It Security Analyst Resume

SUMMARY:

5 years Information Technology Experience ( more than 3 years in Information Security).
Specialized in Information Assurance, Risk Management and Assessment and Certification & Accreditation (C&A).
Vendor Risk Management; Risk Assessment on cloud (SaaS) service providers; HIPPA Security Assessment.
Adequate knowledge and experience in COSO, COBIT, ISO, PCI DSS, and HIPAA Framework, and NIST
Ability to create and update Certification & Accreditation (C&A) documentation in line with company, industry and national standards (NIST Standard).
Possess very strong communication (verbal or written), analytical, organizational and managerial skills.

WORK EXPERIENCE:

Confidential

It Security Analyst

Responsibilities:

Gather evidence, develop Test Plans, Testing Procedures and document test results.
Assist the System Owners in preparing Certification and Accreditation package for applications systems, making sure that Management, Operational and Technical security controls adhere to a formal and well established security requirement authorized by NIST SP 800 - 53.
Developed Risk Assessment Reports that identify threats and vulnerabilities; and they also evaluate the likelihood that the vulnerabilities can be exploited. I assessed the impact associated with these threats and vulnerabilities and identified the overall risk.
Conducted Walkthroughs, Test plans, Test results and develop remediation plans for each area of testing.
I follow the Federal Information policies and NIST guidelines throughout the whole Certification and Accreditation process for securing clients information system.(NIST SP 800 series).
I create SSPs, ST&Es and POA&Ms.
Develop security baseline controls and test plan that is use to assess implemented security controls.
Conduct security control assessment to assess the adequacy of management, operational, and technical security controls implemented.
Assist in the development of an Information Security Continuous Monitoring Strategy (Ensure continued effectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions.

Confidential

Information Security Risk Analyst

Responsibilities:

Performed Vendor Risk Assessment and reviews using ISO 27001 a guide and the use of SIG Lite questionnaires.
Conducted IT Internal controls risk assessments that included reviewing organizational policies, standards, procedures and guidelines.
Perform audits and other related IT reviews (ISO 27001, SOX, NIST) as prescribed in the company's annual plan
Assisted project teams in the implementation of security measures to meet corporate security policies and external regulations ( SOX, NIST)
Developed compliance reports, documenting auditing findings and development of corrective actions plans.
Identify weakness in the internal controls and opportunities to enhance operational efficiencies
Maintained appropriate security documentation for applications and systems
Work directly with the business units to facilitate IT risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification and protection.

Confidential

Service Desk Analyst

Responsibilities:

Escalated incidents for support according to the established processes and procedures.
Tracked and followed-up on incidents escalated to technical team to ensure issues are resolved promptly and closed.
Ensured that antivirus software are installed on all machines and scans are completed routinely.
Updated user and asset information in database as necessary.
Followed established processes and procedures and reported to IT team any suggestions that will improve process or make support easier or more efficient.
Recorded and submitted checklists and other documentations as may be required.

Confidential

Help Desk Support

Responsibilities:

Kept Information Technology asset inventory and facilitate it's movement within the organization.
Assisted clients with PC and Desktop Application Issues
Regularly performed Software maintenance
Trainings on the use of Microsoft Office Applications.
Monitored IT threats environment and recommended remediation activities.