| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Phone: PHONE NUMBER AVAILABLE, Email: EMAIL AVAILABLEPickerington, OHSUMMARYA well experienced cyber security professional with repeated accomplishments investigating all types of cyber security incidents and breaches impacting service, people, and businesses. Proficient in security assessment, Governance, risk management and compliance, and vulnerability management. Experienced in cybersecurity risk management and its impact on organizations information Systems Confidentiality, Integrity, and Availability triad. Results-oriented Cyber Security Professional with experience in information technology, including data monitoring, threat detection and response, threat analysis, and security control implementation and assessment. Adept at working with system stakeholders in the development and implementation of information security strategies required to protect enterprise information systems, networks, data, and operational processes through the Security Assessment & Authorization (SA&A), using industry-based standards such as ITGC, SOX COMPLIANCE, DATA PRIVACY, NIST, FISMA, OMB, RMF, and FedRAMP, process. Strong background in Governance, Risk Management, and Compliance requirements and well-versed in installing, configuring, and deploying next-generation Cyber Security tools.SKILLSData Privacy Auditing and gap analysisPrivacy by design and default strategiesThird Party Risk ManagementPolicy and Process DevelopmentSecurity PlanningIncident ResponseRisk AssessmentsVulnerability ManagementRISK MITIGATIONNIST SP 800-SeriesTenable Nessus ScanningISO 2700XCLOUD SECURITYSox CompliancePenetration TestingVulnerability scannersCloud SecurityServiceNow SecurityRisk Management FrameworkCloud SecurityBusiness Continuity and Disaster Recovery planningIT general Controls (ITGC) AuditingPCI DSSPHIPIIHIPAAMONITORING And AUDITGDPRCCPASOC 2ITGCPatch management tools.SIEMCore Skills:Auditing, Security Assessment, Risk Management, Security Related Awareness and Training and ensuring safe environments through best practices following NIST Risk Management Framework Experience in performing risk assessment on both commercial and Federal Government information systems.Skilled in Information Security/Assurance Analysis, Compliance and GovernanceExperience in assessing security controls in AWS cloud environment.Improve the efficiency of information security processes and advance the effectiveness of the information security controls of the AWS cloud operating model.Participates in Incident Response activities in coordination with other teams as necessary, Reviewing and editing event correlation rules, performing triage on these alerts by determining their criticality and scope of impact, evaluating attribution and adversary details.Develop and conduct Security Control Assessments (formally ST&E) per NIST SP 800-53A and NIST SP 800-53R4.Over 5 years of experience in system security monitoring, auditing and evaluation, A&A and Risk Assessment of GSS (General Support Systems) and MA (Major Applications)Performed Certification and Accreditation documentation in compliance with company standards.EXPERIENCEAGO Worldwide Consulting, Severn MD June 2019 presentSenior/Lead GRC Analyst8034 Westgate Ln, Severn MD, 21144Develop and implement strategies to ensure compliance with regulatory requirements, industry standards, and company policies.Conduct risk assessments to identify potential threats and vulnerabilities to the organization's assets and operations.Design and manage internal controls to mitigate risks and enhance operational efficiency.Monitor and evaluate compliance with policies, procedures, and regulations through audits, assessments, and reviews.Provide guidance and training to employees on compliance-related matters, including data protection, information security, and ethical standards.Collaborate with cross-functional teams to address compliance issues and implement corrective actions.Stay abreast of changes in laws, regulations, and industry trends to ensure ongoing compliance and risk management.Prepare reports and presentations for senior management and regulatory agencies on compliance and risk-related matters.Scanning Network systems and applications to identify weaknesses that could be exploited by cyber-attacks.Continuously monitoring systems and applications for new vulnerabilitiesConducted ITGC audits to ensure compliance with internal policies and external regulations, including SOX.Implemented and managed organizational GRC Program and integrated risk management and compliance activities into business processesProvided regular reporting on GRC activities to senior management and board members.Managed Data Privacy introductions, conducting gap analysis and executing security policies and procedures to enhance overall security posture.Geek View Tek Solutions, Frederick, MD Dec 2017-June 2019Third Party risk analyst/ Data Privacy analyst (LEAD)Conducted IT controls risk assessments that included reviewing organizational policies, standards, procedures and guidelines.Developed audit plan and performed the General Computer Controls testing, identified gaps, developed remediation plans, and presented results to the IT Management team.Directed a cross-departmental team to conduct a comprehensive data privacy audit, identifying critical gaps and implementing remediation strategies that led to 90% improvement in compliance with internal and external privacy standards.Conduct IT general controls risk assessments as well as risk auditing with frameworks like HIPAA, PCI, and ISO 27001.Developed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, organizational and polices safeguards to maintain HIPAA compliance base on NIST SP 800-66 Rev1 and security controls (NIST SP 800-53).Assess vendors utilizing the stages in the Third-Party Cycle Framework (Onboarding, Due Diligence, Monitoring, Termination Plans, Off-boarding).Perform initial review of due diligence on the vendor to ensure they are current and applicable to the product/service provided.Tier, assess, and monitor risks associated with vendors to determine Inherent Risk Rating.Collaborate with first line vendor relationship managers to ensure consistency in vendor delivery service and products and provide relationship managers with vendor risk posture guidance as needed.Performing annual risk assessments of third parties across the following risk domains: financial, legal, information security, regulatory/contractual compliance, operational, reputational and strategic.Developed a security baseline controls and test plan that was used to assess implemented security controls.Conducted a security control assessment to assess the adequacy of management, operational, and technical security controls implemented.Assisted in the development of an Information Security Continuous Monitoring Strategy (Ensure continued effectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions.Developed a system security plan (SSP) to provide an overview of federal information system security requirements (FISMA) and describe the controls in place.Conducted meetings with the IT client team to gather evidence, developed test plans, testing procedures and documented test results and exceptions.Conducted walkthroughs, formulated test plans, documented gaps, test results, and exceptions, and developed remediation plans for each area of testing.Performed IT operating effectiveness tests in the areas of security, operations, change management, and email authentication.EDUCATIONCentral University, Accra, Ghana, BSC. Computer Science 06/2014Cyber Awareness Training - CourseraRisk Management Framework, NIST 800-37CERTIFACATIONSCertified Information Systems Auditor (CISA)CompTIA Sec+ |
