| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name 2023 - PresentRisk ConsultantSupport the US Banks Privacy Office team managing the privacy risk program to ensure compliance with Privacy Laws/Regulations.Support Privacy Impact Assessment (PIA) process (responsible for conducting end-to-end PIAs across Bank applications and Bank vendors, leading/coordinating PIA conversations with stakeholders, and ensuring PIA cases and results/findings are correctly tracked).Validate, document and report found privacy gaps or risk indicators and help product managers develop response plans, including escalating issues when necessary.Establish and administer a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organizations privacy policies and procedures in coordination and collaboration with other similar functions.Raise awareness of privacy policies and procedures, particularly Privacy by Design program and Privacy Operating Model.Design and develop the goals, policies and procedures of the organizations privacy programs in accordance with appropriate laws and regulations.Collaborate in creating the mechanism needed for managing and responding to data subject rights requests.Perform other responsibilities as needed to assist the team.Integrated Communication Solutions, Inc. May 2018 April 2023Senior Information Systems Security OfficerAnalyze and update system security plan (SSP), risk assessment (RA), privacy impact assessment (PIA), system security test and evaluation (ST&E) and the plan of actions and milestones (POA&M)Assist system owners and ISSO in preparing certification and accreditation package for companys IT systems, making sure that management, operational and technical security controls adhere to security requirement authorized by NIST SP 800-53 R4Designate systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60Conduct self-annual assessment (NIST SP 800-53A)Perform vulnerability assessment to ensure that risks are assessed, evaluated and appropriate actions are taken to limit their impact on the information and information systemsCreate standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packagesConduct IT controls risk assessments that included reviewing organizational policies, standards and procedures and provide advice on their adequacy, accuracy and complianceTotal Computer Solutions, Inc. March 2012 April 2018Junior Information Systems Security OfficerProvided A&A support on major systems for an IT security and privacy contract.Identify security and privacy requirements for systems based on NIST SP 800-53 and the Risk Management Framework.Developed and reviewed System Security Plans and Security Assessment ReportsAssessed assigned systems and recommend methods for protecting computer data andapplications under NIST guidelinesEnsured necessary data protection and security controls have been implementedDeveloped cyber security policies, plans, processes and procedures to ensure compliance with IT laws, policy and best practicesKept current with Federal IT security and privacy requirements, OMB policy memoranda and NIST guidelinesReviewed and assessed external services associated with Agency Network. Coordinated with infrastructure and application development teamsRefined process documentation on cloud/managed services, e.g., FIPS 199 security categorization, security reviews, risk assessment and mitigation and privacy threshold analysesResearched current systems and recorded status of controlsDeveloped and implemented plans for continuous monitoringPTA /PIA/ SORNS NIST 800 53 rev 5 privacy controlsDocument System specific privacy controls within SSPSensitive PII |
