| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
PHONE NUMBER AVAILABLE EMAIL AVAILABLE LINKEDIN LINK AVAILABLEWith over 7 years of IT experience, I have developed and implemented robust information security programs, specializing in Supplier Risk Management, Disaster Recovery, Business Continuity, Crisis Management, Product Security, and the Software Development Life Cycle. I am proficient in NIST CSF, RMF, SOC, ISO 27001, and GDPR and other authoritative sources, managing audit engagements for frameworks like HITRUST, SOC 2, GDPR, and HIPAA. As a proven GRC Analyst. Proficient in assessing internal/external security vulnerabilities of information systems across multiple business functions. In my role as a Vulnerability Management professional, I have utilized a range of industry-standard tools to fulfill various responsibilities. I enhance security posture, governance, and compliance through strategic risk management and robust policy development. My expertise spans across Azure, GCP, AWS complemented by strong leadership and communication skills. I have achieved significant improvements in data protection and recovery processes, ensuring the confidentiality, integrity, and availability of information systems and data.Technical SkillsVulnerability Management: Quals, NMAP (open ports), Tenable Wireshark, Burp Suite, App detective and Webinspect, Rapid7, Microsoft 365 Defender and Nexpose.SIEM: SolarWinds, Splunk, IBM QRadar.GRC and ISMS: ServiceNow, Jira, Confluence, Archer, EmassTicketing solutions: RemedyEDR/MDR: CrowdStrike and SymantecPentest: Metasploit, Burp SuiteAWS Monitoring: SNS, AWS CloudWatch Logs and events, CloudTrail, VPC flow logs, S3 Access logs.Antivirus software: Cisco, Palo Alto Networks, and McAfeeOperating system: Windows, LinuxDLP: McAfee, Symantec, and Microsoft 365Cloud service providers: Amazon Web Services, Microsoft Azure, and Google Cloud Platform.SIEM: SolarWinds, Splunk.GRC and ISMS: ServiceNow, Jira, Confluence, RSA Archer, Emass, CSAM, Agile, KnowBe4, Zendesk.Ticketing solutions: Remedy, Confluence, ServiceNow, Remedy, Microsoft Office (Word, PowerPoint, Excel, Outlook, One Note, SharePoint) Agile, DAY, Kanban board.EDR/MDR: CrowdStrike, Symantec, 365 defender security, CyberArk.AWS Platform: AWS CloudFormation, AWS Lambda, AWS Systems Manager, VPC, EC2, ELB, RDS, SNS, SQS, SES, Route53, CloudFront, Service Catalog, AWS Auto Scaling, Trusted Advisor, CloudWatch, Dynamo DB, Glue, Event bridgeAWS Migration: Phases (Assess, Mobile, Migrate and Modernize), Tools (CART, RDS, Migration Hub, Cloud Endure, DMS, SCT etc.)ExperienceGRC AnalystClient: BP Energy Houston, Tx April 2023 PresentRespond to security assessments, questionnaires, and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed.Lead in the creation and maintenance of security policies, standards, processes, guidelines, and support documentation. Excellent technical writing skills for policies, standards, and communications.Lead, evaluate, and support processes to ensure IT systems meet the organization's cybersecurity and risk requirements, ensuring appropriate treatment of risk, compliance, and assurance.Serve as a subject matter expert for Information Security consulting to technical and non-technical management and staff.Manage and support the Third-Party Security Vendor Risk Management program and lifecycle, including managing the exception request process.Lead the Security Awareness program, developing roadmaps, measuring, and evaluating cyber training/education courses based on instructional needs.Manage and support GRC technology platforms, conducting evaluations to ensure compliance with published standards.Conduct enterprise-wide, ongoing risk analysis with Security, Internal Audit, and Compliance Teams. Assess and validate the organization's Information Security Program through audits, assessments, and continuous monitoring.Document and maintain appropriate security control mappings to relevant regulatory compliance and applicable industry frameworks and standards.Identify and report on information security control deficiencies, working with stakeholders to prioritize and remediate findings.Fully engaged in change and project management meetings, leveraging strong knowledge of security administration, role-based security controls, vulnerability assessment, and forensic investigation tools.Developed, implemented, and maintained policies, procedures, standards, and guidelines in compliance with regulations such as NIST 800-171, ISO 27001, GDPR, CCPA, PCI DSS, HITRUST.Reviewed services provided by vendors and defined the scope of assessments based on the Standard Information Gathering (SIG) questionnaire.Reviewed vulnerability reports with developers, system administrators, and engineers to remediate vulnerabilities identified from scans. Created a risk register and risk treatment plan to track remediation processes for vulnerabilities classified as critical, high, medium, and low.Strong background in all stages of the auditing process, including planning, fieldwork/execution, risk assessment, reporting, and follow-up.Developed audit plans and programs to evaluate control areas for projects such as financial statement audits, SOX testing, and SAS 70/SSAEConducted IT General Controls within the audit scope to test their strength, effectiveness, and weaknesses in their control environment.Perform quality control audits to ensure accuracy, completeness, and proper usage of data in tables and various support tools, such as database dictionaries.Demonstrated extensive expertise in Active Directory integration, federation, hybrid environments, and security in AWS, resulting in the successful architecture and implementation of secure AD solutions for organizations.Define qualitative and quantitative metrics to assess the success of the security program, providing regular reports to security and business leadership.Monitor current and proposed security changes impacting regulatory, privacy, and security industry best practices, escalating concerns where applicable.Actively participated in audit engagements, risk assessments, Business Continuity Planning, Incident response, Disaster recovery programs, and Privacy Program.Assessed IT General Controls (ITGC) such as Access Control, Change Management, IT operations, Disaster recovery, and Job Scheduling using RSA Archer.Reviewed internal policies, procedures, and relevant laws to ensure compliance and assessed the adequacy of internal controls.Maintained situational awareness through notifications of enterprise security issues, solutions, projects, and plans impacting assigned systems.Oversaw the development of Security Authorization deliverables, including System Security Plans, Security Assessment Reports, Risk Assessment Reports, Privacy Impact Assessments, Annual Assessments, Contingency Plans, and POA&Ms.Assessed vendors' responses and supporting documentation to validate their implementation of information security controls.Conducted monthly automated scans of online applications using Web inspect and presented detailed reports.Conducted comprehensive risk assessment audits for third-party vendors, evaluating operational, security, and compliance aspects, reducing third-party risks.Demonstrated expertise in configuring, customizing, and managing GRC platforms such as Archer, ServiceNow, and MetricStream to support cyber risk management activities.Performed continuous monitoring following NIST 800-122, NIST 800-171, NIST Cybersecurity Framework (CSF), ISO guidelines, FedRAMP, and CIS Controls.Conducted and responded to IT audit engagements, audit risk assessments, Business Continuity Planning, and Disaster recovery programs.Ensured data security and client privacy per the Privacy Act of 1974, HITRUST, and HIPAA. Reviewed SOC 1 or SOC 2 reports and SIG questionnaires to ensure compliance with company control standards.Created, reviewed, and validated Security Authorization deliverables, including SSP, IRP, CP, CMP, DRP, ISA, MOU, MOA, PNA/PIA, E-authentication, COOP, and SIA.Escalated third-party vendor non-compliance issues to the vendor risk management office (VMO).Vulnerability AnalystClient: Granite Construction, Tx March 2019 March 2023Conducted regular vulnerability assessments using various tools, I drove remediation and reporting of cataloged vulnerabilities.I assessed discovered vulnerabilities, prioritized their scope, impact, and necessary response actions.I have developed expertise in monitoring and analyzing security systems to detect and respond to potential threats and incidents.I have hands-on experience with various security tools such as SIEM platforms, IDS/IPS, and vulnerability scanners.Engaging in security audits and regulatory exercises with partners and vendors, I contributed to vulnerability management, application security, and offensive/red-team operations.I developed and executed a comprehensive vulnerability management strategy aligned with organizational cybersecurity objectives, creating policies, procedures, and standards related to vulnerability management, assessment, and remediation.I have reviewed and contributed to planning strategies that help in corporate management and policy management activities.I efficiently interfaced and coordinated work with business colleagues and vendors in global locations and time zones.Experience reading and understanding system data, including, but not limited to, security event logs, system logs, and firewall logs.Observe security solutions SIEMs, firewall appliances, intrusion prevention systems, data loss prevention systems, analysis tools, log aggregation tools.Supported SOC operations by monitoring and analyzing network traffic, IDS alerts, network, and system logs.I actively participated in forums to research and stay updated on new vulnerabilities, threats, and Tactics, Techniques, and Procedures (TTPs), contributing to risk assessments and control implementations.I developed and executed tests for systems and locally developed tools to assess vulnerabilities, ensuring compliance with specifications, policy, benchmarks, and industry best practices.Working closely with systems engineering and development teams, I recommended and delivered remediation strategies for vulnerabilities throughout the systems development lifecycle (SDLC).Conducting risk assessments, I provided comprehensive reports to senior leaders, documenting methodologies, findings, impacts, and recommending mitigation strategies.I prepared communication materials summarizing remediation efforts for identified cybersecurity vulnerabilities at different leadership levels.Conducted platform, data, performance, and software engineering assessments following the Common Vulnerability Scoring System (CVSS) and MITRE ATT&CK frameworks.I conducted vulnerability scans, analyzed reports, and validated potential findings, contributing to process improvements and documentation.Configured and managed vulnerability scanners for both VM and container environments, ensuring integration into the software development lifecycle.I tracked and guided vulnerability remediation efforts across the organization, escalating issues and problems when necessary.Coordinated vulnerability scans and supported compliance and risk management activities related to Vulnerability Management.I have experience in risk identification, risk evaluation, and management activities.I am an expert working with vulnerability life-cycle processes such as detection, analysis, prioritization, and reporting.Performing governance activities like data reviews and unauthorized change reviewsRegularly researching and learning new vulnerabilities, threats, TTPs in a variety of forums, working with others to assess risk and implement controls as necessary.Expertise in working in a queue to support Jira/Confluence daily.Coordinated with other DISA organizations, activities, and other services as appropriate to de-conflict blue/red team activity with open incidents/events.Expertise in evaluating network security, network resiliency, and network maturity, developing effective audit coverage strategies.Utilized a wide range of security technologies, including vulnerability management tools like Qualys, NMAP, Tenable, Wireshark, Burp Suite, AppDetective, and Webinspect.Experienced with SIEM platforms such as SolarWinds, Splunk, and IBM QRadar.Familiar with GRC and ISMS platforms like ServiceNow, Jira, Confluence, RSA Archer.Proficient in ticketing solutions like Remedy and experienced with EDR/MDR tools such as CrowdStrike and Symantec.Perform Penetration Testing for critical vulnerabilities in a web application and Data Lake implementations.Conducted Red Team operations simulating advanced persistent threats (APTs) to rigorously test and evaluate the effectiveness of enterprise security controls and incident response capabilities.Designed and executed complex attack scenarios to mimic real-world threats, providing critical insights to enhance security posture and resilience against sophisticated cyberattacks.Conducted quality control audits to ensure accurate and complete data usage in tables and support tools, maintaining high data integrity.Cybersecurity Engineer / IAM EngineerClient: Verizon, Va June 2017 Feb 2019Ensured governance processes and industry best practices were correctly implemented and operating as designed, contributing to improvement in compliance measures.I automate the system by leveraging CloudWatch (which is an event driven service) integrate it with SNS, logs, metrics, and Lambda (to auto remediate the environment if there are any security bridge or non-compliance)I prepare for security incidents by putting in place a security response plan that aligns to the organization's requirements.I use Secrete Manager to Store my secrets (Access ID, Access key ID, password, username, and configuration data.I have used Zero Trust security model to protect my users, data, and systems at every point of access.I had the task of building a structure from scratch where all the best practices that AWS puts on the table were being implemented.Implementing some of these best practices, I made sure to Delete accounts of users who had left the company.Check for notifications from monitoring system using SNS and ensure that there is no critical alert unattended.Provide help and support to developers and provide support for production servers, deploy code on dev & prod servers.Granted user and grant least privilege,Monitor activity in my AWS Accounts using cloud watch to monitor services and cloud trail to trail actions.Advised on and implemented strong password policies, enabled Multi-Factor Authentication (MFA) for all accounts, and enforced periodic password rotation every 90 days.Applied the principle of least privilege, utilized IAM roles and policies to avoid static keys, managed federated users with temporary access, and implemented a systematic de-provisioning process to terminate access privileges.Leveraged AWS Access Analyzer to optimize access patterns, grouped users for streamlined permission management, and ensured compliance with security standards through continuous monitoring and enforcement.Provide technical expertise and guidance on AWS security tools for Information Security teams. This may include decisions about how cybersecurity and vulnerability monitoring will be performed, using/integrating both cloud-native and third-party security tools and controls.Analyzed vendor evidence such as SOC, Vulnerability Scans and Penetration Test reports to identify gaps or exceptions.Work in a team to Access Security Controls selected, in Updating SAP, ROEwhere Vulnerability scanning, and penetration testing procedures are included in the assessment.Planned and executed onsite/virtual risk assessments for third party vendors focusing on compliance with regulations, policies, and internal controls.Provided ongoing monitoring for third party risk due diligence. Participates in IT specific and integrated third party audits, as well as assists in other audit projects/tasks as requested by management.Configured CloudWatch for real-time monitoring and automatic responses, utilized AWS Config rules for compliance and automatic remediation, and employed Amazon Guard Duty for continuous threat detection and response.Leveraged AWS Security Hub to consolidate and manage security findings, implemented comprehensive logging and monitoring using CloudTrail and AWS Config, and defined security groups and network ACLs to enhance VPC security.Implemented encryption, access controls, and monitoring for EC2 and S3, ensuring robust security measures and compliance with industry standards.EducationBachelors degree in computer science University of Yaound (2012)Certifications:Certified Information Systems Auditor (CISA)CompTIA - Security +AWS Certified Solution ArchitectOracle 12c certified AssociateScrum Master CertifiedProfessional Summary |
