AREAS OF EXPERTISE:
- Backup & Restore Utility
- Compliance Risk Assessments
- PCI - DSS Framework
- Data Processing
- Microsoft Active Directory
- ITIL Foundations
- NIST Special Publication 800-53 Rev. 3 & 4
- IT Risk Management Strategies
- Remedy Ticketing System
- Microsoft Office Suite
- Customer Support
- Security Analysis
- Confidential Framework
- HIPAA Framework
- HITRUST Framework
Confidential, ATLANTA, GA
IT Security Engineer
- Creating and auditing URL filtering rules on the Cisco Checkpoint firewall. Investigating suspicious emails, whitelisting, blacklisting, and creating user safelists with Cisco IronPort.
- Creating and distributing bi-monthly security awareness newsletter to the user community.
- Assisting IT Manager with evidence gathering for compliance security audits.
- Conducting and completing annual internal HIPAA assessment.
- Completing third party risk assessment questionnaires from clients.
- Maintain/track an inventory of all open audit (internal/external), assessment, and other third-party findings in addition to exceptions to policies and standards using the Logic Manager eGRC tool. Reviewing and updating (as needed) IT Security Policies and the Business Continuity and Disaster Recovery reports annually.
- Creating, assigning, tracking, and generating reports to management for the annual security awareness training.
- Create accurate and well documented solutions for security related issues.
- Providing guidance to the user community and Helpdesk on best security practices.
- Conducting vulnerability scans for new server requests using Rapid 7 and generating reports to the Infrastructure Team for remediation of vulnerabilities found.
- Adding and decommissioning servers from the SIEM upon request using Confidential Enterprise Security Manager.
- Ordering material for dissemination to offices for reinforcement of best security practices to employees.
- Training new members of the IT Security Team.
- Scheduling and participating in proof of concept meetings with vendors to fill an IT Security related organizational need.
- Troubleshooting access management issues to offices using Confidential .
- Participate in team meetings, and other duties as assigned.
Confidential, Atlanta, GA
IT Security Analyst
- Built relationships with internal business partners and third party points of contact to gather information on the services the third party provided and determined the risk the services may have posed to the company. Conducted remote assessments using a NIST and PCI framework based questionnaire.
- Conducted initial and if necessary, follow up interviews with third parties, collected and examined third party documentation including SOC 2 types I and II, ISO 27001, and PCI DSS AOC Attestation reports to determine compliance with control domains.
- Tracked the status of assessments using SharePoint. Recorded control deficiencies, mitigating controls, if applicable, and remediation plans that result from the assessment.
- Prepared reports to be presented to internal business partners and senior management with the assessment results.
- Participated in team meetings, provided input on third party risk management processes and procedures, and other duties as assigned.
Confidential, Atlanta, GA
Cyber Risk Associate
- Conducted on-site third party risk assessments throughout the United States utilizing PCI industry standards.
- Interviewed stakeholders to determine if security controls were being implemented.
- Inspected evidence and documented findings during the assessment. Sent follow up emails requesting evidence.
- Completed findings report, made recommendations, participated in practice development projects, completed job related and other training, other duties as assigned.
IT Security Associate
- Assisted in providing support to plan, coordinate, and implemented the organization’s information security.
- Assisted in providing support for facilitating and helped agencies identify their current security infrastructure and define future programs, design and implementation of security related to IT systems.
- Provided technical input related to Confidential issues to more senior Security Specialist and, when required, provided technical input to the IRS Confidential reporting team.
- Provided highly technical and specialized guidance, and solutions to complex security problems.
- Performed analyses and studies. Prepared reports and gives presentations to management.
- Attended various stakeholders meetings including control selection, ad hoc, control assessment, participate in weekly staff meetings, and training offered both onsite and remote.
- Other duties as assigned.
Confidential, Greenbelt, MD
Systems Security Analyst
- Improved IT Risk Management strategies, successfully preparing subsystems for a third party audit
- Played integral role in the preparation of yearly system assessments, including current system data, preparing audit spreadsheet, gathering system and procedural documentation from administrators, participating in inbrief/outbrief process at both on- and off-site locations
Confidential, Suitland, MD
- Recorded incidents and provided Tier 1 support for a variety of hardware and software issues including Microsoft Office, scanning, printing, digital rights management, and file recovery using Remedy ticketing system, acting as single point of contact for all IT and IS issues.
- Documented and tracked workstation relocation, user account creation and management requests, and training requests.
- Assisted users with system policies such as session timeouts, password complexity, and mandatory change policies.
- Researched, evaluated, and provided feedback on problematic trends and patterns in customer support requirements.
- Met aggressive schedules in a fast-paced collaborative environment.
- Received a Letter of Commendation
Help Desk Manager
Confidential, Suitland, MD
- Provided technical support to remote customers via phone, remote access, and email coordinating with Service Lead for tier 2 and 3 support and documenting the problem solving process including successful and unsuccessful decisions made through the final resolution.
- Maintained Help Desk Incident trouble ticket system (Remedy) and generated incident reports within the Remedy Action Request System.
- Prioritized incident tickets and escalated tickets to appropriate technicians and teams, performing post-resolution follow-ups.
- Monitored network tools and submitted daily status reports to senior management.
- Maintained working understanding of Joint Deployable Intelligence Support System ( Confidential ) products and website.