PROFESSIONAL EXPERIENCE:

Confidential

IT Security Specialist II

• Lead and governance for Information Security risk processes across the state’s agencies.
• Perform risk assessments, gap analysis and overall security controls guidance around security standards like NIST SP Rev. 4, NIST, PCI DSS, FTI, FERPA, CJIS, IRS Pub 1075, HIPAA and FedRAMP to ensure compliance is met with the applicable Federal and States standards.
• Ongoing continuous monitoring to ensure key program requirements are being met through analysis of assessment results, metrics and data.
• Perform assessments and set overall direction for maintaining compliance to policies and regulations.
• Perform periodic/ad - hoc reviews or testing to determine if program is operating as designed.
• Track compliance requirements and provide overview of latest status to senior management on an ongoing basis.
• Extensive knowledge in developing, documenting, validating and maintaining security artifacts, policies, processes, procedures and standards.
• Deliver technical supports on complex projects and ability to work with all levels within the organization to attain solutions to problems of high complexity.
• Perform vulnerability scanning using Nessus and Security Center.
• Work effectively on all phases of IT systems analysis and assessments with minimal to no supervision
• Develop System Security Plan (SSPs), Plan of Action and Milestones (POA&M)/Corrective Action Plan (CAP), and other system documentations.
• Experience with GRC tools, IBM OpenPages, RSA Archer, ServiceNow and SIEM tools like QRadar and SPLUNK.
• Review and validate system BCP, COOP and DR plans.
• Working knowledge of MS Outlook, O365 and Microsoft Office Suite (Excel, Word, and PowerPoint).
• Familiar with cryptography, encryption, anti-malware solutions, automated policy compliance and desktop security tools.

Confidential

Lead Security Control Assessor

• Extensive knowledge of security controls and working across an organization to implement and validate controls.
• Lead compliance program/project initiatives, audits and benchmarking of security policies against best practices and standards, which may include ISO 27001, FISMA, NIST, and other NIST special publications.
• Measured and reported appropriate metrics to measure the monitoring program to related process.
• Researched and recommended changes to enhance or streamline information security procedures.
• Act as a liaison between 3rd party assessors and internal teams.
• Developed and maintain productive relationships with Business, IT staff and management through individual contact and group meetings.
• Provided recommendation and guided customers on information security and privacy solutions to address complex and emerging information security and privacy issues.
• Worked effectively on all phases of IT systems analysis and assessments with minimal guidance.
• Define, implement, and manage policies, procedures, and solutions that mitigate risk and maximize Confidentiality, Integrity, and availability (CIA) of the information systems.
• Reviewed security architectures, develop and guide solutions that integrate information security requirements to proactively protect organization data.
• In depth knowledge of FISMA, Authorization and Accreditation process to validate security controls effectiveness.
• Experience with data privacy and protection.
• Specialized in the Risk Management Framework (RMF) and conduct risk assessments.
• Provided recommended mitigations and countermeasures to address risks, vulnerabilities and threats.
• Working knowledge of FedRAMP cloud external audits and compliance processes.
• Experience with Security Center, Burp Suite, RSA Archer, Splunk, WebInspect, McAfee DLP and Symantec DLP.

Confidential

Info Security Risk Specialist

• Led audit assessment results and security compliance checks, Pen Testing results and vulnerability scans.
• Guided systems/applications by performing security assessment and tracking systems progress against systems/applications plan and compliance requirements.
• Evaluated and enhanced organization processes to support the continuing compliance of required systems/applications.
• Excellent verbal and written communication skills.
• Interacted with appropriate stakeholders to demonstrate reports are in compliant to their requirements.
• Led analysis, documentation, and training of remediation actions in response to audit findings.
• Coordinated and facilitated meetings necessary to support technical and business needs related to security and compliance to support relevant vendors.
• Manage security awareness programs, communications and training for both internal staff and external vendors.
• Assessed information systems against applicable Frameworks and support the Global Business Services.
• Performed internal and external security and privacy audits and assessments.
• Knowledge of RSA Archer, QRadar, Tanium, SiteMinder, Xacta and Microsoft products.
• Conducted risk assessments, vulnerability scanning and reporting analysis.
• Led projects of moderate to high complexity and provide complex analysis, reporting, and assessments at the functional or enterprise level.
• Experience working with Intrusion Detection Systems and Intrusion Prevention Systems.
• Developed POA&Ms and mitigation/remediation strategies using automated and manual tools.
• Experience with FISMA compliance and NIST SP security standards.