Principal Consultant Resume
2.00/5 (Submit Your Rating)
SUMMARY:
- Information Security and Risk Management Professional with career spanning 10 years, focused within a variety of outlets Application Security, Infrastructure Security, Cloud Security, Vulnerability Management, Mobile Device Management (MDM), Risk Assessment, Asset management, Data Classification, Penetration Tests Report Analysis, Security Planning, Assessment & Authorization, and more.
- Lead, developed & implemented FISMA, NIST RMF, FEDRAMP, HIPAA, HITRUST, NIST CSF. Experience developing and implementing Regulatory Compliance Advisory, Process Re - engineering, Security and Controls Optimization, Evaluation and Reviews (SOX 404, SOC1, SOC2)
- Experienced in the development of Contingency Plans, Configuration Management Plans, System Security Checklists, System Security Plan, (SSP), Security Assessment Report (SAR), POAM, Privacy Impact Assessments, Authority to Operate (ATO), FISMA Reports, and Standard Operating Procedures (SOP) in accordance with Federal Agencies and Commercial Organizations policy to include FISMA, NIST, OMB, and FIPS instruction.
- Technical skills include GRC, Cloud Security, Application Security, Infrastructure Security, and Network Security.
- Communication Skills Presentation, Verbal, Written.
PROFESSIONAL EXPERIENCE:
Principal Consultant
Confidential
Responsibilities:
- Work closely with Stakeholder teams (ISD and Information Security) to understand current information security practices and aligning those practices with IT Security frameworks such as: NIST, COBIT.
- Performed risk assessment of systems/application, evaluate risk profile and make adequate security control recommendations based on risk tolerance of Navy Federal.
- Conduct Vendor Risk Assessments to identify security risks, quantify exposures, and offer guidance to data owners.
- Ensured corporate information security policy and standards are well understood and properly documented.
- Creating and measuring metrics around IT Risk.
- Gathering information to test IT Risk controls with the end goal of creating a scoring model.
- Supporting the maintenance of global information security policies and standards that align with business needs, best practices, and industry standards.
- Providing technology and process support towards the development and implementation of effective information technology risk management.
- Supporting the design and delivery of security training, awareness and communications to maximize adoption of process changes and technologies.
- Working with business areas to prioritize remediation activities and continuously improve security posture.
- Communicating impact, approach, risks, issues and progress to engagement and client leadership.
- Worked with a variety of stakeholders, including system owners, implementation engineers, 3rd-party auditors, and the organizational security team to develop deliverables and recommend security solutions.
- Support the organization in the development, oversight, and maintenance of regulatory/compliant security programs.
- Performed the monitoring and maintenance of security controls, draft processes & procedures, create Security exemptions, and oversee the monthly Continuous Monitoring reports which include vulnerability scanning, interviews and system testing.
- Support the analysis and review of information security programs and systems to ensure compliance with security policies.
- Analyze and review existing processes and procedures to determine areas of possible improvement that will lead to gains in efficiency and security.
- Developed, reviewed and monitored compliance with organizational security policies.
Confidential,
Vendor Risk Management Consultant
Responsibilities:
- Responsible for serving as a risk analyst assessing 3rd party vendor’s operational risk management methodologies and controls. Performs operational and third party risk assessments in support of business operations (to include workflow, vendor application, and associated dependencies and controls). Promotes oversight and governance in the Risk Office across business operational areas throughout the organization.
- Partnering business units by helping them effectively managing their operational risks and assessing risks associated with third party relationships. Contributing to the enhancement of GRC tools and methodologies used to assess risk and establish guidelines to facilitate continuous improvement in the related initiatives, by performing business risk analysis to internal business partners.
- Also, actively engaged reviewing key operational risk and participating in security implementation projects, engaging with project teams to strengthen the operational risk posture of organization and establish appropriate corporate operational risk and security standards.
Privacy Policy
Resume Categories
- .NET Developers/Architects Resumes
- Java Developers/Architects Resumes
- Informatica Developers/Architects Resumes
- Business Analyst (BA) Resumes
- Quality Assurance (QA) Resumes
- Network and Systems Administrators Resumes
- Help Desk and Support specialists Resumes
- Oracle Developers Resumes
- SAP Resumes
- Web Developer Resumes
- Datawarehousing, ETL, Informatica Resumes
- Business Intelligence, Business Object Resumes
- MainFrame Resumes
- Network Admin Resumes
- Oracle Resumes
- ORACLE DBA Resumes
- Other Resumes
- Peoplesoft Resumes
- Project Manager Resumes
- Quality Assurance Resumes
- Recruiter Resumes
- SAS Resumes
- Sharepoint Resumes
- SQL Developers Resumes
- Technical Writers Resumes
- WebSphere Resumes
- Hot Resumes
