| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
EMAIL AVAILABLE https://LINKEDIN LINK AVAILABLEPHONE NUMBER AVAILABLE *USAPROFESSIONAL SUMMARYExperienced Governance Risk and Compliance (GRC) analyst with over six years in cybersecurity compliance and risk management. Expert in implementing NIST frameworks, enhancing security postures, and leading compliance audits across federal and private sectors. Skilled in developing robust security documentation and mentoring teams, with a proven track record of improving system efficiencies and securing critical information systems. Strong communicator, adept at delivering targeted security improvements and strategic advisement.CORE COMPETENCIESExperience on managing ISO 27001 controls, NIST 800-53, as well as sans-20 critical security controls.Risk assessment and vulnerability assessment, generating report and responding to critical and severity of vulnerabilities.Ability to review vulnerability scans and setting up remediation meeting to discuss security weaknesses and making recommendation for addressing and resolving security weaknesses.Experience in managing the vulnerability management team and chairing the vulnerability meeting. Run a biweekly vulnerability meeting to discuss vulnerabilities found in the network. The risk scorecard supports the remediation process.Experienced in the development of System Security Plans (SSP), Contingency Plans, security assessment plan (SAP), Incident Response Plans, and Gap analysis whilst implementing NIST 800 53 R4.Experience in working on Windows and Linux environment in processing data and information.Experience in conducting risk and information security assessment based on NIST 800-53A. Reviewing of assessment reports and making recommendation for the security weaknesses.Working knowledge of NIST series {800}60 v1&2, 18, 30, 53 rev4, 137, 115, 34,53A, 59 FIPS 199 & 200 and FISMA guideline to comply with federal and private agencies.Experienced in reviewing POA&M and ATO package to ensure compliance.Experience in the development of policies and procedures following NIST 800-53 control document.Ability to work under difficult and fast paced terrain and meet deadlines in required time frames.Maintain excellent working relationships with both internal and external customers using communication skills.EXPERIENCETAKE2 CONSULTING/BOOZ ALLEN HAMILTON Supporting the VA RemoteCyber Policy Requirements Analyst - Governance February 2024 - PRESENTCollaborated with Compliance and Information Security teams to provide internal control assessment, auditing, and monitoring, effectively contributing to risk management and mitigation efforts.Created External directives management tracker document and met with PowerBI team to identify improvements to data and organizations.Developed and implemented governance frameworks for managing external cybersecurity directives, ensuring compliance, and enhancing the VA's cybersecurity posture.Developed a cyber security management plan, Concept of operations, Directives management strategy and implementation plan to enhance compliance and streamline cybersecurity operations at the VA.Conducted comprehensive policy analysis to support the creation and maintenance of information security standards and procedures.Coordinated with the Information Security Policy and Compliance team to develop policies that meet external directive requirements.Reviewed OIG reports and collaborated with the Governance Analysis team on analytical reporting to identify and address compliance gaps and improve policy effectiveness.Analyzed performance data with the Analytics and Performance Management Committee to assess compliance and effectiveness of cybersecurity initiatives.Prepared and submitted weekly WAR (Weekly Activity Report) updates, detailing project status, progress, and challenges, while utilizing a Kanban board to manage and visualize task workflows efficiently.TRANSUNION RemoteSenior Security Analyst - Infosec, Governance February 2023 - February 2024Provided change management support and facilitated the development and tracking of Plans of Action and Milestones (POA&M) activities.Validated respective information system security plans to ensure NIST control requirements are met.Reviewed FedRAMP packages from various cloud service providers to support the assessment efforts for organizational information systems hosted in the cloud.Assisted in the Security Authorization (SA) and Continuous Monitoring (CM) process, following the Risk Management Framework (RMF) guidelines.Documented assessment results using compliance tools such as RSA Archer presenting findings and recommended mitigations in a standard report format.Updated and maintained testing templates and Standard Operating Procedures (SOP) in alignment with NIST guidelines.Performed vulnerability management and remediation using Tenable, ensuring adherence to security baselines and reducing risk exposure across IT assets.Provided weekly and ad hoc reports summarizing the adherence to agreed-upon schedules.Conducted assessments of IT General Controls (ITGC), including Access Control, Change Management, IT Operations, Disaster Recovery, and Job Management.Participated in ongoing meetings for systems undergoing the ATO (Authorization to Operate) process and the continuous monitoring of systems with full ATO.MEGATEK CONSULTING RemoteCyber Security Risk Analyst (Contract) September 2019 - January 2023Offered GRC support to the organization, conducting internal audits aligned with the Information Security Program and controls.Played a key role in annual SOC 2 Type II, PCI, and SOX audits; contributed to security policy development; and maintained security awareness training materials.Conducted comprehensive assessments of third-party vendors, reviewing vendor contracts, security policies, and procedures to evaluate cybersecurity posture and identify potential risks.Generated detailed security reports and compliance metrics from MS Defender, aligning findings with NIST and STIG cybersecurity standards.Initiated quarterly penetration tests and ASV vulnerability scans, meticulously analyzing results and proactively remediating any findings to enhance security posture and ensure PCI compliance.Applied cybersecurity baselines based on NIST and STIG guidelines to strengthen organizational security posture, utilizing tools like BigFix for continuous monitoring and compliance.Utilized Archer tool to categorize third-party vendors based on service nature, access to sensitive data, and criticality to business operations.Produced insightful reporting and management information based on GRC monitoring activities, including metrics and KPIs, to track security program effectiveness and report on risk to relevant stakeholders.UNISYS AT DEPARTMENT OF HOMELAND SECURITY (DHS-CBP)-CONTRACTOR RemoteInformation System Security Analyst June 2018 - August 2019Prepared and produced e-authentication artifact identifying the appropriate authentication mechanism base on risk level (single or multifactor) referencing SP 800-63.Selected and drafted security control baseline in accordance with DHS-4300A and FIPS 200.Prepared security Assessment and Authorization (A&A) documentation including system security plan (SSP), Security Test and Evaluation (ST&E), Security Assessment Report (SAR), Contingency Plan (CP) and other artifacts required for the ATO package.Monitored and conducted Security Control Assessment to ensure all controls meet security requirements as stipulated in the SSP and NIST SP 800-53A Rev4.Provided management and Ongoing Authorization (OA) Compliance Support to include Risk Management Framework (RMF) and FISMA compliance, Security Release management, Security Authorization and OA, and DHS policy Directives and Cyber Orders.Participated in Change Control Board (CCB) briefings/meetings with all senior management.EDUCATIONUNIVERSITY OF MARYLAND GLOBAL CAMPUS, College Park, MarylandB.S., AccountingInfoSec Train - Payment Card Industry Security Standards (PCI-DSS) TrainingYour IT Career Academy-IT Audit Fundamentals TrainingCERTIFICATIONSCompTIA Security+Certified Scrum MasterCertified in Governance Risk and Compliance (CGRC) in progress.TECHNICAL AND SOFT SKILLSRetina Network Security Scanner Metasploit Nessus CSAM eMASS IACS(XACTA) Splunk Web Inspect Jira Kanban Board CoupaSAP ERP Applications Tableau Excel Power BI Confluence SharePoint Kenna MS Office RSA Archer (GRC toolset) Service Now Security & Compliance Assessments GRC Metrics & KPIs Remedy Jira Information Security Strong attention to detail Risk Management and AssessmentsRegulatory Compliance Analytical Skills Problem Solving Data Analysis Strong Project Management Critical Thinking Diligent HighBond Excellent Verbal and Written Communication Detail-Oriented Adaptive LearningAFFILIATIONSISC2 - Member since 2022Member of Simply Cyber community since 2023 |
