information security auditor resume example with 6+ years of experience

Jessica Claire
Montgomery Street, San Francisco, CA 94105 609 Johnson Ave., 49204, Tulsa, OK
Home: (555) 432-1000 - Cell: - - : - -
Professional Summary

Versatile Information Technology Specialist with in-depth knowledge of information security principles and compliance, cloud infrastructure, industry best practices, professional experience, collaboration and good judgement to inform and deliver on an information security strategy and roadmap.

  • IT Audit
  • Cloud Migration
  • Cloud Security Alliance Common Controls Matrix (CSA CCM)
  • Data Privacy
  • Cybersecurity
  • Network Security
  • SIEM
  • SOAR
  • Vulnerability Management
  • Data Loss Prevention (DLP)
  • Governance, Risk and Compliance (GRC)
  • Qualys VM
  • Cloud Security
  • Risk Management Framework (RMF)
  • ISO 27001
  • NIST SP 800-53
  • AWS
  • Azure
  • Tenable Nessus
  • Information Assurance
  • Identity and Access Management (IAM)
  • IBM QRadar
  • Rapid 7 Insight VM
Work History
01/2018 to Current
Information Security Auditor Google Inc. The Dalles, OR,
  • Perform ongoing assessment of projects in support of information security systems and ensuring quality control of documents.
  • Conduct risk assessments and provide appropriate recommendations regarding cloud security, data privacy, critical infrastructure, network security operations.
  • Extensive knowledge in categorizing of information systems using different frameworks such as NIST SP 800-53, Cloud Security Alliance Common Controls Matrix and ISO 27001 framework.
  • Create, update and revise system security plans, disaster recovery plans and incident response procedures and objective.
  • Participate in kick-off meetings and review information security audit plan and objectives with stake holders prior to actual assessment.
  • Determine effectiveness of security controls, remediation actions and follow up on continuous monitoring activities.
  • Document and finalize audit report and recommend any changes to Information Owner as defined in the audit plan.
  • Analyze threats and identify vulnerabilities based on Tenable Nessus or Qualys VM reports, identify and eliminate false positives, determine severity of vulnerabilities from scan output.
  • Provide audit exit briefings to system stakeholders and ensure that all findings are documented in audit report.
  • Coordinates with SOC, external auditors and follows up on compliance requirements.
01/2016 to 12/2017
Cybersecurity Engineer (Contract) Eversource Energy City, STATE,
  • Developed the audit plan and performed the General Computer Controls Testing, Identified gaps, developed remediation plans and presented final results to the IT Management team.
  • Performed third party risk evaluation of vendors and categorized them based on their security scores
  • Provided guidance to all relevant stakeholders during the incident response process while maintaining effective response plans and processes.
  • Coordinated network security scans while assessing commercial cloud environments.
  • SME for client infrastructure design and security requirements, auditing and assessing client vulnerabilities metrics.
  • Advised and assisted with the review of Service Level Agreements, updating of security plans and following up on external audit results and remediation plans

02/2012 to 01/2013
Information Security Analyst (Contract) Priority Dispatch Inc. City, STATE,
  • Performed risk analyses to identify appropriate security countermeasures.
  • Analyzed Qualys VM and Tenable Nessus Scans reports to determine false positives and true positives of scanning results
  • Investigated security breaches, phishing attempts, virus reports and other cyber security incidents reported or flagged in the QRadar SIEM tool
  • Monitored use of data files and regulated access to protect secure information.
  • Responsible for keeping up to date with modern cybersecurity trends and making recommendations towards improvements in the company's security posture.
  • Provide advise based on corporate standards and industry frameworks such as NIST SP 800-53 and ISO 27001
  • Conducted security control reviews to assess the adequacy of management, operational privacy, and technical security controls implemented.
Expected in 08/2015 to to
Master of Science: Engineering Technology
Central Connecticut State University - New Britain, CT
  • Cisco Certified Network Professional Security (CCNP Security)
  • (ISC)² Certified Authorization Professional (CAP)
  • IBM Cybersecurity Analyst Professional
  • CompTIA Security Plus (Sec+)
  • Palo Alto Networks Certified Cybersecurity Associate (PCCSA)
  • AWS Certified Solutions Architect - Associate
  • AWS Certified Cloud Practitioner
  • Microsoft Certified Azure Fundamentals
  • Oracle Certified Cloud Infrastructure Foundations 2020 Certified Associate
  • ISO 27001 Internal Auditor Certificate
  • Certified Network Security Specialist (CNSS)

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • Central Connecticut State University

Job Titles Held:

  • Information Security Auditor
  • Cybersecurity Engineer (Contract)
  • Information Security Analyst (Contract)


  • Master of Science

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: