SUMMARY

• A security control assessor with over 5 years of experience in Risk management, Risk assessment, vulnerability management & System Development Life Cycle (SDLC).
• Subject Matter Expert in Risk Management Framework (RMF) including implementing security controls, creating documentation, and completing risk assessments.
• Extensive understanding of NIST Cybersecurity Framework, Plan of Action, Milestone (POA&M), Security Assessment Report (SAR), and Security Assessment Plan (SAP).
• Ability to satisfy customers through analysis and problem resolution. Outstanding communication skills; interface effectively with upper management, vendors, staff, peers, and users.

TECHNICAL SKILLS

Proficient skills in: Microsoft Excel for data analysis.

Operating Systems: Microsoft Windows / Servers Operating Systems.

Applications: Tripwire, and Tenable Security Center, Microsoft Office Suite

PROFESSIONAL EXPERIENCE

Confidential

Vulnerability Analyst

Responsibilities:

• A subject matter expert on organizational risk management regulatory guidance and best practices
• Performing monthly risk monitoring activities as assigned, specifically for risks and controls relative to high risk business processes
• Protects and sustains the information assurance requirements for system and information availability, access control, integrity, confidentiality, and non - repudiation for these environments.
• Utilizing ServiceNow to create remediation tickets for identified findings.
• Reviewing the remediation ServiceNow tickets to track the remediation process by contacting assigned owners.
• Analyzing the vulnerability report using the Microsoft Excel data analysis process
• Develops risk assessment reports, identifying threats, and vulnerabilities applicable to the system.
• Evaluates the likelihood that vulnerabilities would be exploited and assess the impact associated with this threat and vulnerabilities.
• Experience upgrading server operating systems, tech refresh, imaging, patch management
• Investigate and research issues, determine the impact, and provide remediation and document RCA when required and Performs mitigation required to protect critical resources.
• Apply required security patches within NIST and enterprise guidelines
• Conducted follow-up meetings to assist information system owners to close/remediating POA&M items.
• Proficient understanding of end-to-end banking business processes
• Maintaining strong working relationships between the organization and the customers by driving the engagement meetings
• Developing standard operating procedure and required documentation for smooth business engagements
• Maintains POA&M to include vulnerabilities uncovered during the vulnerability management process. Supports all compliance reporting activities required by the COR.
• Train other ISSOs on how to understand network diagrams provided by engineers and interpret raw data from vulnerability scan results generated through Nessus
• Intermediate to Advanced Experience with IBM OpenPages using version 7.9 and above
• Complete knowledge, understanding, and experience of IBM OpenPages GRC suite covering modules/functionalities such as audit, compliance, SOX4, operational, and enterprise risk.
• Experience with OpenPages workflows, triggers, user provisioning, and Cognos report creations.
• Extensive experience using Pivots and vlookup to analyze data

Confidential, Houston, TX

Information Security Analyst

Responsibilities:

• Assisted ISSO with coordinating efforts to help resolve security findings related to installation, configuration, troubleshooting, and maintenance.
• Contributed to tasks related to the creation of and remediation efforts on application environments to support application security and sustainability.
• Worked with ISSO to ensure systems are following Cybersecurity regulations and guidelines, proper documentation, and effective scanning and remediation efforts.
• Created Akamai WAF policies and applied them to our different security configurations for a 39-country deployment footprint.
• Experience creating and managing Akamai WAF rule hierarchies as well as splitting WAF configurations as the traffic grew.
• Responsible for creating, updating, and maintaining documentation including technical processes, standard operating procedures, and system/security artifacts.
• Knowledge of scanning tools like Nessus, Tenable SC, and efforts to remediate those findings.
• Utilized various information system documentation, inspection tools to audit systems, analyze potential vulnerabilities and identify mitigation approaches.
• Acquired and reviewed program documentation such as Risk Assessments, Security Plans, and Contingency Plans
• Conducted assessments of client and contractor facilities, as needed, to ensure compliance with security requirements tailoring requirements, as needed
• Analyzed and determined compliance with applicable federal and legislative regulations.
• Conducted technical, management, operational, and privacy reviews.

Confidential

IT AUDIT / System Security Officer

Responsibilities:

• Assisted in the creation of a Third-Party Risk Management (TPRM) program and assessment framework.
• Development of details Audit plans, Schedules, Project Estimates, and resource plans.
• Tested IT Control, write draft reports and forward them to senior management for review
• Assisted IT personnel in participating in and successfully navigating through the Quality Management Processes
• Engaged with stakeholders cross-organizationally to ensure IT Risk & Compliance issues or inquiries are properly addressed
• Performed general computer controls review to verify compliance with SOX section 404. Reassessing control deficiencies and retesting SOX in-scope applications and tools.
• Performed training, change management, and communication support for the organization. implementations and ongoing compliance activities
• Supported the development of internal compliance and risk dashboards
• Assisted Operational Risk Management and Sr. Risk Analyst, Operations in maintaining effective and professional relationships with senior management
• Business and support areas, internal and external auditors, Federal and State regulators, and others dealt with in a professional capacity.
• Performed compliance testing of controls for certain risk areas, documented findings and convey results in oral and written form
• Assisted in the development, implementation, and maintenance of collaborative tools (for example SharePoint) used by AMT to improve and optimize the way the teams work