Candidate Information | Title | Information Security Analyst | Target Location | US-IL-New Lenox | | 20,000+ Fresh Resumes Monthly | |
|
|
| | Click here or scroll down to respond to this candidatePROFESSIONAL SUMMARY:Experienced Security Engineer with over 16 years of experience in Information Technology Security. Proven expertise in implementing security measures, combined with solid business ethics, problem-solving, and negotiation skills, pursuing opportunities to leverage a Master of Business Administration and a Master of Information Security, along with recent entrepreneurship skills and Security certification achievements, to contribute to a dynamic organization.Proficient Security Engineer with a background in numerous Information Security/Technology Governance programs, and solid leadership skills.Excellent business ethics and ability to communicate and collaborate across the board. Strong problem-solving, analytical capabilities, and negotiation skills in dealing with third-party vendors.In-depth knowledge of procedures and disaster recovery Business continuity planning.Knowledgeable in security policy and compliances comprising HIPAA, NIST, CIS, ITILIn-depth understanding of security standards (PCI-DSS) and regulations such as SOX (Sarbanes Oxley), FERPA, GDPR, etc.Hands-on experience with Security Information and Event Management (SIEM) tools.vulnerability scanners tools: Security Onion, Splunk, Snort, Wireshark.Web Security WAP tools; MacAfee Gateway, WSA, and Umbrella.Knowledge of quantitative, qualitative, and hybrid risk assessment procedures.Forensics tools FTK, FTK Imager; PTKR.Multi-lingual: fluent in English, French, and Creole, and intermediary level in Spanish.EDUCATION & CERTIFICATIONS:William Woods University, Fulton, MO MBA (2022)Lewis University, Romeoville, IL Master of Science in Information Security (2012)DeVry University, Addison, IL Bachelor of Science in Computer Information SystemsCISM (Certified Information Security) Certification in October 2023CISA (Certified Information System Auditor) March 2024ACE Forensic: Access Data Certified Examiner (2012)PROFESSIONAL EXPERIENCE in Technology:Bank of America (BOA) Apex: Contractor 10/2023-11/2023Security Analyst, Controls ManagementValidated alerted Compliance risk issues by accessing Data Log storage using alerting tools (Splunk, Elastic, bank-developed tools)Investigated to triage Log-based use cases and alert creation.Communicated with both technology and business partners to strategize on compliance by creating new plans and actions to ensure applications controlCollaborated with stakeholders to translate between constituencies to strengthen the environmentExplored with stakeholders how technology interacts with other technology (i.e., Application Log Data) to build use case parameters for the security team Developer to create appropriate new alerts.Managed and updated several tasks simultaneously (i.e., building alerts for multiple applications simultaneously).Zekelman Industries 05/2022 01/19/2023Lead Information Security AnalystRan end-to-end security practices and procedures delivery, ensuring operational governance and regulatory compliance.Developed and implemented Security policies and procedures resulting in a 30% decrease in security incidents.Managed a group of 5 investigating system/application event logs detecting vulnerabilities and malicious activity.Investigated security incidents to determine root causes and remediation tactics.Monitored and scrutinized suspicious activity and IOCs.Performed Patch Management by implementing and managing the patch management process across all networked devices and systems; Ensured timely updates and patches to mitigate vulnerabilities and maintain system integrity. Developed and maintained documentation related to patch management processes and schedules.Survived daily operation investigation while tuning and optimizing cybersecurity tools such as EDR, Microsoft Sentinel (SIEM), and Tenable for regular testing.Provided coaching, training, and problem-solving assistance to junior analysts.Oversaw security awareness campaigns ensuring 100% employee participation.Participated in all incident response tabletop exercises, business continuity/disaster recovery testing, and penetration tests to track the progress of identified remediations.Helped design, build, and coordinate the Vendor Risk Management function.Enforced adherence to regulatory compliances to protect data entrusted to vendors.Helped Leadership maintain risk management practices across multiple domains such as financial, business continuity, compliance, and information security.Translated business requirements for the product team and conducted peer reviews to ensure that specifications were correctly interpreted to adhere to policies and standards.Mentored and guided engineering/governance teams in support of day-to-day operations.Assessed security profiles for new or emerging technologies.Stayed up to date with emerging cybersecurity threats and vulnerabilities.Maintained detailed records of security incidents, investigations, and remediation actions.Provided advanced information security consultation for all aspects of information security compliance policy, risk management, and remediation plans.Coordinated asset management activities and third-party vendors to control risk.Helped leaders drive compliance of global business units with Continuity Management activities allied with IT Governance, Risk Management, and Compliance Programs.Assessed processes to identify gaps in business processes and assisted in the design and documenting processes to drive compliance according to business objectives.Collaborated with business teams across the organization to execute Business Continuity Management plans, extending processes as necessary to help business partners sustain confidentiality, availability, and integrity while managing risks to an acceptable level.Evaluated the state of Business Continuity (BC) and Disaster Recovery (DR)planning within assigned departments and helped facilitate the improvement and maintenance of the plans, considering best practices, industry standards, and critical focus areas.Implemented and maintained the Business Continuity Automated Notification system.Abbott Labs 02/11/2023-05/17/2023 - ContractorSecurity PCI Compliance AnalystExecuted Compliance plan dedicated to PCI data handling through the organization Collaborated with security teams to pinpoint and evaluate security requirements aligned with PCI compliance and supporting audits for SOC1, ISO 27001, and SOX.Educated and built awareness of PCI compliance requirements throughout the companyCoped with third-party risk management to ensure PCI compliance needs are being addressed and tracked appropriately by third-party vendors.Coordinated with legal teams to ensure the overall compliance landscape was well understood and the program captured a complete view of our PCI compliance needs.Contributes ideas and opinions to the internal audit team.Drafted/updated IT-related policies/procedures that govern auditing, compliance, and security across the enterprise.Ascension Health/ AMITA Health 05/2020-05/2022System AnalystMaintained and improved the BC/DR document repository.Identified changes required to improve BC/DR plans and validated those changes with live tests and tabletop exercises in various areas of the organization.Organized annual BC/DR Plan reviews to ensure necessary documentation was current.Collaborated with teams to ensure the plans were viable and met Internal Audit and regulatory compliance obligations.Executed automated documentation training for team members.Identified maturity options for the DR roadmap in coordination with other analysts.Collaborated with stakeholders to determine recovery point objectives (RPOs) and recovery time objectives (RTOs) for critical applications.Created and supported documentation for Business Continuity and Disaster Recovery procedures and determined escalation paths with the stakeholders.Developed and maintained BC/DR training programs for all departments and locations.Conducted periodic call notification tests with all departments.Maintained the BC Intranet and other communications channels and repositories.Provided inputs to the continuity management processes in developing controls needed to mitigate risks for applications that are not compliant with policies.Worked collaboratively to influence and socialize strategies, standards, policies, procedures, communications, and governance.Coordinated deployment and measurement of security awareness efforts across unitsAligned Associates individual goals with team goals.Served as subject matter expert, advising stakeholders on compliance with applicable frameworks ISO 22301, 27001, CIS, CSC, NIST, and NIST SP 800-53.AMITA Health -- Presence Health 08/2017-2020Security Engineer GovernanceResponsible for the timely resolution of Security incidents.Worked directly with the ServiceNow Strategy & Support team to monitor the overall performance of services and timelines for delivering the service packages.Served as a point of escalation for less experienced associates.Maintained the system operations following all regulatory requirements, primarily focusing on confidentiality, HITRUS, and HIPAA Security Regulations.Solved issues related to various IS Security domains: Disaster Recovery, Identity and Access Management, network/system security, system hardening, security principles, protocols, techniques, and technologies (e.g., TCP/IP, Web security, Access gateways, email security, network/system security, firewalls, identity management, Active Directory, group policies, threats investigations, packet analysis, etc.Created or implemented security standards, policies, and procedures.Planned and coordinated security activities to safeguard company assets.Participated in knowledge sharing with other associates and developed solutions.Helped develop and implement internal and external business security solutions.Collaborated with Senior engineers to configure new security technologies.First-hand contact for HR litigation issues (Release/admission).Led technology processes and procedures to be documented.Analyzed and evaluated Security operations issues to identify risks/opportunities.Configured new application security technologies with vendors.Communicated changes within the IT infrastructure to all affected parties proactively.Followed and documented strict testing and deployment methodologies for auditing.Troubleshooted all Security issues with clients to provide appropriate solutions.Managed Business Plan for Disaster recovery through Selm Catalyst (Cloud SaaS).Evaluated third-party vendors projects through a security checklist as part of the Security Governance Capacity, Configuration, and Architecture Management.Supervised the installation and maintenance of all security systems.Managed system capacity using monitoring tools and statistical analysis through researchCollaborated with teams to maintain and support the SOC 24/7.Presence Health 10/2016-08/2017Senior Information Security AnalystProvided IT recommendations to leaders and assisted in creating and revising policies for incoming event queues using security Event management tools (SIEM).Collected, analyzed, investigated, and reported on relevant Cyber threat intelligence or other actionable security information in collaboration with different departments.Resolved and created tickets on daily security issues coming to the SOC.Identified, categorized, prioritized, and investigated correlated events.Performed investigation and triage of events and incidents and escalated if necessary.Researched and provided technical expertise in the implementation of hardware/software.Collected Data and analyzed them to determine security needs accordingly.Tuned and optimized SIEM infrastructure to capture relevant/required security.Provided leadership, direction, coordination, and training to Junior technical staff.Researched and advised about unknown hardware and software vulnerabilities.Prepared reports and made presentations on internal investigations for losses, or violations of regulations, policies, and procedures.US Department VA Hospital Halfaker/ 05/15 10/2016Network AdministratorConfigured Cisco routers/switches/firewall rules via command line interface and incorporated them in the VA network according to network standards.Worked with multi-area OSPF, BGP, and MPLS environments.Established solid and secure site-to-site VPN connections via Cisco firewalls.Troubleshooted VPN Gateways connection and Citrix environment with Client.Manipulated Firewall rules Recertification or else upon security request.Decommissioned IP/Firewall security Rules according to requirements.Created and applied new ACL rules upon the Business partners request.Assisted in evaluating, configuring, and maintaining network security devices such as Cisco firewalls, VPN (Virtual Private Network), and ASA Cisco.Resolved several network security tickets daily.Used NOM, SolarWinds, and Splunk to monitor and analyze Network and security alerts.Participated in technical reviews and recommended solutions for improvements.Provided outstanding customer service for the hospital environment.Maintained updated documentation of network configurations and Systems diagrams.Motorola Solution, Inc. 01/2008-02/2014 - Customer Account ManagerProvided technical support as the primary interface for all government state clients.Investigated alerts through the IBM Tivoli Netcool system to validate technical tickets.Troubleshooted technical issues with onsite/offsite technicians.Coordinated/documented all networking incidents per business procedure.Managed Vendor/supplier relationships and negotiations.Resolved issues in multiple systems: Clarify C3 and Microsoft Outlook.Provided and maintained professional service to internal and external business clients.Served as internal auditor to screen other agents work against business standards.Used Clarify Database to manage tickets in all phases of their life cycle.Handled all return authorization (RMA) procedures for parts or equipment with vendors.Handled credit card transactions following PCI compliance.Responded to all French emails about technical/Business issues.Coordinated French Translation conferences with Senior Engineers, and vendors.Assisted Site Coordinator with French-speaking government clients visiting the site.Created an innovative process that increased the companys revenue to $50,000 annually.Tested and implemented new business processes.Coached less experienced team members.ENTREPRENEURIAL VENTURE:Business/Owner of BonnyM Investment LLC January 2023Successfully established an independent real estate business venture.Surmounted challenges to make the business fully operational within eight months.Acquired valuable skills in entrepreneurship and strategic decision-making.Manage propertys financial operations, including rent collection, invoicing/budgetingMonitor and analyze property expenses and income, identifying cost savings and revenue enhancement opportunities. Schedule and supervise contractors and maintenance staff as needed to address repair issues promptlyConduct regular inspections of units and common areas of buildings to identify maintenance needs and ensure compliance with safety standards. |