We provide IT Staff Augmentation Services!

Sr. Cybersecurity/compliance Analyst Resume

SUMMARY

  • A Security Assessment and Authorization (SA&A) professional knowledgeable in Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), and Vulnerability Management using FISMA, and applicable NIST standards and adaptations.
  • Detail oriented professional with firm foundation and experience in planning, executing and managing client engagements and projects.
  • Independent self - starter and a team leader fostering collaborative efforts toward achieving goals.
  • Strong critical thinking, problem solving, and time management skills with proven success at handling multiple responsibilities and projects.
  • Proven success at clearly communicating project objectives, findings and recommendations both verbally and in writing.
  • 10+ years working experience and background in Cybersecurity, Cloud security, IT Audit, Information Systems Security, Vulnerability Assessment, Information Assurance, Privacy, Systems Development Life Cycle, and Risk Assessment.
  • Proficient with COBIT, FISCAM, NIST, ISO, OMB Circular A-123, Internal Control, Internal Audit, Audit Readiness, ERP security control reviews, GRC, Attestation Engagements-SAS70/SSAE 16, IAM/IDM Access Management Strategies, HIPAA and HITECH Compliance, Data Analysis, and Application Integrity.
  • Wide-ranging knowledge of audit/assessment of IT Infrastructures; Operating Systems, Databases, Network devices and concurrent cybersecurity trends.

TECHNICAL SKILLS

  • IT Governance, IT Management, Risk Management, IS Audit, IT Risk Evaluation, IT Compliance, Access Management, IT Security, Identity Management
  • SDLC, Categorization of Information Systems, Information Systems Authorization, Security Control Implementation, Risk Management Framework (RMF)
  • Selection of Security Controls, Security Control Assessment, Network Security, ITGC/Application controls Audit, SOX Compliance, SSAE16 Report, COSO
  • COBIT, FISCAM, Cloud, SharePoint, MS Office suits (Word, Excel, Outlook, Visio, Power Point and access) Internal Audit, Data Analysis, Vulnerability Assessment, NIST.

PROFESSIONAL EXPERIENCE

Confidential

Sr. Cybersecurity/Compliance Analyst

Responsibilities:

  • Perform Security Assessment and Accreditation (SA&A) process for multiple systems requiring an Authorization to Operate (ATO).
  • Conduct kick-off meetings with system personnel and stakeholders and Interface with Subject Matter Experts (SMEs) throughout the SA&A process.
  • Categorize system levels using FIPS 199/200/NIST 800-60.
  • As a SME, coordinated remediation efforts of vulnerabilities discovered on the Wide Area Network General Support Systems (WAN GSS).
  • Apply in-depth knowledge of NIST SP 800-53 and NIST SP 800-37 to perform detailed security assessments of all FISMA-categorized information systems.
  • Analyzed and updated Business Impact Analyses (BIAs), Privacy Threshold Analyses (PTAs) / Privacy Impact Assessment (PIA), System Security Plans (SSPs), Security Assessment Report (SARs) / Vulnerability Assessment Reports (VARs), and Plan of Action and Milestones (POA&Ms).
  • Liaise with the Cybersecurity Compliance office to properly vet all deliverables submission to the Authorizing Official (AO).
  • Assist Program Management team in the delivery of multiple ATO packages and managing extended ATO's due to exceptions and waivers ignited by open POA&M's.
  • Support designated Cybersecurity priorities advanced by evolving Compliance needs.
  • Participate in Continuous Monitoring activities and initiatives.
  • Provide recommendations to the organization/client to help balance cyber risks and business needs.
  • Scope and tailor security controls for moderate and high systems using NIST SP-800 53 Revision 4 and applicable control overlays.
  • Support remediation of findings by providing recommendations for fixing findings documented in the Security Assessment Report (SAR).
  • Request and review vulnerability scans and STIG checklist and ensure that open findings/ vulnerabilities are properly documented on POA&M or remediated immediately.
  • Partakes in agency Application Tower Meetings.
  • Lead, supervise, evaluate and delegate tasks to junior analysts.
  • Develop content for security plans, test plans, waivers, POA&Ms, ATOs, SIAs, SARs, IT Contingency plans, BIAs, change management documentations etc.

Confidential

Sr. IT Auditor/ Global Security Risk and Compliance Analyst

Responsibilities:

  • Liaised with internal and external auditors, coordinated audit timing, findings remediation, engaged issue owners and managed SOX GITCs monthly reporting.
  • Updated Senior Management and other stakeholders about identified risks and opportunities for improvement within control environment.
  • Reported on status of all audit activities (Internal & SOX) to management. Tracked remediation activities for all findings (POA&M) and reported metrics for audit activity used for executive reporting.
  • Worked with management to define and prioritize remediation. Tracked remediation activities and provided remediation guidance, inspected/validated implemented solutions where applicable.
  • Accept/refute reported findings by auditors per relevance, and drove findings’ consolidation where appropriate.
  • Developed contents for Archer GRC Design, Build, Testing and user Training. Supervised UAT.
  • Served as a subject matter expert on various special projects, risk assessments, and initiatives within the organization as delegated.
  • Administered gap analysis with senior management to aid decision making process.
  • Updated IT security policies, procedures, standards, guidelines and security requirements.
  • Performed vendors’ due diligence. Managed third-party security risk assessments.
  • Provided projects security assessments; authenticated security controls, data classifications (Tier Categorizations), security requirements, and toll gate validations for business projects prior to all clear to go-live.
  • Verified applicable information security essentials- SSAE16 (SOC 1 and 2 reports), ISO 27001, Pen test and vulnerability assessment reports, FISMA compliance etc. to validate vendors reliability.
  • Kept internal and external auditors up-to-date with status of findings and remediation, including closed findings.
  • Assisted in development and maintenance of IT Governance and Compliance Frameworks for managing IT improvement initiatives.
  • Synergized with regional and global info security and business leads on Applications, Database and Operating systems in scope for QUAR (Quarterly User Access reviews) of privilege User IDs globally- LATAM, APAC, North America, and EMEA.
  • Validated User Access Reviews/Terminations. Reconciled users’ access levels alongside system generated reports covering Applications, Database and Operating systems as part of QUAR.
  • IAM/IDM Access Certification monitoring.
  • Reviewed administrators’ rights to restrict access to only needed functions to perform required tasks.

Confidential

Sr. IT Auditor/Information Security Analyst

Responsibilities:

  • Conducted testing of Sarbanes-Oxley (SOX), OMB Circular A-123 Audit, and Service Organization Control (SOC) SSAE 16 reviews.
  • Conducted integrated audits requiring technical skills for evaluating networks, application development and compliance with security policies from planning phase to completion. Immense familiarity with COBIT, COSO, PCI DSS, OMB Circular A-123, FISCAM frameworks.
  • Performed Security Assessment and Accreditation (SA&A) process for multiple systems requiring an Authorization to Operate (ATO).
  • Participated in audits and compliance reviews based on FISCAM, FISMA, NIST SP 800-53 series, ISO 27001, OMB circular A-123 and A-127 frameworks.
  • Coordinated IT related SOX compliance reviews, assessing IT Application Controls in connection with program development, change management, computer operations, security and configurations as well as vendor service providers.
  • Implemented and tested internal controls under Section 404 of the Sarbanes Oxley Act and performing Walkthroughs of controls and evaluated operating effectiveness of controls
  • Evaluated segregation of duties and application security involving ERP systems. (SAP, People Soft, Oracle Financials, Momentum, Deltek Costpoint) and execute audit strategy.
  • Performed audit of IT general controls (ITGC) - Access control, Change Management, IT operations, Disaster Recovery and Platform reviews (Windows, Mainframe and UNIX).
  • Prepared audit scope, report findings, and present recommendations for improving data integrity and internal controls.
  • Performed IT General Controls and Application Controls review and monitor segregation of duties and other key management controls for system reliability, availability, and performance.
  • Tested compliance with policies and procedures to ensure conformity with industry standards; such as HIPAA and PCI DSS frameworks.
  • Performed consolidation of IT audit findings, presentation of drafts/reports with notification of findings and recommendations.
  • Conducted systems and network vulnerability scans in order to identify and remediate potential risks.
  • Worked with IT Operations and Network Engineers to mitigate system vulnerabilities discovered in network devices (routers, switches, VPN Concentrator), servers, and workstations.
  • Update and tracked Plans of Action and Milestones (POA&M)
  • Updated and reviewed Configuration Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and other tasks and specific security documentation.
  • Performed Federal Information Security Management Act (FISMA) audit reviews.

Confidential

HIPAA Compliance Analyst

Responsibilities:

  • Handled staff training on operational processes that ensured compliance and best practices, including HIPAA/HITECH regulations together with the review of operational system for control effectiveness and ensured adherence with healthcare regulations.
  • Ensured that policies and procedures are implemented and processes are well documented.
  • Identified and presented compliance issues to the HIPAA Steering Committee and for the timely completion of any action items approved by committee members.
  • Resolved and documented all questions related to privacy and security of patient health information for tracking purposes.
  • Reviewed privacy and security compliance training materials and conducted ongoing in-services, new employee orientation, and graduate medical education.
  • Coordinated documentation, and timely processing of patient rights (i.e., amendment to medical records, requests for restrictions to health information, requests for confidential communications) activities to ensure compliance with privacy regulations.
  • Organized and conducted HIPAA privacy walkthroughs to determine compliance with federal regulations.

Hire Now