SUMMARY:

Experienced risk management and compliance professional with a background in IT Risk Management, IT Accessibility, IT Security, IT Audit (SOX, NIST, and COBIT) and regulatory compliance: Texas State (TAC 202) and federal (FISMA, HIPAA, FERPA, GLBA, FFIEC, and Section 508).

SKILL:

IT Security policy and process development and administration * Risk Assessment (Administrative, Operational and Technical controls), including clinic walkthroughs * Risk mitigation plan management * eGRC tool system administration (CoNetrix, Archer, and SecureInfo) * Privacy Assessment * Business Impact Assessment * Data Classification * UT System EIR Accessibility * DIR Accessibility procedure * Governance: TAC202, GLBA, HIPAA, FERPA * IT Audit: SOX, NIST, and COBIT frameworks * CISA * MCSE * CFE * InfraGard * Customer Experience and Support * ITIL v3 * Security clearance (NAC/I, MBI, FCRA )

EXPERIENCE:

Confidential, Houston, TX

Program Manager

Responsibilities:

• Developed, socialized, trained, and implemented the Electronic Information Resource (EIR) Accessibility Program with the following outcome:
• Improved business process owner communication and compliance with federal, State and university IT Procurement Accessibility rules and regulations.
• Identified risk areas for ADA compliance.

Confidential, Sugar Land, TX

IT Governance Risk and Compliance Analyst

Responsibilities:

• Performed CyberSecurity Risk Assessment using Cybersecurity Assessment Tool (CAT).
• Collaborated with key stakeholders to assess IT security controls of banking institution against FFIEC federal banking requirements.
• Reviewed corporate IT Security policies and made recommendations to strengthen policies of the IT Security program.

Confidential, Houston, TX

IT Risk and Compliance Manager (Staff Systems Analyst) / EIR Accessibility Coordinator

Responsibilities:

• Performed Risk Assessments for the university:
• Assessed risk, including clinic walkthroughs, vendor and cloud assessments;
• Documented risk acceptances, where applicable, through the UTHealth IT Security Exceptions process.
• Developed annual IT risk mitigation plans, monitor and report risk mitigation plan progress to the Office of Institutional Compliance.
• Assisted system owners remediate pre - and post-audit findings.
• Developed, socialized, trained and implemented the System Ownership Program with the following outcome:
• Improved business process owner communication and compliance with federal, State and university rules and regulations.
• Identified risk areas for disaster recovery planning purposes.
• Identified areas of privacy risk and potential data leakage.
• Coordinated IT policy development and maintenance with policy sponsors and stakeholders.
• Maintained CIO Policy and Document Repository website for university executive IT leadership; website used to communicate leadership’s IT policy to campus.
• Provided IT policy and procedural documentation to management and other entities such as Audit and Advisory, Texas Department of Information Resources, UT System and other UT institutions upon request.
• Headed institution IT security plan development and maintenance:
• Authored the security plan, identified gaps and co-created a road map for risk mitigation plan development.
• Designed and initiated the security plan documentation process which was adopted by UT institutions as the standard.
• Analyzed security control implementation for organizational IT security program; and
• Reported organizational Security Plan maturity and roadmap details to the Texas State Department of Information Resources and to the Texas State Governor’s Office.
• Assisted IT Executive Directors and Principal Investigators prepare grant documentation.
• Provided project management support.
• Developed, socialized, trained, and implemented the Electronic Information Resource (EIR) Accessibility Program with the following outcome:
• Improved business process owner communication and compliance with federal, State and university IT Procurement accessibility rules and regulations.
• Identified risk areas for ADA compliance.

Confidential, Houston, TX

IT Security Analyst

Responsibilities:

• Partnered with Confidential and contractor information assurance personnel to develop, enhance, coordinate and monitor the Engineering Directorate’s information assurance program with the outcome:
• Implemented a continuous monitoring program and evaluation of ongoing activities using the FISMA compliance NIST 800-53 risk management framework.
• Developed organizational continuous monitoring program tools for Engineering Directorate-- risk assessment checklist, tools and templates.
• Supported IT Security information assurance activities in the handover of project deliverables to the Confidential client.
• Assessed IT risk using the NIST 800-53 risk management framework for multiple platforms in diverse system environments.
• System administrator of the eGRC tool for the Engineering Directorate.
• Facilitated periodic validation SOX audits for the Jacobs Information Technology Department.

Confidential, Houston, TX

Information Assurance Specialist

Responsibilities:

• Provided consulting services coordinating and implementing document assurance services to JSC.
• Assessed the completeness, accuracy and validity of NIST 800-53 security controls.
• Provided System Administration services on institutional eGRC tool for JSC.
• Maintained and updated IT security documentation for 96 Center system security plans.
• Developed and implemented a logistics process which streamlined the onsite processing of third-party auditors.

Confidential, Galveston, TX

Risk Management Analyst

Responsibilities:

• Performed internal controls assessments and assisted departments develop remediation plans.
• Developed an internal controls training program and series of self-assessment checklists for departments.
• Coordinated user access to the State Comptroller’s Office for university personnel requiring reporting capabilities.
• Conducted risk-based threat /vulnerability analyses.
• Developed a business continuity plan for the Finance Division / Administrative Systems - User Support PeopleSoft Help Desk.

Help Desk Analyst

Confidential

Responsibilities:

• Setup of a new help PeopleSoft help desk designed to support PeopleSoft functional users in the organization.
• Coordinated and fulfilled account creation, modification and deactivation requests of PeopleSoft user accounts.

Confidential, Houston, TX

IT Compliance Auditor (Outreach - Desktop Technician)

Responsibilities:

• Performed IT Risk Assessments.
• Conducted Refresh Team weekly performance and procedural compliance analyses.
• Provided Workstation Engineering with refresh software load issues, and workarounds with an outcome of improved customer satisfaction metrics.
• Provided software, hardware and networking support for Windows XP, 2000, and 98 Operating Systems on Compaq, Dell and Hewlett Packard desktops and laptops.
• Provided new computer set-up support: LAN support, TCP/IP, DNS, WINS, DHCP, software, printers, VPN, e-mail, file shares and permissions.
• Provided interactive customer outreach interviews before and after system upgrades; documented customer interviews and audit findings using Remedy ticket tracking system and Microsoft Excel.

Help Desk Analyst

Confidential

Responsibilities:

• Performed heavy phone support as frontline customer support to Confidential organizational IT end users.
• Logged technical issues in Remedy ticket tracking system.
• Escalated more intensive IT support as required.

Continental, Houston, TX

Revenue Accounting Specialist

Responsibilities:

• Reconciled revenue accounts; prepared management reports, yield analyses and journal entries; researched budget variances and headed special projects.
• Worked with Internal Audit team to identify fraudulent documents and to build audit and prosecutorial case evidence.
• Partnered with internal and external auditors on accounts receivable aging projects.
• Analyzed and reported on variances.
• Provided email and correspondence support to frequent flyer club members banking mileage flight credits and redeeming awards.
• Made and confirmed reservationsfor passengers on scheduledairline flights.