Cyber Security Professional with extensive experience in all aspects of Cloud Security and Compliance, Cyber Security Strategy, Governance Risk and compliance, IT and Cyber Security Audit, Enterprise Cyber Security Risk Management, (Vendor Risk Management) Regulatory Compliance, Change Management. Possess strong analytical skills to solve problems quickly and add value to stakeholder relationships, both internal and external to an organization.
PROFESSIONAL WORK EXPERIENCE:
Confidential, Atlanta, GA
Lead, Cyber Security Strategy, GRC
- Serve as a technical subject matter (SME) on cyber security/systems security matters. Interpret and implement security policies requirements to ensure confidentiality, integrity, availability of information system.
- Develop and implement cyber program, and info sec policy, standards, procedure/and guidelines per best practice/Industry Standard
- Lead self - assessment activities against best practice and develop recommendations for remediating, create risk acceptance/Exception & gaps analysis. Conduct and/or coordinate IT security risk assessments for technology and security frameworks such NIST-CSF
- Perform organizations compliance regulatory requirements, such as GDPR, NYDFS, PCI-DSS, SWIFT, CIS etc.
- Lead SunTrust’s Client Share Assessment program-perform vendor assessment, Design and administer 3rd party questionnaire, conducted onsite assessment and answered client request questionnaire enquiring into Confidential security posture
Senior Cybersecurity Analyst
- Managed and facilitated Self - Annual Assessment (NIST SP A): Performed IT risk assessment to identify system threats, vulnerabilities, and risks. Developed risk assessment reports; identifying threats, and vulnerabilities applicable to the system
- Performed Vulnerability Assessment making sure risks are assessed, evaluated and a proper action taken to limit their impact on the information systems
- Performed patch management as part of remediation process, and applied required security patches within NIST and enterprise guidelines
- Evaluated the likelihood that vulnerabilities would be exploited and assess the impact associated with this threat and vulnerabilities
- Prepared recommendation reports that are made available to system owners to remediate identified vulnerabilities during the risk assessment process
IT Auditor, Risk & Assurance.
- Performed IT SOX compliance audits for public and private entities as well as SOC 1 Type 2 reviews using COBIT and COSO frameworks
- Audited SME for PCI security compliance, HIPAA testing for regulated entities, DLP, and SSAE 16 SOC1 technology controls
- Participated in patch management and vulnerability remediation process. Such gap analysis, and track deficiencies and review for systemic risk
- Assessed scope of security issues and developed best practice approaches to remediate or mitigate and provide quality assurance to ensure risks are scoped and assessed appropriately
- Performed cyber security risks assessment through remediation & recovery and audit risk assessments leveraging continuous monitoring to assess IT inherent and residual risks
Confidential, Dallas, Texas
Associate Security Engineer
- Developed knowledge of Active Directory structures. Managed and troubleshooted all Active Directory s services, events and errors
- Performed access provisioning: IAM, Privileged User Management, Public Key Infrastructure and management
- Provided assistance with application and network Access Control, implemented IDS/IPS Solutions and Authentication solutions
- Implemented technical security controls and technologies (e.g. DLP, IDS, IPS and Application Firewalls, Antivirus and Anti-malware
- Experienced with security Information and Event Management (SIEM) experience configuring, deploying, and maintaining Splunk
- Participated in the Information Security strategy, technology control process strategy, security compliance, DLP, and internal ITGCs
- Worked closely with the IT organization as a SME for the protection of client health information and PII to ensure adherence to policies, procedures, and legal/regulatory requirements
- Initiated, facilitated, and promoted activities to raise Information Security awareness within the organization
- Collected and examined records as a part of IT compliance testing strategies to compile evidence of compliance with IT operations standards