| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Lorton, Va,Street Address
PHONE NUMBER AVAILABLE EMAIL AVAILABLEProfessional SummaryA conscientious individual, goal and detailed-oriented Security/Compliance Analyst professional with over 4 years experience. Strong problem-solving and project management skills seeking an Information System Security/Compliance Analyst position with growth-oriented organization focusing on IT security and risk, system security monitoring and auditing, risk assessments, audit engagements, vendor risk management and testing of information technology controls to enhance industrial standards, policies and regulatory compliance. Among the functional areas of expertise are: Perform Risk Assessment using Frameworks, Guiding Principles, to establish and validate risk ratings, Impact levels/Criteria and determining control effectiveness to mitigate associated risks using standard such as: (NIST 800 SPs. 800-37, 800-53/53A rev 4, ISO 27001) Series. Proficient in applying other Industrial Standard Practices, Risk Management Processes, Procedures and Implementation of Risk Management Framework (RMF) to effectively mitigate risks. Working experience in developing and applying Systems Development Life Cycle Plans (SDLC), Artifact Development (Risk Register, Risk Assessment Reports and Recommendations, Plan of Action & Mitigation, (POA&M) and Templates etc.) Cloud Computing experience such as: Assessing risk in cloud environment, Risk Evaluation and Review and recommending and implementation of effective Controls (VMware on Dell Solution) Perform Third Party/vendor Risk Assessment to identify eminent risks, gaps, documentation and support implementation of acceptable and required standards for compliance. Support the Documentation, Implementation, Assessment and Review/update of Policies, Standards and regulations (PCI DSS, HIPAA, HITRUST, SOX, GDPR, CCPA etc.) to enhance compliance of federal, state and other related laws and regulations. Vulnerability management process: Assessing vulnerability report for risk and implementing remediation plan/process. Proficient in conducting IT audits over systems, processes/procedures. Identification of noncompliance/nonconformity and gaps and providing recommendation for management decision making. (Scoping, planning, conducting, documentation and reporting of audit results.)EducationBachelor of Arts, SociologyNorfolk State University, Norfolk, VAProfessional Certifications S+: COMPTIA Security+ CISM: Certified Information Security Manager. CSM : Scrum Master. Emass: Enterprise Mission Assurance Support Service. AZ500: Azure Security Engineer Associate. CGRC : Certified Governance Risk complianceProfessional ExperienceSecurity Analyst Performed program. Montefiore vendor security Medical (risk contract)assessments, Bronx, for NY business March 2023 units - Present to enhance resilience and maturity of vendor risk management Performed onboarding assessment, oversight and off boarding of third-party products, services, and outsourcing arrangements Monitored, questionnaire collected, response and from maintained third parties risk information, as well as shared including assessment. cyber security and financial ratings, sanctions data and Performed risk assessment on information assets including information systems, biomedical systems, clinics, and data centers Prepared systems/processes a comprehensive for new Third-emerging Party risks. assessment report for management and continuous monitoring of their Conducted vulnerability risk assessments to support business units in performing security assessment on critical systems Evaluated results with system owners and custodians. Provided information security consulting on a variety of technologies and processes. Worked with clinical, academic, and administrative groups and developed security solutions with minimum supervision. Conducted guidelines. IT controls assessments that included reviewing and updating organizational policies, standards, procedures, and Audited major applications within health systems and assessed control gaps. Reviewed HIPAA compliance reports, documented audit findings and developed corrective actions plan. Interacted extensively with external and internal clients to discuss current IT security posture for scoping and resolution. Assessment and Authorization Specialist FDIC (Contract), Arlington, VA June 2018 - February 2023 Conducted 800-53 and Security local Information Control Assessment Security policy (SCA) standards. of IT Systems (General Support Systems, Major Applications) for compliance with NIST Created the Security Assessment Plan (SAP) and conducted Security Assessment via document examination, interviews and manual assessments of the IT system. Conducted procedures Security and documented Assessment test kick-results. off meetings with the IT client team to gather evidence, review the SAPs, security testing Reviewed security authorization packages for completeness and accuracy prior to the start of the SA&A activity and performed independent compliance reviews, tracking, and continuous monitoring of RMF A&A packages. Develop Action& Milestones Security Assessment (POAMs) of Report the IT (SAR) system. detailing the results of the SCA along with findings leading the establishment of Plan of As an ISSO, developed and maintained an organizational or system-level cybersecurity program that. includes procedures. cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and Developed Security Authorization documents, System Security Plan (SSP), SAP, Privacy Threshold. Assessment other security (PTA)artifacts /Privacy in accordance Impact Assessments with NIST guidelines. (PIA), Plan of Action and Milestones (POA&M), Configuration Management Plans and Maintained operational security posture for IT systems and assist in the development of an Information Security Continuous Monitoring strategy for the IT system. Oversaw the preparation of a SA&A packages for submission to the Program Office for approval of an Authorization to Operate (ATO). Reviewed and update some of the system categorization using FIPS 199. Created and update IT Contingency Plans and organized contingency testing of IT systems using NIST SP 800 34. Provide Help Desk network Norfolk security State, access Norfolk, control VA May management, 2010 - June firewall 2018 management, end point security configuration and management. Provide assets management, vulnerability management and patch updates. Image new computers and ensure that all configurations and settings meet organizational standards. Work with the help desk support staff to triage IT issues and record them in ticket tracking system. Prioritize issues based on standard operating procedures and service level agreements. software/Follow standard hardware operating issues, password procedures security to resolve violations, customer telecommunication questions/problems troubles concerning and work automation orders. systems, storage Installs, (maintains, SAN) and backup repairs systems. and replaces IT hardware and office productivity software, including network devices, servers, software; Setup and ensure support access of end controls user computers, for end users other operations; devices (e.ensures g., printers, computer scanners, images mobile are devices)those built, and by office Windows productivity Engineering. of Oversees help desk the operations. development and maintenance of Helpdesk ticketing, problem resolution, and asset tracking systems in support Develop, coordinate, and assist in the operation of IT equipment. computers Point of contact and other and responsible end user devices. person when setting up new offices with IT systems or expanding existing offices or refreshing systems. Install new software versions and updates and configure hardware and/or user systems for effective integration of software Perform upgrades of hardware to include memory, fix storage, and install network interface cards (NIC) or enhancement cards. Interact with users to ensure proper operation of computer systems, hardware, and software. Automate repetitive tasks such as ghosting software images and software. Technical ProficienciesWindows XP/Vista/7/8/8.1/10, Mac OS X Microsoft Office Suite, SharePoint, Splunk, McAfee VirusScan Enterprise, Nessus, GRC Risk Vision, |
