- Information Security Professional with 5+ years of experience in IT compliance, vulnerability assessments and management. system Security Monitoring and Auditing, Audit engagements, Testing of Information Technology controls and developing Security policies, procedures and guidelines
AREAS OF EXPERTISE
- Information Security
- Risk Assessment
- Vulnerability Assessment
- Information Technology
- Network Security
- NIST SP 800 - 53 and 53A Revision 4 guidelines
- Information Assurance
- COSO/COBIT/SOX 404/ASA-70/SOC
- GAAP/ GAAS
- FISMA /NIST 800-53/FISCAM/FIPS/STIG/ISO 17779
- Microsoft Office Suite (Excel, Word, PowerPoint, Access, Outlook), Nessus, Anti-Virus Tools, WireShark, Snort, Great Plains Microsoft Dynamics, Donovan System, SAP, IBM Mainframe, PeopleSoft.
Information Security Analyst
- Deep Knowledge in System Security Monitoring, Audit and Evaluation, Risk Assessment, Security controls selections and testing
- Expert in creating security document and artifact (Test Plan, POA&M, Corrective Actions, Risk Acceptance, SAP, ROE, SIA and SAR)
- Independently conducts analysis of bi-weekly app scan vulnerability finding
- Updating FISMA documentation and managing deliverables
- Ability to learn and adapt to changes
- Team player and work well with people of all levels.
IT Security Analyst
- Documented and reviewed System Security Plan (SSP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), Authorization to operate letters (ATO).
- Assisted with review of policy, security alerts, guidance, regulations and technical advances in IT Security Management
- Utilized processes within the Security Assessment and Authorization environment such as system security categorization, review of security and contingency plans, security testing and evaluation, system accreditation and continuous monitoring.
- Performed impact analysis and risk assessment on security plans.
- Performed Vulnerability Assessment making sure that risks are assessed, evaluated and a proper action has been taken to limit their impact on the information and information systems
- Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
- Created reports detailing identified vulnerabilities and the steps to remediate them
- Collected, reviewed and analysed audit logs for anomalies
Audit Support Analyst
- Established schedules and deadlines for assessment activities.
- Participated in multiple projects and reviews concurrently ensuring quality deliverables, managed expectations and timely results.
- Identified vulnerabilities, recommend corrective measures and ensured the adequacy of existing information security controls.
- Assist in analyzing all critical systems, developing reports to document system vulnerabilities, and recommending appropriate solutions. Information security system policies, plans, and baselines were developed and reviewed.
- Provided security expertise and guidance in support of security assessments.
- Reviewed authorization documentation for completeness and accuracy for compliance.
- Ensured cyber security policies are adhered to and that required controls are implemented and facilitated continuous monitoring system.
- Continuous monitoring and assessment for compliance.
- Assisted in the review of policies, security alerts, guidance, regulations and technical advances in IT Security Management.
Internal Audit Intern
- Performed walkthroughs with clients and documented the discussion
- Assisted in identifying risks, controls, and test steps and helped in preparing the risk matrix and list of items to request from clients to perform substantive tests and inputting risk matrix into audit system (STARS)
- Performed reconciliation of hedge population and flow through suspense accounts
- Reviewed and evaluated services agreements processes were in compliance with accepted company procedures