT development & coordination, defects management & tracking.oIdentity access management - user authentication & access management in an integrated environment including mergers.oData integration of web applications with backend databases, legacy systems, & third-party integrations to meet compliance requirements of Sarbanes-Oxley SOX & BSA FinCEN, including HIPPA compliance for database design, records, retention, retrieval, & BI reporting.Full lifecycle project experience Agile/Scrum sprints, backlog grooming, scoped, planned, gathered, developed, coordinated, & managed business requirements for various projects & systems from the initial project planning & scoping, requirements gathering with multiple business units, through all phases of testing (QA & UAT), systems implementation & post-implementation support.Cybersecurity projects - Identity & access management (IAM), Identity Governance & Administration (IGA) for users & elevated access entitlements. Includes Role Based Access Control (RBAC), Privileged Access Management (PAM), worked with LDAP & Azure AD for access groups, nested groups, etc., migration to Oracle Identity Management (OIM), Sailpoint IdentityIQ, & CyberArk Vaults.Strong technical understanding of financial services regulatory environment, with a focus on Cybersecurity Risk for the last 8 years.Strong problem solving, root cause analysis, & associated solution implementation to address risk issues & compliance.Rapid adaptability to new technologies, processes, procedures & applications.CommunicationsInteractions with all levels of an organization to affect change & achieve project & business goal success, interacted with users, application owners, vendors, & clients for full life cycle of projects throughout concept, development, implementation, & production support. Experience leading & directing work with both internal & external partners in a highly collaborative environment.Customer business processes & requirements. Business process modeling for redesign with process automation & decision solutions. Excellent attention to detail & excellent organizational skills.Provided user support & coordinated resolution of issues including change management processing, root cause analysis, escalation & communications of issues through to resolution. Provided user acceptance testing & training.Presentation & communication skills, interacting with all levels of employees & clients.PROFESSIONAL EXPERIENCESR SECURITY ANALYST CONSULTANTRandstad Corporation (Contractor for McKesson Corporation)Teleworking05/2023 PresentRepresentative of BISO (Business Information Security Office) team working on the following:Extremely aged outstanding risk Items to resolve audit issue findings:.oKnowledge of all facets of cybersecurity to address.oLiaison with the various business groups to address cybersecurity risksPlanning & design efforts to remediate BISO project implementation.Used extensive knowledge of cybersecurity to determine solutions and custom design needsConducted comprehensive security survey assessments with all facets of Security to create an overall informative documents to share security information for non-security application owners & operations managers. Effort identified security risks to infrastructure, applications, and data. Developed strategies to mitigate these risks.Worked as a liaison between the Penetration Testing & Security Operations team efforts to ensure that Applications Performance Management (APM) standards were successfully implemented to remedy documented audit issues.Liaison worked through gaps in security processes post-implementation of pharmacy floor processing to the maintenance of same with Production Operations. Brought the parties together and pressed them past the verbal communications to the concrete, workable documentation to move the necessary responsibility forward to close the security gaps discovered.Tracking the lifecycle of vulnerabilities ensuring remediation by accountable IT Teams, coordinating cross-functional teams & communications, facilitating efforts, utilizing experience in cybersecurity & software development to resolve issues.Led sub-BUs in engagements to plan, facilitate & remediate security issues across McKessons CoverMyMeds Business Units. Collaborated & coordinated with the security engineers & application owners to bring application security to compliance and close out critical & high security issues from HIPAA audits, SOX audits, security audits, etc.Managed the capture of CMDB information into the OneTrust and LeanIX tools used by all IT Operations.JOBSEEKER FROM 10/2022 05/20231.Self-taught Sailpoint User Administration tutorials to supplement the previous experience with Sailpoint and enhance user requirements.2.Began tutorials to learn the full capabilities of CyberArk administration.3.Working through International Information Systems Security Consortium (ISC) Systems Security Certified Practitioner (SSCP) training to obtain certification.SR SECURITY ANALYST CONSULTANTExperis Corporation (Contractor for Wells Fargo Bank)Teleworking04/2022 10/2022Member of Commercial Banking Risk Portfolio project to determine user access & entitlements for Policy & Procedures for Segregation of Duties for hundreds of applications.Worked with applications & application owners to determine whether there were toxic combinations or remediation needed.Support the risk identification, assessment, measurement, monitoring, mitigation & reporting of operational risk for Commercial Banking applications & processes Gained a working understanding of key processes, requirements applying governance policy across entitlements grants for application users (including Privileged Access Management segregation). Performed analysis, documentation, monitoring & reporting of Segregation of Duties efforts ending Toxic Combinations (via audit with tools such as Sailpoint). Built partnerships within Commercial Banking to ensure that the risk governance requirements were met. Monitored & reported on risks & issues. Documented playbook procedures to investigate survey responses to determine whether compliance was met or further remediation needed.SR CYBERSECURITY ANALYST / PRIVILEGED ACCESS MANAGEMENTMatlen Silver (Contractor for Fiserv Corporation)Teleworking09/27/2021 03/04/2022Migration team to implement CyberArk to combine disparate directory systems from corporate mergers & acquisitions.Member of Privileged Access Management team migrating applications & servers from Centrify to CyberArk PSM, OPM, for all merged Fiserv & First Data systems. Fulfilled audit requirements to establish access controls & monitoring for privileged access users as a financial services provider for global corporations. Provided policy guidance, advice and direction for implementing policies, standards, and IT controls for IAM. Documented system requirements for IAM, interfaces, performance KPIs, business rules.Gathered & aggregated identity data from a variety of different sources such as LDAP directories, databases, applications, and web services. Performed data analysis for Azure AD groups, users & applications for coordination of migrations to the CyberArk Vault platform. Guided application owners, network system owners, & others on security requirements & protocols during development & implementation of these migrations.Researched users & permissions for non-AD users with custom solutions for UNIX/Linux applications to implement Cyberark OPM tool to capture & manage the privileged access users with solutions needed to obtain compliance. Combined data to create pooled accounts for multiple users to be able to self-administrate their UNIX/Linux environments. Uploaded data to CyberArk via PowerShell scripting. Used Sailpoint IdentityIQ to crosscheck that information was correctly reflected in setup & reporting.Designed onboarding adoption processes for all servers/applications that were not on Centrify Privileged Access prior to our efforts, creating intake forms & collaboration tools to gather this information from the applications & servers to bring them into compliance. Included processes, task lists, analysis field gathering, testing, user setup for access, dashboard creation for users to see progression.CYBERSECURITY ANALYSTMastech Digital (Contractor for Accenture Corporation)Teleworking 100%03/18/2021 08/31/2021Applied solid Identity Access Management experience with sound understanding of project delivery processes to support companywide global initiative to migrate all applications roles & entitlements into a centralized identity governance and administration (IGA) center supporting IAM & risk management initiativesCreated cybersecurity process improvements for 1400 Applications Security roles & entitlements for internally used applications, including third party vendor apps, OOB, B2C (client-purchased Accenture applications) to manage identity via Azure AD & Sailpoint IdentityIQ.Implemented processes to ensure that application user entitlements data properly accepted into Sailpoint IdentityIQ system for the internal management of application & data security. Established Entitlements Reporting via requirements development for reporting results to the application owners.Designed comprehensive user stories for implementing new automation of application user roles & entitlements (including third party application integration) & repeated data submission to Sailpoint..Liaised with the IT Infrastructure team & Technical Architecture Analysts to integrate security requirements into core infrastructure practices with defined requirements for standard practices & tools to create & manage identities & access controls.Developed relevant documentation for secure user entitlement process flows so that Operations could assume this responsibility seamlessly after full project implementation.Measured & monitored progress at clearly defined points in the applications reporting process to ensure that assessment deliverables were on-time & reported accurate information.CYBERSECURITY BUSINESS ANALYST / INTEGRATION STRATEGISTThe Select Group (Contractor for Truist Bank)Teleworking 100%12/9/2019 12/31/2020Strategist working on the Identity & Access Management team to migrate applications to the Oracle OIM platform for regular, periodic cybersecurity attestation & certification of user roles & privileges. Effort performed to address a Federally identified deficiency for BB&Ts applications & expanded to include SunTrust Bank applications with the merger into Truist Bank.Conducted meetings & negotiations with applications business managers & technical managers to determine & manage application migrations into the standardized platform (Sailpoint IdentityIQ) to manage all user access rights & privileges certifications (Azure AD). Documented requirements for risk management to combine applications & user access roles & privileges, third party-supported applications, so that continuity could continue after the merger.Scheduled & conducted discovery meetings to determine current roles & privileges environment to assess migration needs into OIM.Served as the applications liaisons to identify issues.Compliance/governance efforts for audit documentation/traceability efforts to ensure that all previous applications already migrated to Oracle OIM had properly documented the process & audit trail required to obtain Federal oversight approval by the due date. Performed Operational Readiness audits to ensure that all applications complied with the standards for the new Truist standards for IAM.Sr. SECURITY BUSINESS ANALYST / CYBERSECURITYHireVergence (Contractor for Equifax Corporation)Alpharetta, GA11/2018 08/2019Project team member for complex security projects to implement best-in-class security solutions that ensure the data integrity and privacy of the technology systems.Project efforts in an Agile/Scrum environment; Jira/Confluence tools for tasks, sprints, requirements, security guidance & process/procedure documents for Global Security Architects & other IT teams to integrate & implement applications & network security tools to protect Equifax systems.Capture assessment of complexity for design requests, & development/management of cybersecurity requirements for various needs (IAM, PAM, RBAC, cloud, encryption). Worked with architects to determine remediation efforts to protect from future data breaches. This included efforts to capture logging from the myriad of applications & ensure that data was secured & inaccessible to criminal activities.Conversion from Microsoft applications environment to G-Suite & AWS (cloud), GCP (cloud) environment.Represented the business units interests to determine cybersecurity impacts to other applications to preserve business continuity & functionality.oSolutions requirements for secure file transfer & encrypted email using G-Suite including encryption requirements (Voltage to Symantec) & migration of Access Manager (Sailpoint) to Bluebird (Cloud). Interviewed business units & users to determine if custom development was needed to integrate with G-Suite, after finding that there would be critical impact to the business. Raised the criticality of this discovery so that remediation could be affected to provide the encryption functionality lost due to incompatibility with G-Suite. .Vendor capability vetting for Cloud Computing conversion to select the best Cloud Access Security Broker for the environment for implementation of in-line protection & prevention from hacks & attacks. Vetting & analysis of vendors against environmental requirements to meet Equifax audit & remediations exacting standards for security of Equifax data both on-premises & in the cloud.Patching services documentation & repeatable standards implementation.Requirements & vetting of vendors for multifactor authentication & authorization of unmanaged access of BYOD & managed access of Equifax assets in various scenarios & access of data within the cloud.Business Analysis of requirements, level of effort & scoping for architects for other miscellaneous efforts including: vulnerability risk remediations, third party partnership security projects, CyberArk authentications & migration to cloud, Cloud guidance on containers CD/CI, cloud PAM.Sr. SECURITY BUSINESS ANALYST / CYBERSECURITYCompuGroup, Inc. (Contractor for Highmark Health Services)Remote04/2018 08/2018Short-term projects to remedy backlog of Identity Access Management (IAM) Roles & Entitlements Based Provisioning for Cybersecurity development projects for dedicated healthcare partner included IAM & PAM efforts.Provided Business Analysis & IAM liaison support for users of the new Medicare product.Assessed & provided high-level analysis for large, complex projects for new products to be marketed for IAM Cybersecurity.Projects included:oMDM implementing privileged access users, admins, & various types of user roles.oInfrastructure initiatives for IAM support & integration with partner systems (SAML, roles alignment, etc.).BUSINESS ANALYST / CYBERSECURITYDiversant, LLC (Contractor for E*Trade Financial)Alpharetta, GA08/2017 10/2017Short-term project for automation of Role Based Provisioning onboarding for new hires & transfers.Interfaced with various departments to gather information to streamline roles & groupings of company personnel for application entitlements access.Sr. BUSINESS ANALYST, ACCESS MANAGEMENT / CYBERSECURITYPrinciple Solutions Group (Contractor for SunTrust Robinson Humphrey)Buckhead, GA05/2017 08/2017Access management Cybersecurity project for Compliance & Audit to determine access for network folder cybersecurityDetermined group authorization rights & permissionAssessed risk profiles mandated by the SECMonitored cybersecurity access to applications with investment information for clientsDetermined business rules for individual roles entitlements & attributes least privilege accessSetup application model to track history of access to proprietary filesCYBERSECURITY & COMPLIANCE ANALYST / BUSINESS ENGAGEMENTKForce Corporation (Contractor for Kaiser Permanente Corporation)01/2016 -- 04/2017Member of team providing cybersecurity solutions requirements & complex analysis for identity access & authorization security,Created processes & requirements for new cutting-edge user tolls & solutions, aligned solutions with governmental & corporate standards, identifying risks, & access validation for existing & new devices to login within a healthcare environment. Analyzed data requirements & processes for groups, roles, & data required for elevated access of database admins of the Oracle Enterprise Directory.Communications liaison for all business engagement communications, including setting up user acceptance testing, managing timelines & announcements, production release planning with applications impacted, liaison for all applications to interact with identity access management development changes.IG&AM (Identity Governance & Access Management) Cybersecurity projects for Kaiser Permanente including:Project Planning estimation, level of effort assessments for IG&AM projectsProject Execution of all effort requirements, user acceptance testing, problem/defect reporting, implementation teamIdentity & Access Management Projects during Contract Period:Infrastructure changes for migration of OIM 10g to 11gR2 PS3oOUD integration with AD & EDSingle Sign-on framework, including implementing Risk Based Access Management (RBAM) for multifactor authenticationsoConvergence of all user typesoAdaptation for non-conforming applications to capture user login data silently (such as device IP)oAccommodation for applications that stored & operated via Cloud AWSoFederated single sign-on for AffiliatesoPassword replacement product analysis for mobile authentications & capabilitiesoBYOD Proof of Concept research for Swype, PingID, tap cardsEnterprise Directory migration to centralized DBAM (Database Access Management)oRequirements development for administration of groups & roles across divergent applicationsoAdministrator password authentications for EUS (Enterprise User Security)PCI compliance for password expirations & modification to user experience for complianceMigration of non-SSL to SSL connections for security compliance effortSHA 1 to SSHA-512 upgrades for all password hashing for security compliance effortEffort to capture device IP for tracking. login assessment & enterprise access information capturePrivileged Account Security - requirements for privileged account security administration via CyberArkWorked with the CMDB to add records, add fields required to support cybersecurityTesting of applications for APM to determine system performance, response times, throughput, communication of the integrated systems for processing of orders.SR. BUSINESS ANALYSTOptomi, LLC (Contactor for Recall Corporation, now Iron Mountain)Norcross, GA07/2015 to 11/2015Actively involved in PMO project efforts that required supplementation of a Senior-level BA able to be inserted into any project in progress & provided any project effort necessary, for both Agile & waterfall project efforts simultaneously for implementing & customizing Warehouse Management Systems & Salesforce custom applications. Participated in Operational Readiness to support the Production release of all Recall software deployed to ensure that all compliance controls were met.Coordination of defects for BPM tools implementation in international call centers in Malaysia & Singapore. Communications coordination with all global locations for user acceptance testing & defect triage, coordinated changes, retesting, & liaison for assistance. Interactions included language translations & communications with other time zones the world over.LEAD BUSINESS ANALYST, IAM Security Services / CybersecuritySunTrust Banks (Employee)Atlanta, GA01/2014 02/2015Identity & Access Management (IAM) business systems analysis for complex migrations & integrations to Oracle OAM/OIM 11g for external/client logins & secure connections by understanding IAM principles & guiding streamlining efforts to support development. Gathered & created requirements for Risk-based access (RBAC) multi-factor RSA authentication through SAML in the headers & APIs, including interfaces with online applications, desktop, IVR & mobile applications.Project collaborations with multiple cross-functional teams from the various lines of business to integrate the client-facing applications to a single sign-on platform for a better client user experience with the bank & its various subsidiaries for user one-stop access to all their accounts. This also included interfaces via SAML to third parties, such as rewards & bill payments services to provide seamless access to the clients. Ensured access & security governance principles were applied throughout the development efforts.RequirementsProvided coordinated business analysis for cross-stream Identity & Access Management projects that integrated with online banking applications, requirements gathering & guidance for business understanding & coordination with application calls to IAM APIs, providing overall security synergy between different online client-facing applications for user authentication functionality & management.Implementation of security solutions with emphasis on user authentication security guidelines, & internal administration of Role-Based Access Control (RBAC), such as, enterprise class identity management, converging multiple systems of provisioning rules, decision rights, policies & entitlement accountabilities for roles-based access management & understanding of privileged accounts & segregation of duties, & audit compliance.Gathered & documented use cases for the management of privileged accounts, created CSV templates for datafeedsAnalysis of corporate information security risk documents & an understanding of security risks with various user channels & methods to access accounts.Investigated regulatory compliance requirements, including disaster recovery standards & login data storage requirements (logins/logouts, failed logins, attribute changes, SOX regulations, etc.)TestingAssistance with testing team for user authentication processes via APIs to ensure a single sign-on transparency for the client logon experience.LEAD BUSINESS ANALYST, Fraud Applications SMESunTrust Banks (Employee)Atlanta, GA12/2010 12/2013SR. BUSINESS ANALYST, Fraud ApplicationsModis Corporation (Contractor for SunTrust Banks)03/2010 - 12/2010Provided Business Analysis, UI & functional design, decision matrices, efforts planning, & training for multiple implementations (waterfall, iterative, agile), performing as a liaison for multiple fraud investigation business units (Anti-Money Laundering, Enterprise Fraud Management & Corporate Security), the software/process flow development team (Pegasystems developers) & DB2 DBA's. Worked with DBAs on BI data design, data mapping, data definition tables, & BI reports. The solution was a heavily customized fraud management application which incorporated business process automation for fraud/suspicious activity documentation & processing, including e-filing of qualifying fraudulent activity with the Federal government, including preventing the willful destruction of evidence for Federal investigations (SOX compliance). Participated in Operational Readiness to support all Production release of the CSI & associated applications software deployed to ensure that all compliance controls were met including FinCEN & BSA requirements.APPLICATIONS EXPERIENCEGoogle Applications: G-mail, Sheets, G-Drive, CloudJIRA: Agile development tasks, project backlog capture & groomingConfluence: Documentation, Process, How to , Project RepositoryRally: Used for project management & documentationAmazon Web Services (AWS)Microsoft:MS360, Azure AD, MS Office, MS Project, MS Outlook, MS Visio, Windows 7 & 8, 10, SharePoint, MS Word, MS Excel, MS Access, MS Lync, MSTeams, AD (Access Directory), SkypeSailpoint: IdentityIQ, Identity Security Platform, OneTrustMiscellaneous:CMDBOneTrustLeanIXHP Application Lifecycle Management (ALM) formerly Quality CenterPegasystems PRPC, BPM tools (completed Pegasystems Business Architect training)PowerShellSailpointSalesforceSQLSOA (Web Services, APIs, IAM)Splunk FundamentalsVaronis DatAdvantageOracle Applications & Database Development:Identity Management - OIM, Access Management (OAM, API Gateway)Enterprise Directory (ED), Active Directory (AD)BEA Aqualogic (Plumtree) content management systemE-Business Suite including Oracle 1Q2221i PA, FA, INV, BOM, AP, PO, CRM, ECC, FI, LO, SD, MDM applications for customization projectsPrimavera Enterprise Project Portfolio ManagementExperienced with these practices:SDLC & Agile/Scrum, AgileSAFE Product Owner, Iterative, Continuous Development, Change Management, Waterfall methodologiesSarbanes-Oxley (SOX), HIPAA policies & proceduresBank Secrecy Act (BSA) Patriot Act for AMLProcess modeling (BPM) / dataflow diagrams / data schemas / data integration / XML / SOAUML (use case structuring), user storiesScrum, Product Backlog Items, SprintsRelational database / Object-oriented concepts / data developmentIdentity & Access Management, Identity Governance & Access Management authentication & authorizationEDUCATIONBachelor of Science in Information Technology, University of Phoenix, 12/2004Honors: Summa cum laudeAssociate of Arts, Business Administration, Florida State College, JacksonvillePROFESSIONALMember, IIBA (International Institute of Business Analysis) |