| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name , CISSP, CISAEMAIL AVAILABLE PHONE NUMBER AVAILABLESenior Cybersecurity Risk AnalystCybersecurity Risk and Compliance management specialist/Auditor with passion for aligning Information Risk and Compliance management plans and processes with security standards and business goals. Take charge security risk assessment lead experience in Risk Management, Risk Assessment, Policy Governance, Cloud Security Assessments, Risk Analysis, Information Security Policies and Procedures, Developing Plan of Action, and Milestones Process (POA&M), IT Security Audits, Internal Audit, Governance Risk & Compliance (GRC), Third-party Risk Management, Certification Compliance, Data Analysis, Data Protection, Data Security, Data Encryption, Data Privacy, Data Loss Prevention (DLP), Disaster Recovery (DR), Business Continuity Planning (BCP), Software Development. Possess strong knowledge of risk management and/or internal control techniques including of an asset managers core operational business and/or technology functions.Areas of expertise include:IT Risk Management, Audits, Risk Assessments, Risk Analysis, Cloud Security Assessments, IT Security Audits, review, score risks, prioritizing risk, Policy Governance, Data Analysis, Data ProtectionNIST 800-53, NIST 800-30, ISO 27001, PCI DSS, SOX and SSAE18 / ISAE3402, SOC1/SOC2, HITRUST, MITRE ATT&CK, OWASP Top 10, SANS, COBIT, GDPR, CCPA, PII, PHI, PCI-DSSNIST Risk Management Framework (RMF), NIST Cybersecurity Framework, Cryptography, PKI, Secrets Manager, Okta, Ping, Saviynt, Splunk, PowerShell, IAM, CIAM, IDM, IGA, Sailpoint IIQ, IdentityNow, LCM, LDAP, CyberArk, App scan, Burp, Snyk, ZAP, Checkmarx, Nmap, Zmap, ServiceNow GRC, ServiceNow IRM, SAP GRC, ArcherGRC, ZenGRC, OneTrust, LogicGate, AuditBoard, IBM OpenPages, Drawbridge, Coupa, CyberGRXCloud Security, AWS, Azure, GCP, EC2, EBS, S3, IAM, AMI, VPC, VPC Peering, AWS Firewall (SG/NACL), AWS WAF, Control Tower, AWS Security Guardrails, AWS Fargate, AWS Amplify, AWS Resource Manager, AWS GuardDuty, VPC Flowlogs, Azure DevOps (ADO), Azure AD, Azure Security CenterApplication Security Testing, Treat Modeling, Pen Testing, Network Security, API Security, Container Security, DevSecOpsLanguages: Java, J2EE, .Net, GO, SOAP/REST, JSON, YAML, Python, Presto, node.js, react.js, Angular, SQL, MySQL, NOSQL/DynamoDBAgile, SAFe, Scrum, JIRA, Confluence, Teammate, MiniTab, R Analysis, Stata, SPSS, SmartSheet, Power BI, Tableau, Qlik, QuickSight, Adobe AEM, VisioPROFESSIONAL EXPERIENCENike Inc.; Austin, TX (Jun 2021 Present)Consultant: Senior Cybersecurity Risk AnalystGovernance, Risk and Compliance Advisor across various departments, including Engineering, Legal, privacy, and led efforts to improve and operate risk register and issue management program by managing risk management activities to ensure security risks are centrally and consistently cataloged, and monitored.Conducted security reviews of planned cloud migration initiatives across the organization and performed risk assessments, risk analyses, penetration testing, red team (offensive) testing, blue team (defensive) testing, threat models and vulnerability analyses for cloud environments articulating risks.Supported organizational risk oversight and governance through coordination of the Risk Oversight Committees (ROCs) in partnership with GRM senior management.Facilitated risk directed discussions with business areas (including with senior management) to identify key risks and controls.Performed other risk and audit activities, which include SOC audit coordination, vendor risk assessments, business area risk assessments, internal audit assessments, and other special projects as needed.Performed and reviewed technical risk assessments and reviews of new and existing applications and systems, including data center physical security and environment.Participated in the development of information technology disaster recovery and business continuity planning.Developed and recommended plans to safeguard information systems from accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs as part of data security.Led adoption of a common risk and control framework and performed third-party risk assessments to maintain oversight of third-party vendors.Provided timely and accurate reports on credit quality control findings, trends, and recommendations for enhancing processes, control environment, improving consistency of execution, and mitigating risks.Perform activities supporting periodic operational exception review and certifications in compliance with the Sarbanes-Oxley Act.Performed Information Security Risk Management activities which include Information Risk Assessments, Cloud Security Assessments, Risk Analysis, review, and score risks, prioritizing risk, identifying risk owners, custodians, IT Security Audits, Data Analysis, Risk Mitigation, Security Testing, analyze findings as part of Governance Risk & Compliance (GRC) Program.Created and maintained Information Security Policies and Procedures and Developed Plan of Action and Milestones Process (POA&M) to identify the security controls and implements those security controls.Performed quantitative analysis contributing to risk efforts while increasing and enhancing the companys risk management capabilities.Developed a robust assessment plan for assigned businesses in accordance with standards, relevant government compliance regulations (GDPR, CCPA, PCI-DSS) and Cybersecurity frameworks (NIST, ISO).Provided support to the risk effort through the measurement of risks associated with the company and its efforts.Designed, developed, and implemented security controls and tools that improve the defense of Companys internet services, infrastructure, and applications in Cloud.Designed and implemented changes to existing security tools, applications and processes based on changes in scope or needs.Collaborated with peers, business unit partners, management, and corporate functions to identify areas of risks to the organization.Performed cloud security assessments (AWS, Azure, GCP, OCI) and worked with cloud vendors to communicate deficiencies in assessment responses.Managed and prioritized multiple assessments and communicated assessment requirements to vendors and customer organizations.MetLife; New York, NY (Dec 2019 May 2021)Consultant: Senior Governance Risk & Compliance (GRC) AnalystActed as a risk advisor and collaborated with SMEs, including Audit & Compliance teams, to ensure adequate processes and controls are in place to manage risk and are aligned with leading best practices.Performed Information Security Risk Management activities which include Information Risk Assessments, Cloud Security Assessments, Risk Analysis, review, and score risks, prioritizing risk, identifying risk owners, custodians, IT Security Audits, Data Analysis, Risk Mitigation, Security Testing, analyze findings as part of Governance Risk & Compliance (GRC) Program.Led Issue and action management to ensure steady progress is made towards a resolution that addresses the root cause and prevents issue recurrence.Created and maintained Information Security Policies and Procedures and Developed Plan of Action and Milestones Process (POA&M) to identify the security controls and implements those security controls as part of Information Security Program.Performed quantitative analysis contributing to risk efforts while increasing and enhancing the companys risk management capabilities.Develops a robust assessment plan for assigned businesses in accordance with standards, relevant government compliance regulations (GDPR, CCPA, PCI-DSS) and Cybersecurity frameworks (NIST, ISO).Provided support to the risk effort through the measurement of risks associated with the company and its efforts.Deployed consistent multi-cloud security capabilities, cloud governance capabilities, cloud development, cloud infrastructure and services, and secure operations in the cloud coupled with a broad understanding of the security and information technology landscape.Assisted in monitoring and reporting on risks and controls in all areas of the company and its products and services.Developed and delivered regular risk metrics and report to leadership and management committees.Developed and drove security awareness and training.American Express; Phoenix, AZ (Aug 2017 Nov 2019)Consultant: Technology Risk AnalystEstablished trusted relationships with business leaders across the company to lead change management in Access Management practices.Performed Information Security Risk Management activities which include Information Risk Assessments, Cloud Security Assessments, Risk Analysis, review, and score risks, prioritizing risk, identifying risk owners, custodians, IT Security Audits, Data Analysis, security testing, analyze findings as part of Governance Risk & Compliance (GRC) Program.Created and maintained Information Security Policies and Procedures and Developed Plan of Action and Milestones Process (POA&M) to identify the security controls and implements those security controls.Performed quantitative analysis contributing to risk efforts while increasing and enhancing the companys risk management capabilities.Develops a robust assessment plan for assigned businesses in accordance with standards, relevant government compliance regulations (GDPR, CCPA, PCI-DSS) and Cybersecurity frameworks (NIST, ISO).Defined corporate cloud security architecture and direction by influencing through partnerships, integrity, and dependable delivery. Continually reduced corporate security risk through automated security technology implementation, utilization, and adoption through agile methods.Define requirements, best practices, and enable the collaborative development of system/service architecture, design, and engineering.Defined and established unified program-wide approach to address security issues and mitigate risks.EDUCATION AND CREDENTIALSBachelor of Technology, Jawaharlal Nehru Technological University, IndiaCertified Information Systems Auditor (CISA)Certified in Risk and Information Systems Control (CRISC)Certified Information Systems Security Professional (CISSP)CompTIA Security+ certificationCertified Scrum Master |
