SUMMARY:

• Detailed knowledge of security tools, technology with significant best practice assess the compliance impacts of system modifications and technological advance. An experience information security professional with proven exposure to multiple compliance frameworks and publications (FedRAMP, NIST 800 Publications, FIPS, Risk Management Framework, CMMC, DISA STIG, CIS, etc.)
• Ability to multitask
• Excellent Communicator
• System Risk Assessment
• Windows. Microsoft Office, Linux
• IT general controls (ITGC) auditing
• Third Party Risk Management (TPRM)
• Develop, review, and evaluate security
• System plan based NIST special publication
• Vulnerability Assessment
• FISMA
• NIST SP 800 - Series
• Written communication skills
• Operational and technical Security controls
• Perform and Accreditation Documentation
• Cyber GRX
• Policy and Process Development
• Incident Response
• Vulnerability Management
• Data Loss Prevention
• Tenable Nessus Scanning
• PCI
• ISO 27001

EXPERIENCE:

Information/Cyber Security Analyst

Confidential, New York, NY

Responsibilities:

• Ensured that Information Systems security architecture, designs, plans, controls, processes, policies, and procedures are aligned with client policies.
• Analyzed and defined security requirements for networks, applications/systems, end user computing, mobility, and data center technologies and solutions
• Determined security requirements by evaluating business strategies and requirements, researching information security standards, conducting system security and vulnerability analysis and risk assessments.
• Reviewed and updated Contingency Plan (CP) using local guidelines.
• Performed information security risk assessments and assist with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues.
• Reviewed information systems security environments to include all aspects of physical, technical, and administrative security measures.
• Monitored and evaluated a systems compliance with Information Technology security requirements in accordance with NIST 800 series.
• Assisted with the development, implementation and administration of information security policies, standards and procedures adhering to industry best practices.
• Provided analysis of system requirements relating to security/vulnerability reviews, risk, and contingency planning
• Assist System Owners and ISSO in preparing and Accreditation package for companies IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP
• Designate systems and categorize its C.I.A using FIPS 199 and NIST SP
• Conduct Self-Annual Assessment (NIST SP A)
• Perform Vulnerability Assessment. Make sure that risks are assessed, evaluated and a proper actions have been taken to limit their impact on the Information and Information
• Systems
• Created standard templates for required security assessment and authorization
• Review vendors response to CAIQ-Lite questionnaires
• Review vendors latest SOC audit reports
• Vendors Policy and Procedures
• Vendors Pentest report
• Document findings
• Advises business area based on the findings identified
• Assessment is performed against all accepted industry framework. NIST, ISO 270001, NIST SCF
• To validate the operational design of the vendors environment.
• Business area identifies the risk
• Escalate to infosec
• Uses Fair Factor Risk Analysis
• Create / Brainstorms scenarios, looking at frequency/likelihood factors
• Identify impact levels based on the organization defined metrics
• Define the overall Risk level
• Escalate to stakeholders
• And advise stakeholders based on the overall risk level identified.
• Helps business area define the risk management type to address the risk (transfer, accept, mitigate, or avoid)
• Threat & Vulnerability Management
• Perform scans with Nessus Tenable
• Report is generated
• Review report and identify all critical, highs and mediums
• Identify controls owners and assign identified vulnerabilities for remediation
• All critical and high findings are remediated with 10 and 15 days respectively.
• Patch management after Patch Tuesday using
• Review all identified vulnerabilities and drive to closure.

Confidential

Jr. Information Security Analyst

Responsibilities:

• Experience in interfacing with information assurance managers, including reviewing documentation,such as systems security plans (SSPs), risk assessment reports, C&A packages, and Plan of Actions and Milestones (POA&Ms)
• Manage Cybersecurity activities that must be performed by system owners, including annual refresherCS or awareness briefings
• Advise and work with system owners and developers to ensure secure implementation and integrationf new and existing systems • Provide security guidance and IS validation using National Institute of
• Standards and Technology (NIST) RMF, DoD, and local security policies
• Conduct monthly meetings with system owners, engineers, and vulnerability team members to discussvulnerability scans and any upcoming changes with the application.
• Develop, update and review policies, procedures and guidelines as outlined within NIST SP .
• Track all security authorization activities of assigned systems; ensuring security management adheres to the security authorization schedule
• Assisting in Analyzing and updating System Security Plan (SSP), Risk Assessment (RA), PrivacImpact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions andMilestones (POA&M)
• Designate systems and categorize its C.I.A using FIPS 199 and NIST SP
• Conduct Self-Annual Assessment (NIST SP A)
• Perform Vulnerability Assessment. Make sure that risks are assessed, evaluated and a proper actionhave been taken to limit their impact on the Information and Information Systems
• Assist System Owners and ISSO in preparing and Accreditation package for companies’ ITsystems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP R4
• Conducted IT controls risk assessments that included reviewing organizational policies, standards andprocedures and provided advice on their adequacy, accuracy, and compliance with the Payment CardIndustry Data Security Standard.
• Assisting in Conducting walkthroughs and evaluation of the IT infrastructure in terms of risk to therganization: recommends controls to mitigate loss and develop remediation plans for each area of the testing.
• Led in the development of Privacy Threshold Analysis (PTA), and Privacy Impact Analysis (PIA) byworking closely with the Information System Security Officers (ISSOs), the System Owners, the

Confidential

SOC Analyst

Responsibilities:

• Performed basic data entry
• Managed multiple mobile wireless accounts
• Managed security for multiple applications
• Remotely assisted users in various locations
• Investigate Cybersecurity platforms and tools SIEM, Splunk
• Installed and set up printers and other components
• Managed multiple mobile wireless data accounts
• Experience in utilizing a ticketing system
• Tuning regularly performing tuning and filtering SIEM alerts and monitoring components to ensure only relevant security data is gathered