LiveCareer-Resume

cyber security analyst resume example with 10+ years of experience

Jessica Claire
  • , , 609 Johnson Ave., 49204, Tulsa, OK 100 Montgomery St. 10th Floor
  • Home: (555) 432-1000
  • Cell:
  • resumesample@example.com
  • :
PROFESSIONAL SUMMARY

Cyber Security professional with hands-on experience evaluating and implementing federal and Department of Defense (DoD) Cybersecurity frameworks. Led the first readiness review for Northrop Grumman's CMMC Level 2 certification, providing actionable recommendations to enhance security posture and mitigate risk. I am committed to staying up-to-date on the latest NIST and CMMC guidelines and utilizing my expertise to support organizations in achieving their security goals.

CORE SKILLS
  • COBIT
  • Cloud Security
  • ISO
  • PCI Compliance
  • Vulnerability Management
  • IT General Controls
  • Network Security
  • Reporting and Documentation
  • SOX and SOC Audits
  • Governance, Risk, and Compliance (GRC)
  • NIST SP 800- 171, SP 800-53, and SP 800-30
  • DFARS 252.204-7012
  • ITIL
  • Identification of Controlled unclassified Information (CUI)
  • Federal Contract Information(FCI)
EXPERIENCE
Cyber Security Analyst, 07/2018 to Current
Apex SystemsCedar Rapids, IA,

NIST/CMMC Experience: Understanding of the NIST Cybersecurity Framework and how the steps of identifying, protecting, detecting, responding, and recovering serve as the foundation for developing and evaluating cybersecurity programs for compliance.

  • Prepared and documented data flow diagram to isolate CUI; reducing CMMC scope and certification boundary by 25%.
  • Identified CUI Banner Marking, Categories, and Subcategories following DoD CUI Registry guidelines to ensure safeguarding from internal and external cyber threats.
  • Led assessments of 30+ System Security Plans using NIST SP 800-171 guidelines; performed gap analysis, and provided priority-based remediation guidelines in preparation for CMMC review.
  • Assessed Plan of Action & Milestones (POA&M) for eleven Federal and DOD projects; developed roadmaps with realistic time frames and resources to track and monitor projects to completion.
  • Assessed cybersecurity risk for 20+ offset environments using NIST SP 800-30 methodology to present cyber risk through threat type, business impact, and financial impact for management to make informed decisions.
  • Leveraged NIST SP 800-53 controls and guidelines to establish fundamental baseline for developing secure organizational infrastructure, security, and compliance.
  • Reviewed Ransomware Tabletop Exercises and penetration tests for all sectors to ensure an effective incident response plan is in place to prevent and respond to incidents in the event of a ransomware attack.
  • Evaluated and supported the implementation of Splunk monitoring tool; it increased network visibility and eliminated over 3.5 hours of platform downtime.
  • Analyzed Tenable Nessus reports, identified 25 vulnerabilities, ten critical ones were remediated immediately.
  • Developed a role-based matrix to limit access to five critical systems to support "zero trust" end-to-end encryption.
  • Developed Just-In-Time cybersecurity awareness content for emerging threats to reduce operational risk to tailored audiences.
Senior IT Auditor, 08/2017 to 07/2018
Aramark CorporationWest Palm Beach, FL,
  • Developed lessons-learned database to improve work processes and knowledge-sharing for 40 auditors.
  • Created a 10-point cloud security checklist to ensure cloud service providers can meet current and future business requirements.
  • Increased audit efficiency by 30%, by creating matrix to match team members to Subject Matter Experts (SME) to improve fieldwork efficiency.
  • Reviewed readiness assessment templates for system development projects to determine implementation readiness and support strategy.

Single point of contact for SOX 404 compliance testing for the whole organization;

  • Scheduled weekly meetings with external auditors and sector managers to address potential issues and discuss remediation plans.
  • Presented audit results to management teams, delivering information in non-technical terms for easy understanding.
  • Saved 20k in external audit fees by independently testing SOX controls to ensure compliance.

Performed Operational Readiness Assessments (ORAs) to identify potential risks prior to implementation of various projects.

Scrutinized 30 administrator accounts, ensured least privilege and separation of duties

Senior IT Auditor, 09/2008 to 01/2014
Aramark CorporationWeston, MA,
  • Assisted with the development of an Intellectual Property database to identify, monitor and track 300+ intellectual property to reduce exposure of Intellectual Property.
  • Coordinated all phases of audit activities including scheduling, scoping, budgeting, fieldwork, including drafting and issuing audit reports to senior management.
  • Reduced fieldwork level of effort by 30%, using flowcharts to facilitate an understanding of business processes, control points and risk areas.
  • Developed policies and procedures to ensure confidentiality, integrity, and availability of IT systems
  • Performed the first Health Insurance Portability and Accountability Act (HIPAA) audit, discovered vulnerabilities that may have been exploited if they were not remediated immediately.
  • Developed Information Security policy to establish authorized access management and authenticator management for internal and third-party personnel.
  • Led review of Third-Party Access, to evaluate the design and operating effectiveness of controls related to non-employee onboarding and access to critical systems
  • Revised the New Employee On-Boarding Process for the audit dept,, enabling new hires to be engaged early and contribute to the team more quickly.
  • Trained 15 new auditors to develop audit programs, lead audits and communicate results to management.
  • Performed risk assessment analysis for IT changes, upgrades, and patches
  • Accessed risks and control requirements on newly deployed systems and emerging technologies.
  • Reviewed the Disaster Recovery Plans and Business Impact Analysis (BIA) to ensure business continuity
EDUCATION
Bachelor of Science: Accounting And Business Management, Expected in to California State University - Northridge,
GPA:
CERTIFICATION

Clearance and Certifications: Clearance - Current TS/SCI Clearance - Active DoD Top Secret Clearance (2022-Present)

Certification

  • Certified Information Systems Auditor (CISA) (2010).
  • Certified CMMC Professional (CCP) Training Program (Completed 2022).
  • Currently preparing for the CCP Examination.
,

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • California State University

Job Titles Held:

  • Cyber Security Analyst
  • Senior IT Auditor
  • Senior IT Auditor

Degrees

  • Bachelor of Science

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: