compliance analyst resume example with 4+ years of experience

Jessica Claire
  • , , 609 Johnson Ave., 49204, Tulsa, OK 100 Montgomery St. 10th Floor
  • H: (555) 432-1000
  • C:
  • Date of Birth:
  • India:
  • :
  • single:

An accomplished Compliance GRC Analyst with over 5 years of experience designing and implementing security solutions in high-availability environments. Experience in policy and compliance, project management and development, and worked with Federal Information Security Management Act (FISMA), FEDRAMP, HIPAA,

ISO 27001,COBIT,COSO, PCI DSS frameworks and standard,SSAE 18 ,SOX compliances. Performed RMF process, A&A, C&A, Security Risk Management, Risk Assessment and Authentication & Access Control, and System Monitoring. Skilled in assembling Security Authorization Packages using documents like NIST Special Publications 800-53 Rev-5, 800-60, 800-171, 800-37, 800-137, FIPS 199, OMB, and industry best Security Standards. Proficient in preparing and updating the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action & Milestone (POA&M) documents. My goal is to maintain Confidentiality, Integrity, Availability,

  • U.S. Federal Information Security Management Act (FISMA)
  • Security Analyst
  • NIST Publications
  • IT Security Controls
  • IT GRC
  • IT Security Assessments
  • ISO 27001
  • ITGC
  • COSO
  • SOX Compliance Audit
  • Microsoft Excel. word,Powerpoint
  • ·Good knowledge of FIPS (199),(SAP),(SSP),(SAP),(SAR) and continuous monitoring and management Plan of Action & Milestone(POA&M)
  • Excellent communication and writing Skills.
Compliance Analyst, 03/2021 - Current
Great American Insurance Group Rochester, MN,
  • Assist in the development, review, implementation and maintenance of policies, procedures, standards and guidelines in accordance with applicable regulations including ISO 27001, NIST 800-53 Framework Controls, HIPAA, SOX, COBIT and PCI DSS
    • Create information security documentation and workflows to assist with incident response, audits, and vendor requirements
    • Perform vulnerability scan using Nessus
    • Perform false positive analysis on tool generated flags
    • Generated reports and communicate with all stake holders
    • Perform enterprise-wide structure in order to effectively communicate key issues and influence
    • Create Vendor Risk Assessment Report and escalate issues when necessary
    • Work with vendors to discuss appropriate remediation actions and deadlines for all identified gaps
    • Analyze vendors processes to determine deficiencies within their controls that could violate applicable law, regulation, framework or internal policies and procedures
    • Present gap analyzes to stakeholders and management to give a better knowledge of the risk level
    • Perform periodic vendor risk assessment to make sure vendor controls are properly implemented to ensure confidentiality, integrity, availability, and privacy throughout the contract
    • Identify gaps and create a risk treatment plan/corrective action plan to track gap remediation process as well as providing recommendations
    • Review SOC 2 Reports, SIG, policies, Pentest report liability insurance and gather evidence to make sure it complies with company’s control standards
Information Systems Security Officer, 09/2019 - 02/2021
Bae Systems Clearwater, FL,
  • • Prepare and Review Authorization to Operate (ATO) packages (i.e., SSP, RA, CMP, CP, DRP, IRP and PIA, E-Authentication, and POA&M) per NIST 800 guidelines.
    • Prepared Certification and Accreditation packages for IT systems, ensuring Management, Technical and Operational Security Controls adhere to Federal Policies and Compliance
    • Experience and familiarity with cloud data security (FISMA/FedRAMP compliance)
    • Research and Review Vulnerability reports with Developers, System Admins, and Engineers to remediate Vulnerabilities identified from scans and create POA&M to track the remediation process per classification (Critical, High, Medium and low)
    • Maintain up-to-date knowledge of cyber threats by researching top vulnerability database website, National Vulnerability database, OWASP Top 10
    • Experience Categorizing Systems with Stakeholder into either high, moderate or low Impact level using the FIPS 199 and NIST 800-60 Vol 1 & 2 as a guide
    • Monitor Controls post-authorization to ensure Continuous compliance with the Security Requirement.
    • Develop Standard Operating Procedures (SOP) as well as System-based Policies and Procedures.
    • Ensure Patch Management, Incident Responses, Configuration and Change Management.
    • Review and Authorize privilege access requests for System Engineers requesting access to systems.
    • Monthly Accounts provisioning reviews of user’s accounts and assigned privileges.
Cyber Security Analyst/GRC Compliance Analyst , 08/2018 - 08/2019
Ezek System City, STATE,
  • • Perform continuous monitoring by updating the A&A documents and run vulnerability scans using tools such as Nessus and Tenable security center to identify vulnerabilities applicable to the system
    • Experience creating Standard Operational Policies (SOP)
    • Experience researching, and reviewing vulnerabilities reports, working with developers, system admins and engineers to remediates vulnerabilities on scan report and create POA&M.
    • Experience categorizing a system with the appropriate stakeholders into either high, moderate or low using FIPS 199 and SP 800-60 Vol 1&2 as a guide
    • Conduct self-control assessment to determine the adequacy of management, operational, privacy and technical security controls implemented
    • Experience with auditing by acting as a Liaison Analysis by responding to and assisting with audits, assessments
    • Analyze and update system security plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security Test & Evaluation (ST&E), E- Authentication, Contingency Plan (CP) and Plan of Actions & Milestone (POA&M)
    • Perform Documentation Review
    • Assisted in SOC 2 ,ISO 27001 Audits by gathering of evidences and answering to security questions
    • Responding to Request of Proposals
Education and Training
Master of Science: Cybersecurity Management & Policy , Expected in 2024
University of Maryland University College - College Park, MD,
Status -
Bachelor of Science: Computer Science, Expected in 03/2015
Olabisi Onabanjo University - Lagos.Nigeria,
Status -
  • CompTIA Security+ (Certified)
  • Certified Information Systems Auditor (CISA) (In progress

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • University of Maryland University College
  • Olabisi Onabanjo University

Job Titles Held:

  • Compliance Analyst
  • Information Systems Security Officer
  • Cyber Security Analyst/GRC Compliance Analyst


  • Master of Science
  • Bachelor of Science

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: