| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Mobile: PHONE NUMBER AVAILABLE Email: EMAIL AVAILABLE LINKEDIN LINK AVAILABLEPCI DSS Consultant Sr. GRC Analyst Cybersecurity ProfessionalCertified Cybersecurity Professional and PCI DSS Consultant; technically advanced and detail-oriented professional with success in leading cyber security operations for the protection of information networks and systems. Adept at ensuring optimum security and governance control by developing and executing security systems/programs and identifying, mitigating, and reporting cyber security risks.Instrumental in planning disaster recovery, implementing change management policies, overseeing security audits, managing projects, implementing controls, and delivering visibility of enterprise-wide risks through alignment of risk frameworks.Excellent oral and written communication skills.Recognized for implementing cybersecurity frameworks and overseeing information systems and IT governance programs.Demonstrated excellence in analyzing complex information and developing security standards compliant with corporate guidelines.AREAS OF EXPERTISESecurity & Compliance Framework: Payment Card Industry Data Security Standard Compliance (PCI DSS) National Institute of Standards &Technology (NIST) 800-53. NIST 800-171, ISO 27001, and Microsofts security best practices NIST framework (CSF) GDPRSecurity Tools Cisco Firewalls IPS/IDS Multi-factor Authentication Qualys VPN Configuration Fortinet Cryptography Qualys Microsoft Defender Qualys Vulnerability Management Detection & Response (VMDR)Virtualization & Cloud VMware AWS Cloud VM VirtualBoxNetwork & Infrastructure DHCP TCP/IP DNS SIEM Active Directory SQLSecurity Strategy Vulnerability Management Information Security Policy Application Security Risk Management Cryptography Security Network Architecture Patching and Remediation Management Technical Writing Project Management GovernancePROFESSIONAL EXPERIENCECybersecurity Consultant (PCI DSS) Sr. GRC Analyst Feb 2024 - presentTotal Management Group (Contract) RemoteCybersecurity Consultant with extensive working knowledge in the PCI DSS industry, specializing in assisting merchants and service providers navigate, through PCI DSS v4.0 standard compliance, remediation efforts, and quality assurance on Self-Assessment Questionnaires and Reports on Compliance. I leverage my detail-oriented and problem-solving attributes complemented by my assertive, proactive, and self-motivated nature to enhance compliance, mitigate risks, and fortify client relationships. My professional exploits have contributed to reducing the risk of data breaches, avoiding regulatory penalties, and enhancing client satisfaction - thereby solidifying the company's reputation. I seek to continue utilizing my extensive compliance knowledge and technical skills toward developing effective cybersecurity governance and risk management strategies in my future experiences. My specialty in revising and writing information security policies based on PCI DSS v4.0 requirements positions me as a valuable asset to data security, governance, and compliance teams.One of my responsibilities was to ensure the organization remained current with its patch installations. This preventive measure aimed to avoid any gaps in the systems that could potentially allow threat actors to infiltrate the organization. According to PCI DSS standards, requirement 5 mandates the protection of all systems against malware and requires regular updates with antivirus software or programs.I had the pleasure of assisting an organization by updating policies, procedures, and documents from PCI DSS v3.2.1 to 4.0. This ensures all documentation aligns with the current standards and enhances security measures.Led a comprehensive scoping assessment for a Fortune 500 company, documenting cardholder data flows, storage details, and web applications. Reviewed the previous Report on Compliance (ROC) and Master Service Agreement (MSA) documents, developed an Information Requests List (IRL), and identified payment channels across five regions in nine countries, resulting in better preparedness for the upcoming assessment.Managed Third-Party Service Providers (TPSPs) to ensure compliance with PCI DSS by conducting regular due diligence, maintaining comprehensive written agreements, and ensuring TPSPs acknowledged their responsibility for cardholder data security. This strengthened data security, reduced the risk of non-compliance, and ensured robust oversight and accountability of third-party relationships.Streamlined compliance efforts by creating Document Request Lists (DRL), Data Flow Diagrams (DFD), and Data Flow Narratives (DFN), enabling the company to complete the Self-Assessment Questionnaire (SAQ) and avoid non-compliance penalties.Advised clients on the implications of relevant PCI DSS security controls, providing expert guidance on best practices and developing tailored solutions. This empowered clients to strengthen their cybersecurity posture and maintain compliance with industry regulations.Information Technology Specialist NOC AnalystGovernment, Washington, DC 9/2007 presentIn my current role, I specialize in Cybersecurity Management and Network Operations within the PCI DSS industry. I identify and mitigate potential discrepancies and risks by coordinating with cross-functional teams and utilizing effective tools to ensure the uniform application of security policies and enterprise solutions. I maintain systems through hotfixes, license renewals, and client modifications to meet quality and cybersecurity deliverables.My expertise includes configuring, installing, deploying, and troubleshooting complex cybersecurity projects within time and budget constraints.In Network Operations, I enhance job scheduling templates to implement patches, upgrades, and processes efficiently. I ensure seamless network operations and improve user experience by providing NOC training on router, server, VLAN configuration, and client/user VPN setup. I minimize interruptions and increase enterprise information systems performance by configuring and installing CA-7 and UC4 software. I serve as a central repository for vendor support, maintaining job alerts, scheduling metrics, and notifications, while overseeing overall system administration operations, including job analysis and migration into the framework.Additionally, I provide technical support by leading a skilled team and leveraging exceptional communication skills to drive cross-departmental collaboration. I utilize OneNote to create structured documentation and reports, introduce strategic roadmaps for effective enterprise implementation, and coach operations staff on multiple software applications to improve skill sets and identify improvement opportunities.EDUCATIONBachelor of Science Business Management, Northwood University, 2004Cybersecurity Professional Certificate, American University, 2022Howard Columbia & Nova Community College Continuing Education, TechnologyCERTIFICATIONSSecurity+, 2022Cybersecurity Certificate, 2022CISSP (2025)TECHNICAL PROFICIENCIES:Technology: Wireshark, HoneyPot, Nessus, Pycharm,Software: UNIX, Unicenter TNG, Unicenter Service Desk (USD 5.5), Windows NT, XP, OS/MVS, Veritas, Netbackup, CA-7 (Computer Associate), Visual Basic, OS390, Web Design Intermediate, Initial Program Load (IPL), Enterprise System Process (ESP), PowerPoint, MS Office Suite, Multi-Virtual Systems (MVS), Job Control Language (JCL), ISPF, Unisys, Control-M, VMWare, Sun Microsystems, Raisers Edge, Excel, MS, Peregrine Problem Tracker, JES2, UC4 Scheduling Software, Service Manager, MS Project,Operating Systems: Windows 10, Windows 16 Server, Kali Linux, Ubuntu, Debian, Redhat, CentosWindows Security: Active Directory, Windows Server, Group Policy, DNS, Shares and Permissions, DHCP, Disk Management, Security Policy, Microsoft Authentication, PowerShellNetworking: Networking, Switch & IOS, IP & Routing, Subnetting, IPv4/6 Static Routing, Dynamic Routing, VLANs and Trunking, Diagnostics & Troubleshooting, Access Control List, Infrastructure Services, NISA, FIMSACloud: AWS, Cloud Security, Virtualization and Container, and Advanced Cloud SecurityAdditional Relevant Expertise: Microsoft Security, Computer Networking, Cloud Security, Linux Security, Network Security, Cyber Technologies, Python, Ethical Hacking, DFIR, Game Theory, Splunk, SIEM, Splunk, and AlienVaultPayment Card Industry Data Security Standard Compliance (PCI DSS)AFFILIATIONS:PCI DSS Compliance Coordinator 1/2017-3/2018American Home Association Columbia, MDI joined the Payment Card Industry community to be actively involved, understand how security protocols and compliance measures are implemented, and connect with other professionals in the field. Being part of this community has been both inspirational and educational. I gained insights into the various facets and responsibilities involved in maintaining PCI DSS compliance.Initially, I started in an administrative role, managing documentation distribution, invoices, and security guidelines for new members. This included preparing essential documents to help new members understand compliance requirements, set up secure accounts, and troubleshoot issues. After six months to a year, I was promoted to a compliance analyst role. I took on this role thanks to my degree in Business Management and was able to contribute further due to my technical background. |
