Sr Global Cloud Ops Compliance And Auditing - Security Engineer Resume
2.00/5 (Submit Your Rating)
SUMMARY
- Leveraging 12+ years as a Sr. Security Compliance Engineer / Security GRC Analyst and IT Security Regulatory Auditor to audit; as the person brought in to mitigate findings; or, work with a client or business unit to bring a system to compliance standards for Internal Audit.
- Experience and knowledge in security compliance, internal IT audit of networks and 3rd party vendor assessments accomplished for Fortune 500 companies, Health Care, Financial Institutions, Oil & Gas, Software as a Service (SaaS) and Federal - Government entities.
- Industry certified ISACA CISA and CISM. Technical background in network engineering for WAN, LAN and Telephony.
PROFESSIONAL EXPERIENCE
Confidential
Sr Global Cloud Ops Compliance and Auditing - Security Engineer
Responsibilities:
- Lead - manage and assist with IT audit for security compliance (SSAE for SOC 1, SOC 2, SOC 3 rolling audits and NIST 800-171 / NIST 800-53) for 18 SaaS products on cloud platforms of AWS, Azure and SoftLayer (IBM Cloud) and with Salesforce for audit purposes. Oversee their completion obtaining the required evidence, reviewing, and working with internal teams to provide Audit criteria.
- Manage Project, coordinate and deliver to external Auditors assessment criteria requirements.
- Conduct Vendor Risk Management assessments for GRC of products / services for NIST 800-53 FedRAMP. Respond to security assessments, questionnaires, and audits from clients.
- Under GRC working with Global Cloud Compliance to ensure compliance of policies and procedures, reply to client responses, assist with security awareness training set-up.
- Conducted monthly and quarterly internal security assessments to ensure systems are operated and maintained in accordance with internal security policies / practices. Includes on-going access control reviews.
- Developed and maintained System Security Plans (SSP) and Plan or Actions and Milestones (POA&M) for Applications.
Project Consultant
Sr. Security & Compliance Consultant
Responsibilities:
- Scheduled and executed IT security audits with system and asset owners using NIST 800-66 (for HIPAA e-PHI), NIST 800-53a, MARS -E and NIST 800-37 (Risk Management Framework) for baseline assessments.
- Performed IT security and system risk analysis, vulnerability and regulatory assessments of: networks (IBM RACF, Cloud); Security Operations assets; Facility Operations asset; and, medical equipment with clients - vendors.
- Risk profiling of medical clinical devices / applications - life cycle for HIPAA, PHI, ePHI, FDA.
Sr. Analyst
Confidential
Responsibilities:
- Conducted vendor third party financial control assessments of vendors and business partners - GRC tracked in RSA Archer; identified vendor gaps / deficiencies / risk; ensured requirements were met for NIST 800-53a & 800-37, PCI DSS, ISO, SIG7, SOC, SOX, ISO/IEC 27001/2, Safe Harbor, and/or Best Practice.
- Reviewed regulatory requirements and contractual SLAs with Right to Audit compliance requirements.
- Assessed (QA) remediation plans and non-compliance acceptances. Validated evidence from third parties to assist in closing identified findings.
Privacy Policy
Resume Categories
- .NET Developers/Architects Resumes
- Java Developers/Architects Resumes
- Informatica Developers/Architects Resumes
- Business Analyst (BA) Resumes
- Quality Assurance (QA) Resumes
- Network and Systems Administrators Resumes
- Help Desk and Support specialists Resumes
- Oracle Developers Resumes
- SAP Resumes
- Web Developer Resumes
- Datawarehousing, ETL, Informatica Resumes
- Business Intelligence, Business Object Resumes
- MainFrame Resumes
- Network Admin Resumes
- Oracle Resumes
- ORACLE DBA Resumes
- Other Resumes
- Peoplesoft Resumes
- Project Manager Resumes
- Quality Assurance Resumes
- Recruiter Resumes
- SAS Resumes
- Sharepoint Resumes
- SQL Developers Resumes
- Technical Writers Resumes
- WebSphere Resumes
- Hot Resumes
