PERSONAL PROFILE:

I am an IT Security Analyst with detailed knowledge of security tools, technologies and best practices, especially in HIPAA, HITECK, FISMA, NIST, FedRAMP, PCI - DSS, COSO, GLBA and SOX 404. I value to contribute to support organization protect and secure their information systems. I have more than four (4) years of experience in system security Risk Assessment, Auditing, Certification and Accreditation (C&A) and very conversant with Governance, Risk and Compliance (GRC) tools

SUMMARY:

• Perform Certification and Accreditation (C&A) and Risk Assessment.
• I help develop Risk Management Frameworks, and conduct Third Party/ Vendor Risk Assessments, and auditing IT controls.
• Review and evaluated System Security Plan based on Confidential Special Publications.
• Develop remediation plans to solve identified security gaps.
• I work with Frameworks and Standards like SOX 404, COSO, ISO 27001, FISMA, FedRAMP, HIPAA, and PCI-DSS.
• Test information technology controls and develop security policies, procedures and guidelines.
• Manage system security policies with SonicWall Firewall and Active Directory.

TECHNICAL SKILL:

• Windows Server 2008, 2012 Active Directory.
• PowerShell scripting DNS/ DHCP Backup Technologies (Veeam).
• Nmap, Nessus, Splunk
• Anti-Virus (Experience with Kaspersky Security Center, F Secure, Avast)
• Virtualization (VMware)
• Systems Management tools, Firewalls (SonicWall, Cisco)
• Desktop Management
• Setup, troubleshoot, and fix PC’s (Workstation, Laptops, and Printers) vSphere 5.0, Splunk
• Net extender

OTHER SKILLS:

• I have in-debt experience in windows, Linux and Mac
• Broad knowledge on cloud computing security and Web Application Firewalls (WAF).
• Abreast with web application scanning and penetration testing, utilizing White Hat tools
• Well-informed on DOS and DDOS protection and how attacks are orchestrated.
• Ability to work under pressure with or without supervision.
• Demonstrate a high level of diplomacy and professionalism at all times.
• Fast learner with a genuine desire to learn new software and systems to make a great impact in the organization I work with.
• Ability to adapt to new environments with strong analytical and organizational skills.
• Ability to multitask and able to work independently or with a team.
• Strong verbal communication and in technical writing skill.

PROFESSIONAL EXPERIENCE:

Confidential

Information Security Analyst

Responsibilities:

• Designed and implemented guidelines required for providing public and private services to meet FedRAMP guidelines and compliant based on the Confidential SP 800-171 and Confidential SP 800-53 and recommendation.
• Assign user and vendors on the network and application permission in accordance with IT procedures and FedRAMP requirements.
• Test information technology controls and develop security policies, procedures and guidelines.
• Install, configure, and manage Network Security firewall (SonicWALL) supporting both data center and corporate office.
• Administrator updates for deployed software packages for laptops and desktops users in the organization with (PDQ Deploy and Inventory).
• Troubleshoot and perform disaster recoveries for windows server 2008 and 2012 as well as assisting with backing up data and transferring of data through FTP.
• Manage corporate Active Directory and virtual desktops. Test and configure Software and Hardware and Operating System.
• Run security scans on the systems periodically to identify vulnerabilities in the system.
• Coordinate with ISSO periodically to discuss new trends and findings, seek his endorsement to implement Plan of Actions and Milestones.

Confidential

Information Security Analyst

Responsibilities:

• Evaluate security control test plans and conducts detail security assessments of information systems that evaluate compliance of administrative, physical, technical, and organizational policies safeguards in order to maintain HIPAA compliance base on the Office of Civil Right (OCR) protocol, NIST SP 800-66 Rev1 and security controls (NIST SP 800-53).
• Audit major applications within health systems and assess control gaps.
• Develop HIPAA compliance report, document auditing findings and develop corrective action plans or a POA&M for the system as needed.
• Perform penetration testing and ethical hacking exercises on the systems network, checking for vulnerabilities and document my findings.
• Develop matrix for tracking and documenting system vulnerabilities and inventories.
• Organize training for employees highlighting dangers of phishing and other attacks and their effects on the organization.
• Orchestrate system back-up and storing of data.
• Pro-actively engage in research and system vulnerabilities and recommend countermeasures or mitigating controls to reduce risk to an acceptable or manageable level.
• Provided Technical support for older Windows Operating Systems on the network.

Confidential

Responsibilities:

• Scan Data Center asserts and keep inventory of all assert.
• Update existing inventory of assets.
• Coordinate with team leader for accuracy

Confidential

IT Security Analyst

Responsibilities:

• Communicate and facilitate the requirements for security risk assessments for both custom developed and third-party applications.
• Identify and communicate application control deficiencies and the associated risks.
• As part of a team, develop the technology risk matrix to highlight areas of high risk for each of the SOX applications.
• Develop action plans and recommends alternate solutions to resolve exceptions to standard operating procedures.
• Provide security consulting and advisory services to business units and project teams. Review and test SOX Financial controls for compliance.
• Develops and maintains relationships with internal and external customers to formulate information security governance solutions.
• Researches and maintains knowledge base regarding information security issues, solutions and potential implications.
• Supports requirements gathering and design efforts of critical projects as needed. Responsible for implementing and maintaining a continuous process improvement work environment while executing security risk assessments in accordance with industry standards and best practices.

Confidential

Information Assurance Analyst

Responsibilities:

• Met with the IT team to gather evidence, develop Test Plans, Testing Procedures and document test results.
• Assisted System Owners and ISSO in preparing C&A package for the organizations’ IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by Confidential SP 800-53.
• Described systems and categorize its C.I.A using FIPS 199 and Confidential SP 800-60 Analyzed and update System Security Pan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M) Conducted Vulnerability Assessment. Corresponds with the Office of Management and Budget (OMB).
• Make sure that risks are assessed, evaluated and proper actions have been taken to limit their impact on the Information and Information Systems

Confidential

Cyber Security Analyst

Responsibilities:

• Conducted the IT risk assessment and document the system security keys controls Met with IT team to gather evidence, develop test plans, testing procedures and document test results and exceptions.
• Conducted walk-throughs, formulate test plans, test results and develop remediation plans for each area of the testing.
• Prepared and completes associated remediation action plans; assisting with resolving problems; identifying trends; determining system improvements and driving needed change.
• Recorded system security plan information on the e-Governance, Risk and Compliance application to promote and develop security strategies; directing system control development and access management, monitoring, control, and evaluation.
• Planned development to include assessment and understanding of system safeguards, security provisioning and disaster preparedness and test plans.
• Participated in the SOX testing of the General Computer Controls Developed a Business Continuity Plan and relationship with outsourced vendors.

Confidential

System Administrator

Responsibilities:

• Resolve System Administration-related solutions for various projects and operational needs. Both on site and remotely.
• Install new or rebuild existing servers and configure hardware, peripherals, services, settings, directories and storages in accordance with standards and operational requirements.
• Install and configure systems such as supporting GIS infrastructure applications or Asset Management applications.
• Perform periodic performance reporting to support capacity planning, develop and maintain installation and configuration procedures.
• Contribute to and maintain system standards.
• Research and recommend innovative, and where possible automated approaches for system administration tasks.
• Perform daily backup operations, ensuring all required file systems and system data are successfully backed up to the appropriate media, recovery tapes or disks are created, and media is recycled and sent off site as necessary.
• Identify approaches that leverage our resources and provide economies of scale.
• Create, change, and delete user accounts per request.
• Perform daily system monitoring, verifying the integrity and availability of all hardware, server resources, systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs such as backups.
• Perform regular file archival and purge as necessary.
• Perform regular security monitoring to identify any possible intrusions.
• Provide Tier III/other support per request from various constituencies. Investigate and troubleshoot issues.
• Repair and recover from hardware or software failures. Coordinate and communicate with impacted constituencies.
• Apply OS patches and upgrades on a regular basis, and upgrade administrative tools and utilities. Configure / add new services as necessary.
• Maintain data center environment and monitoring equipment.
• Upgrade and configure system software that supports GIS infrastructure applications or Asset Management applications per project or operational needs.
• Maintain operational, configuration, or other procedures.
• Perform ongoing performance tuning, hardware upgrades, and resource optimization as required. Configure CPU, memory, and disk partitions as required.