SUMMARY

• Interested in Remote opportunities in Security Compliance, Governance and Risk Management or Business Continuity Planning.
• An extensive background in Security Compliance and Risk Management poises me to take on demanding challenges that organizations are facing.
• Given the risks associated with Ransomware, I am very interested in helping organizations with their Business Continuity Planning, Third Party/Vendor Risk Assessments and improving their overall security posture.
• Also offering my expertise in a Freelance or a Consulting role. Given the various challenges of meeting Compliance requirements in a heightened Regulatory landscape, I am interested in helping organizations manage risks in a proactive and positive manner.
• Security Risk Management should not be disruptive to one's business but instead should aim to be seamless and become business as usual thus, balancing the importance of managing risks with the importance of a highly productive business environment.
• Areas of interest are the Energy Sector ensuring CIP Compliance, Healthcare Sector ensuring HIPAA Security Compliance, Federal Government Sector ensuring FISMA Compliance and other information security compliance related Management, Analysis, Audit or BCP functions for GDPR, CCPA, SOX, NIST 800 series (CSF and RMF) and the upcoming CMMC.

PROFESSIONAL EXPERIENCE

Confidential - Westford, MA

Security Compliance Analyst

Responsibilities:

• Responsible for Security Compliance for SOX ITGC and serve as the liaison to the External Auditors collecting required evidence for testing controls.
• Responsible for continuous GDPR Compliance conducting annual Data Inventory Updates, Risk Ratings and Data Mapping using TrustArc. Work closely with Legal Team to accomplish this.
• Responsible for ensuring IT Security compliance with upcoming CCPA regulation working closely with Legal Team
• Conduct Third Party Risk Assessments both onsite and offsite
• Review Third Party/Vendor Security Questionnaires and provide feedback to legal as part of vendor vetting process
• Reviewed SOC 2 Type 2 Reports from Third Parties as part of Risk Assessment process
• Coordinate and answer RFPs regarding Security and Privacy practices of Confidential
• Responsible for Development and Updates to Information Security Policies
• Oversaw Security Awareness and Training to include conducting quarterly Phishing Campaigns using KnowBe4 and Annual Security Awareness Training
• Participated in Change Management Review Board meetings as a delegate for Security Compliance topics and to address potential risks

Confidential

Sr. Information Security Analyst

Responsibilities:

• Member of the Information Security Risk Management and Compliance Team where I served as a SME to help identify and manage security risks for the organization and meet HIPAA, GLBA, SOX and PCI Compliance
• Responsible for all Information Security Policies which included Policy Development, Annual Reviews and Updates and established policy committee as needed for additional subject matter expertise input.
• Conducted Policy Gap Assessment against ISO 27001/2 Controls, HIPAA Security Rule, and SOX Security Requirements
• Developed the initial SDLC Security requirements for all funded projects (Both Waterfall and Agile Project Methodology)
• Acted as lead team representative and SME regarding Security Controls and Approvals in the SDLC Process
• Developed Contract Language for Procurement to use in Third Party/Vendor Contracts to ensure Compliance with Security Requirements, Policies and Procedures
• Performed both onsite and offsite Risk Assessments and Audits of Third Party Security Controls to ensure Compliance with HIPAA, SOX and Corporate Policies and Contractual requirements
• Assisted in Evidence Collection for the various Auditors who audited our organization’s information security
• Served as a SME and liaison for the Texas DOI Auditors accompanying them to our facilities in Maryland and Virginia as part of their State DOI Audit.
• Developed Vendor Risk Assessment Questionnaire as a precursor to the eventual purchased Vendor Risk Assessment Software i.e. Archer
• Coordinated and assisted with the completion of RFP’s, SigLite and other Security Questionnaires for the external assessments of us by Third Parties
• Developed Information Security and Risk Management Annual Training documentation
• Worked with Legal Team in assessing security risks and proposed mitigation strategies and solutions
• Worked with Legal Team in support of Breach Notification Process
• Assisted in Gap Assessments of acquired companies and implementation of security compliance upon completion of acquisition
• Developed Monthly Security Spotlights for our Privacy and Security Spotlight Newsletter that we used to raise security and privacy awareness on new threats, risks, best practices etc.
• Established and co-led Task Force with Enterprise Architecture Team and Web Application Development Team to develop Security Standards for Web Applications
• Recommended specific risk mitigation solutions to management regarding vulnerability assessment report findings and/or audit findings, etc.… based on risk ranking and utilizing my HIPAA and other Security Compliance expertise and knowledge
• Mentored team members and others in Information Security and Risk Management topics

Confidential - Pittsburgh, PA

Information Security Policy and Compliance Specialist

Responsibilities:

• Developed and Updated Information Security Policies
• Co-Coordinator of the Inaugural Cyber Security Awareness Conference
• Helped raise awareness regarding security best practices and policies
• Helped raise awareness regarding security threats
• Helped our team ensure security and privacy compliance with FERPA
• Performed HIPAA Compliance Risk Assessment of Student Health Center
• Assisted in Incident Response Notification Process
• Worked with Legal Team for Security and Compliance purposes