SUMMARY:

• Seeking an Information System analyst or Information Assurance position in a growth oriented organization, with focus on Sarbanes - Oxley 404, system security monitoring and security; risk assessments; audit engagements, testing information technology controls and developing security policies, procedures and guidelines.
• Results and detailed oriented senior Information systems security professional with +4 years of experience.
• With High expertise in risk assessment and Confidential compliancy, by implementing and enhancing key information security objectives and control frameworks to maximize productivity.
• Skilled in providing effective leadership and corporate productivity in fast-paced deadline-driven environments.
• Capable of deploying and monitoring risk management, compliance and information security programs as IT disaster recovery coordinator.
• Outstanding presentation and communication skills, with a understanding in business requirements to maximize revenues and profits.
• Execute critical risk and business assessments and continuity and recovery management plans while addressing security and business continuity concerns in a professional manner.
• Conduct network vulnerability assessments using tools and to determine and evaluate attack vectors, manage SIEM infrastructure, and implement POA&M management.
• Coordinate with third parties to perform vulnerability tests and create security authorization agreements and standards, and balance risk mitigation with business needs.
• Research new development, updates and breakthroughs in IT security in order to recommend, develop and implement new security policies, standards and procedures to my corporation.

CORE COMPETENCIES:

• Network security project management vulnerability scanning penetration testing
• POA&M management
• IDS and IPS tools
• Risk assessment and risk management
• Configuration management
• Disaster recovery plan experience
• System development life cycle

PROFESSIONAL EXPERIENCE:

Internal auditor

Confidential, Silver Spring, Maryland

Responsibilities:

• Set up and give presentations
• Receptionist at office and telemarketer
• High Potential Employee Award. Completed several months of Leadership training.
• Report directly to the Vice President of Internal Audit with goals of enhancing business practices, providing assurance on governance, risk management and internal controls while utilizing a Risk Based approach.
• Implement the internal auditing methodology for Confidential division (a US $1.3B company) while working closely with the divisional Head of Internal Audit (HIA), the Group Head of Internal Audit (GHIA), Co-sourced and external auditors.
• Work with the VP, Internal Audit to ensure the audit work program of the Internal Audit (IA) department aligns with overall goals and objectives of the organization, to include performing; Forensic audits and Fraud investigations which mitigated potential company losses.
• Manage, develop and execute the Risk Assessment Process resulting in the annual Audit Plan.
• Develop, lead and implement annual Audit Plans while creating standard order processes for determination of audit rotation based on high risk areas, compliance requirements, key business processes, and contractual requirements .

IT Security Analyst

Confidential, Washington, DC

Responsibilities:

• Conducted a kick off meeting in order to categorize Confidential 's systems according to Confidential requirements or Low, Moderate or High system
• Developed a security baseline controls and test plan that was used to assess implemented security controls
• Conducted a security control assessment to assess the adequacy of management, operational privacy, and technical security controls implemented. A Security Assessment Report (SAR) was developed detailing the results of the assessment along with plan of action and milestones (POA&M)
• Assisted in the development of rules of engagement documentation in order to facilitate the scanning of Confidential network, applications and databases for vulnerabilities
• Developed a risk assessment report. This report identified threats and vulnerabilities applicable to FNAGB systems. In addition, it also evaluates the likelihood that vulnerability can be exploited, assesses the impact associated with these threats and vulnerabilities, and identified the overall risk level
• Assisted in the development of an Information Security Continuous Monitoring Strategy to help Confidential in maintaining an ongoing awareness of information security (Ensure effectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions
• Led in the development of Privacy Threshold Analysis (PTA), and Privacy Impact Analysis (PIA) by working closely with the Information System Security Officers (ISSOs), the System Owner, the Information Owners and the Privacy Act Officer
• Developed an E-Authentication report to provide technical guidance in the implementation of electronic authentication (e-authentication)
• Developed a system security plan to provide an overview of information system security requirements and describe the controls in place or planned by Confidential to meet those requirements for Confidential compliance