compliance analyst resume example with 3+ years of experience

Jessica Claire
, , 609 Johnson Ave., 49204, Tulsa, OK 100 Montgomery St. 10th Floor
Home: (555) 432-1000 - Cell: - - -
Professional Summary

An accomplished Compliance GRC Analyst with over 4 years of experience designing and implementing security solutions in high-availability environments. Experience in policy and compliance, project management and development, and worked with Federal Information Security Management Act (FISMA), FEDRAMP, HIPAA, ISO 27001, COBIT, COSO, PCI DSS frameworks and standard, SSAE 18, SOX compliances. Performed RMF process, A&A, C&A, Security Risk Management, Risk Assessment and Authentication & Access Control, and System Monitoring. Skilled in assembling Security Authorization Packages using documents like NIST Special Publications 800-53 Rev-5, 800 -60, 800-171, 800-37, 800-137, FIPS 199, OMB, and industry best Security Standards. Proficient in preparing and updating the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action & Milestone (POA&M) documents. Goal is to maintain Confidentiality, Integrity, Availability, Skills U.S. Federal Information Security Management Act (FISMA) PCI DSS NIST Publications IT Security Controls IT GRC IT Security Assessments ISO 27001,ISO 27701

  • ITGC
  • COSO
  • SOX Compliance Audit
  • Microsoft Excel. Word, PowerPoint
  • Good knowledge of FIPS (199), (SAP), (SSP), (SAP), (SAR) and continuous monitoring and management Plan of Action & Milestone(POA&M)
Work History
03/2021 to Current
Compliance Analyst Great American Insurance Group South Bend, IN,
  • Assist in development, review, implementation and maintenance of policies, procedures, standards and guidelines in accordance with applicable regulations including ISO 27001, NIST 800-53 Framework Controls, HIPAA, SOX, COBIT and PCI DSS
  • Create information security documentation and workflows to assist with incident response, audits, and vendor requirements.
  • Perform vulnerability scan using Nessus
  • Perform false positive analysis on tool generated flags.
  • Generated reports and communicate with all stake holders.
  • Perform enterprise-wide structure in order to effectively communicate key issues and influence.
  • Create Vendor Risk Assessment Report and escalate issues when necessary.
  • Work with vendors to discuss appropriate remediation actions and deadlines for all identified gaps
  • Analyze vendors processes to determine deficiencies within their controls that could violate applicable law, regulation, framework or internal policies and procedures.
  • Present gap analyzes to stakeholders and management to give better knowledge of risk level
  • Perform periodic vendor risk assessment to make sure vendor controls are properly implemented to ensure confidentiality, integrity, availability, and privacy throughout contract.
  • Identify gaps and create risk treatment plan/corrective action plan to track gap remediation process as well as providing recommendations.
  • Review SOC 2 Reports, SIG, policies, Pen Test report liability insurance and gather evidence to make sure it complies with company's control standards
09/2020 to 02/2021
Information Systems Security Officer Bae Systems Richmond Heights, MO,
  • Prepare and Review Authorization to Operate (ATO) packages (i.e., SSP, RA, CMP, CP, DRP, IRP and PIA, E-Authentication, and POA&M) per NIST 800 guidelines
  • Prepared Certification and Accreditation packages for IT systems, ensuring Management, Technical and Operational Security Controls adhere to Federal Policies and Compliance
  • Experience and familiarity with cloud data security (FISMA/Fed RAMP compliance Research and Review Vulnerability reports with Developers, System Admins, and Engineers to remediate Vulnerabilities identified from scans and create POA&M to track the remediation process per classification (Critical, High, Medium and low)
  • Maintain up-to-date knowledge of cyber threats by researching top vulnerability database website, National Vulnerability database, OWASP Top 10
  • Experience Categorizing Systems with Stakeholder into either high, moderate or low Impact level using the FIPS 199 and NIST 800-60 VOL 1 & 2 as a guide.
  • Monitor Controls post-authorization to ensure Continuous compliance with Security Requirement
  • Develop Standard Operating Procedures (SOP) as well as System-based Policies and Procedures
  • Ensure Patch Management, Incident Responses, Configuration and Change Management
  • Review and Authorize privilege access requests for System Engineers requesting access to systems.
  • Monthly Accounts provisioning reviews of user's accounts and assigned privileges.
08/2019 to 08/2020
Cyber Security Analyst/GRC Compliance Analyst Ezek System City, STATE,
  • Perform continuous monitoring by updating the A&A documents and run vulnerability scans using tools such as Nessus and Tenable security center to identify vulnerabilities applicable to the system.
  • Experience creating Standard Operational Policies (SOP)
  • Experience researching, and reviewing vulnerabilities reports, working with developers, system admins and engineers to remediates vulnerabilities on scan report and create POA&M
  • Experience categorizing a system with the appropriate stakeholders into either high, moderate or low using FIPS 199 and SP 800-60 VOL 1&2 as a guide.
  • Conduct self-control assessment to determine adequacy of management, operational, privacy and technical security controls implemented.
  • Experience with auditing by acting as Liaison Analysis by responding to and assisting with audits, assessments.
  • Analyze and update system security plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security Test & Evaluation (ST&E), E- Authentication, Contingency Plan (CP) and Plan of Actions & Milestone (POA&M)
  • Perform Documentation Review
  • Assisted in SOC 2, ISO 27001 Audits by gathering of evidence and answering to security questions.
  • Responding to Request of Proposals
Expected in 2024
Master of Science: Cybersecurity Management & Policy
University of Maryland University College - College Park, MD
Expected in 03/2015
Bachelor of Science: Computer Science
Olabisi Onabanjo University - NGR,

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • University of Maryland University College
  • Olabisi Onabanjo University

Job Titles Held:

  • Compliance Analyst
  • Information Systems Security Officer
  • Cyber Security Analyst/GRC Compliance Analyst


  • Master of Science
  • Bachelor of Science

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: