LiveCareer-Resume

governance and compliance analyst resume example with 5+ years of experience

Jessica Claire
  • , , 609 Johnson Ave., 49204, Tulsa, OK 100 Montgomery St. 10th Floor
  • Home: (555) 432-1000
  • Cell:
  • resumesample@example.com
  • :
Summary

An experienced IT security analyst, Risk Management Professional with Extensive IT risk and control experience. Ample experience in consulting and working in various organization sector such as technology, healthcare and financial institution. Skilled in Risk Management, Information Security principles, Project Management, Risk Assessments, Due Diligence and various Audit Methodologies. Knowledgeable with NIST frameworks 800-53 rev 4, 800-37, 800-137, ISO 27001, IS031000, HIPAA Standards, SSAE 18: SOC 1 and SOC 2, SIG questionnaires and other third-party certifications.

Skills
  • Risk Mitigation
  • Jira
  • Risk Assessment
  • Internal Assessment
  • Policy Review
  • SOC 2 review
  • PCI-DSS
  • Security Questionnaire
Experience
Governance and Compliance Analyst , 12/2019 to 10/2022
Adobe Systems IncorporatedStockholm, ME,
  • Reviewed company policies against best practices to better understand level of compliance.
  • Lead role in the third-party risk assessment process, which will include sending third party risk assessments to vendors, evaluating the risk level, recommending mitigating controls, documenting the assessment and following up on action plans.
  • Lead role in the security and privacy risk assessment processes for the company.
  • Experience auditing or working with security control frameworks such as NIST 800-53, Cybersecurity Framework for Improving Critical Infrastructure, CIS Critical Security Controls, ISO 27001/2 and COBIT
  • Work on both sides of the audit and assessment process, proven experience; how to test controls and how to design them specific to IT operation
  • Assist with security risk assessments on new or existing IT products, services, and technologies to analyze controls, identify and evaluate mitigating control opportunities and assign residual risk using the organizational risk management methodology
  • Manage the assessment and remediation of IT control deficiencies through collaborating with auditors and control owners to perform root cause analysis, design remediation plans, and update control design documentation
  • Perform risk assessments and synthesize analysis of the risk.
  • Assist in responding to regulatory examiner and third party auditor inquiries.
  • Conduct Third Party Risk Assessment
  • Leverage on PCI-DSS to answer Security questionnaire and do Risk assessment
Information Security Risk Analyst, 12/2017 to 10/2019
Lockheed Martin CorporationScott Air Force Base, IL,
  • Lead in the aggregation, documentation, and improvement of information and cyber security frameworks and measures, and apply improvements to the risk management process. Continue to monitor, update, and adapt to ongoing risks.
  • Working closely with the Security Compliance Manager and Director to support with risk remediation and tracking.
  • Executes the day-to-day activities of HITRUST assessments (Readiness, Validated, Interim), including scoping and planning the engagements
  • Perform risk assessments, to effectively plan and execute compliance and professional standards
  • Perform review of completed vendor assessment questionnaires for conformance to program objectives and methodology
  • Perform risk assessments on organizational controls around information security including cyber and physical, business continuity and disaster recovery, resiliency, privacy, and governance.
  • Partner with the team to track Vendor Risk Management process- Conducts technical and policy-based information security risk reviews of third-party vendors.
  • Test implemented controls
  • Assist in IT and Information Security audits, and report on findings and ensure corrective actions are complete and sustainable
  • Support internal and external audit processes for relevant compliance concerns, including state regulations, privacy laws, and security frameworks
Cyber Security Analyst , 09/2016 to 12/2017
EquifaxCity, STATE,
  • Provide counsel to ensure that internally developed and commercially available business applications include adequate Information Security controls; Consult process owners on the identification, development and testing of Information Security controls for risk mitigation effectiveness
  • Collaborate closely with the various Security and Information Technology teams globally to insure that they follow Corporate Security Policies to protect the enterprise, and that policies, best practices, and Security Standards are implemented uniformly across the company
  • Experience and knowledge with leading and validating evidence for IT audits for ISO 27001, NIST 800-53, PCI, HIPAA, SOC 2, etc.
  • Document risk issues in the designated risk register
  • Provide risk remediation recommendations that the business and technology may implement to mitigate identified control gaps
  • Schedule and perform information risk assessments using company methodology; identify, document and communicate control deficiencies in business processes and technology systems
  • Participate in and influence information risk assessment process improvement.
Education and Training
Bachelor of Science: B.S in Mechanical Engineering &Technology , Expected in 05/2004 to Old Dominion University - Norfolk, VA
GPA:
Certifications
  • Security Plus- In progress
,

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • Old Dominion University

Job Titles Held:

  • Governance and Compliance Analyst
  • Information Security Risk Analyst
  • Cyber Security Analyst

Degrees

  • Bachelor of Science

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: