Jessica Claire
  • , , 100 Montgomery St. 10th Floor
  • Home: (555) 432-1000
  • Cell:
Professional Summary
IT Risk & Audit consultant with a profound understanding of operational and IT-related controls to mitigate associated risks. 5 years of applying the NIST Risk Management Framework (RMF). Focused on monitoring the IT security environment to immediately detect, verify and respond swiftly to cyber threats. 4 years of experience in executing the formulation of the Security process relative to threat intelligence, security monitoring, security automation, security awareness as it pertains to security monitoring, Third-Party Security Assessment, compliance, IAM. Career highlights in client services, business-facing, and operational experience. Service Now Nessus RSA Archer Jira Process Unity Risk Recon Microsoft Office Product SharePoint
    Work History
    Information Security Analyst, 01/2021 to 11/2021
    Amalgamated BankWashington, DC,
    • 27001: 2013, ISO/IEC 27002: 2013 ISO/IEC 27005: 2018 (Information technology - Security techniques - Information security risk management) ISO/IEC 19011: 2018 (Guidelines for auditing management systems) ISO/IEC 31000:2011 (Risk management — Principles and guidelines) Federal Information Processing Standards (FIPS) 199 and 200 and National Institute of Standards ISO 27001/ISO 27002
    • Obtaining Security +|Public Trust clearance, Resolved up to 93% requests from remedy system and 37% reduction of work load within two months of service
    • Manage responses for all clients’ cyber security risk assessments while building an audit repository log for the whole IT department and for the CIO/CTO to review the records of responses to risks events
    • Conduct formal end-to-end Information Security Risk Assessments (review of questionnaires, third-party security audit reports, and evidence)
    • Work together with the TPRM team and stakeholders to review the assessment and escalate any issues
    • Conducted meetings with of approved vendors for penetration testing, threat analysis, and vulnerability management vendors and reassess the findings based on their risk rating
    • Assist in the development and implementation of security policies and procedures for the firm sub-processes, IT systems, other applicable guidelines to meet the client's processes and controls (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures, and use of firewalls and encryption routines)
    • Independently evaluated the client's business goals and improve the effectiveness of my role in risk management, compliance, and governance processes according to the policy standards
    • Reviewed contracts and agreements to identify potential risks and ideal mitigation strategies that are relevant to the scope of the audit, the identified business objectives, and specific controls
    Senior IT Risk Auditor, 07/2019 to 02/2021
    Pennsylvania Higher Education Assistance AgencyCity, STATE,
    • Cyber Security experience in the understanding of PAM (Privileged Access Management), IAM Governance and Database Security
    • Working with audit engagement workflow diagrams, defining use cases, and standards documentation
    • Experience working with Security Engineers, IT Operations, and Infrastructure Engineers on use cases and gathering requirements (evidence collection)
    • Experience raising tickets, reviewing, scrubbing, and preparing evidence for review and sharing with auditors, triage auditor follow up
    • Independently evaluated the client's business goals and improve the effectiveness of my role in risk management, control, compliance, and governance processes
    • Maintained a Risk Consideration log for the department, and the business unit reviewed the records of risks, events, and considerations notes through the course of walkthroughs
    • Performed day-to-day support in ITGC Remediation (i.e., Appropriateness of access, seg
    • Of duties, privileged user accts., & BCP) on Application/Process specific integrated audits
    • Supported activities on Information financial statement audits and reviews for financial institutions, investment advisors
    • Interviewed system owners /ISSOs to ensure compliance with all systems security requirements and updates, providing guidance and instruction as necessary to the existing personnel; resulted in financial data that was analyzed to verify the accuracy and integrity of the information
    • Followed the Sarbanes-Oxley Act to expand mandated internal controls reports and disclosures to include cyber-security systems and risks of publicly traded companies
    • Experience using ticketing systems for tracking (JIRA, Remedy, ServiceNow, Archer, Process Unity, Risk Recon etc.)
    IT Security Control Assessor, 07/2017 to 07/2019
    Wolf & Company P.CCity, STATE,
    • My team and I meet with stakeholders for an ASSESSMENT KICK-OFF MEETING to gather all necessary info on the system to be assessed
    • For example, if there is a previous assessment report, any new changes with controls being assessed, the current security state of the system
    • After that, we develop the SAP to be presented for review and approval
    • After approval, my team and I will go ahead and do the assessment using the Examine, Interview, and Test method with NIST 800-53Ar4 as a guide to check for effectiveness of the controls, whether they are operating as intended, correctly, and producing the desired outcome
    • We then document all the findings in the SAR with all the required recommendations on how to mitigate them
    • The findings that were identified from the SCAN report (NESSUS) are then categorized into their RISK RANKING and then POAM is created to mitigate them
    • E.g
    • Of controls: AC-7, AC-11, RA-5
    • Work with clients to test for compliance with various prevailing regulatory laws, requirements, and standards including but not limited to Sarbanes-Oxley Act of 2002, NYDFS, Cloud Security Framework, General Data Protection Requirement (GDPR), COBIT 5, PCI DSS, ISO 27001, HIPAA, California Consumer Protection Act (CCPA), RMF-NIST, etc
    • Supported activities for Information Security Continuous Monitoring (ISCM), in compliance with NIST SP 800-171 controls within the Risk Management Framework
    • Certified/validated items uploaded into the POA&M tracking tool in Word/Excel in support of remediated findings
    • Revised security assessment reports (SAR) and the authority to operate (ATO) were within their 3-year lifespan, alongside making sure the system’s POA&Ms were closed or updated
    • Hands-on Certification and Accreditation/SAA experience and implementation status for both new and existing systems
    • Analyzed the results Firewall to correct any identified weaknesses/vulnerabilities such as missing patches, weak password settings, weak configurations from retention of temporary privileged accounts, or the system's default account
    Bachelor of Science: , Expected in
    Lincoln University - ,
    Master of Science: , Expected in
    University of Delaware - ,
    Certified Authorization Professional Certification (CAP) - ISC2 (IAM Level I) – Certification #: 1028400 Certified Information Systems Auditor (CISA) – ISACA (IAM Level III) - Certification #: 20169433

    By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy


    Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.

    Resume Overview

    School Attended

    • Lincoln University
    • University of Delaware

    Job Titles Held:

    • Information Security Analyst
    • Senior IT Risk Auditor
    • IT Security Control Assessor


    • Bachelor of Science
    • Master of Science

    By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

    *As seen in: