| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Information Security Analyst GRC Specialist Third Party Risk AnalystPhone PHONE NUMBER AVAILABLEE-mail EMAIL AVAILABLELinkedIn LINKEDIN LINK AVAILABLEResults-driven and detail-oriented Information Security Analyst with a solid foundation in Governance, Risk, and Compliance (GRC) and specialized expertise in Third-Party Risk Management (TPRM). Armed with years of experience, I have a proven track record of developing and implementing robust security policies, procedures, and controls to fortify organizations against cyber threats. My adeptness encompasses ensuring compliance with diverse security frameworks, including HIPAA, PCI-DSS, TPRM, ISO 27001, SOX, and SOC. Committed to creating and maintaining resilient security postures through strategic risk mitigation and compliance measures.Technical Skills & ToolsAssessment and Authorization (A&A) NIST 800 Series Plan of Actions and Milestone (POAM) System Security Plan (SSP) System Assessment Report (SAR) Risk Analysis Risk Assessment Risk Control & Mitigation Security Life Cycle Threat Reports Contingency Planning Data Security Developing security plans Implementing security programs Wireshark Nmap Implementing security controls Nessus Software TPRM ISO 27001 PCI DSS Risk Management Framework (RMF) SOX HIPAA SSAE SIEM Monitoring iOS/OS platform security Mobile/tablet device security Penetration testing Ethical hacking Vulnerability assessment Network security Firewall management Encryption Access control and authentication Log management and monitoring Jira Confluence Mural Project Management Systems Risk Assessment Technical Writing Data Analysis Business Application User Support Performance Management Vulnerability Assessment SOC PrivacyOther Areas of Expertise:Risk Management and MitigationCompliance Management (HIPAA, PCI-DSS, TPRM, ISO 27001, SOX, SOC, COBIT)Third-Party Risk ManagementSecurity Policy Development and ImplementationSecurity Assessments and AuditsNIST Framework (800-53, 800-53A, 800-60, 800-30, 800-37, 800-171)FIPS Compliance (FIPS 199, FIPS 200)Information security policy and procedure developmentSecurity awareness trainingExcellent communication skillsInformation Security GovernanceGRC Automation Tools: RSA Archer, SAP GRC, MetricStream, ServiceNow GRC, Xacta, IBM OpenPagesDevelopment Methodologies: Waterfall, Scrum, Agile, IterativeOperating System: Windows win 7, 8, Vista, XP, 2000, UNIXMicrosoft Tools: MS Office (Excel, Word, Power Point), MS Visio, SharePoint, Teams, and MS ProjectsBrowsers: Internet Explorer 7,8, 9, Fire fox, Chrome, SafariWork History2020-01 - CurrentInformation Security AnalystTop Group Technologies, LLC, LARGOConducted regular assessments of third-party vendors and their security controls to identify potential vulnerabilities or weaknesses in their systems.Worked with vendors to ensure compliance with industry standards such as HIPAA, PCI-DSS, or ISO 27001.Developed and executed risk-based approaches to assess and monitor third-party vendors, including continuous monitoring and reporting of risks and issues.Conducted on-site assessments of third-party vendors' information security programs to ensure compliance with policies and procedures.Developed and implemented third-party risk management metrics and reports to provide insight into vendor risk exposure and trends.Maintained knowledge of industry standards and regulatory requirements to ensure compliance with vendor management practices.Collaborated with internal teams such as Legal, Procurement, and Information Security to ensure appropriate risk management controls were in place.Conducted due diligence assessments for mergers and acquisitions to assess third-party risks and compliance.Reduced incident response time by 30% through real-time monitoring, correlation, and automated alerting, resulting in faster detection and containment of security incidents.Improved threat detection capabilities by identifying and blocking 90% of malicious traffic, preventing potential data breaches and unauthorized access.2018-022020-01GRC Specialist Third Party Risk ManagementYahoo Inc ContractDeveloped and implemented IT GRC frameworks, policies, and procedures to ensure regulatory compliance and mitigate IT risks.Conducted comprehensive risk assessments and gap analyses to identify potential vulnerabilities and implement appropriate controls.Conducted comprehensive assessments using NIST Cybersecurity Framework (CSF) to evaluate and enhance the security posture.Collaborated with internal teams to evaluate and address IT risks related to data privacy, security, and business continuity.Led the implementation of industry best practices and standards such as NIST, ISO, and COBIT.Developed and delivered training programs on IT security awareness, regulatory compliance, and risk management.Conducted audits and assessments to evaluate the effectiveness of IT controls and processes.Implemented a TPRM program resulting in a 20% reduction in overall third-party risk exposure within the first year.Conducted successful risk assessments for key vendors, identifying and mitigating critical vulnerabilities, and ensuring continued compliance.Received commendation for effectively communicating complex security concepts to non-technical stakeholders, facilitating collaboration and understanding across departments.Played a key role in achieving and maintaining compliance with regulatory standards and industry best practices.EducationUniversity of UNADBachelor of Science in AccountingUniversity of Texas, AustinMaster of Science in CybersecurityCertificationsCertified Governor Risk and Compliance (CGRC)Certified Information System Auditor (CISA)CompTIA Security +Health Insurance Portability and Accountability Act (HIPAA) |
