Seeking an Information System Auditor or Information Assurance position in a growth oriented organization with emphasis on FISMA, Sarbanes-Oxley 404 ,PCI,HIPAA, system security monitoring and auditing; risk assessments; audit engagements, testing information technology controls and developing security policies, procedures and guidelines. I have a specialty in the following areas as Network security, Cyber security, Information Assurance (IA), Certification and Accreditation (C&A), Risk Management, Authentication & Access Control, System Monitoring, Regulatory Compliance, Physical and environmental security, Project Management, Incident Response, and Disaster Recovery. I possess a strong managerial skill, excellent in relation building and developing strategic partnership. I am an expert in FISMA compliance, Security Training, developing security policies, procedures and guidelines. I am highly adaptive and have superior analytical and organizational skills as well as familiar with a wide variety of applications, databases, operating systems and network devices. I am a fast learner, have the ability to multi-task, and can also work independently and as a contributing team member. I have a strong verbal/written communication skills and Technical Writing skills. I have over six (6) years of experience in information security; with 4 of those years spent in a network security and six (6) IT audit experience.
Certifications and training Six sigma green belt certification (caterpillar university) Actively working to become a Certified Information Security Auditor (CISA) Actively working to become a Certified Information System Security Professional (CISSP) Information System Security Officer/Information System Security Manager training (ISSO/ISSM), February 2013
Core Qualifications
COSO/COBIT, Sarbanes-Oxley Act, SAS-70/SSAE 16 , ITIL, ISO 27001, Privacy Act of 1974, Gramm–Leach–Bliley Act (GLB),Certification and Accreditation, Project Management, Change Management, OMB Circular A-130 Appendix III, NIST 800-53, NSA Guide, FIPS, STIG, DoD 8500.2, DITSCAP, DoD 8510.bb, DIACAP, FISMA, FISCAM, Security Content Automation Protocol ( SCAP). , Microsoft Word, Excel, Project, Access, Power Point, Publisher, Visio, SharePoint.
Experience
IT Security Analyst, 02/2010 to Current Advisors Excel – , , U.S.A
Responsible for conducting Security Assessment and Authorization (SA&A) on applications within using the six steps of the Risk Management Framework (RMF) from NIST SP 800-37 in order to meet the necessary Federal Information Security Management Act (FISMA).
Analyze Nessus(r) and AppScan(r) results to determine the security posture of each application as applicable.
Have the knowledge and familiar with security best practices.
Generate SA&A package; System Security Plan (SSP), Security Assessment Report (SAR) and POA&Ms and present it to the Designated Approving Authority (DAA) in order to obtain the authority to operate (ATO) Provide advisory services on system security assessment and authorization efforts to the Information System Security Officer Provide security analysis and technical support, which included assisting with the review of new security policies and the generation of vulnerability remediation reports Assist with Independent Verification and Validation (IV&V) tasks by analyzing, evaluating, reviewing, inspecting, assessing, and testing software products and processes Create standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages Conduct IT controls risk assessments that includes reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard Ability to use office equipment, computers and network diagnostic tools.
Ability to provide adequate advice to staff from a variety of backgrounds taking into account cultural and socio economic differences.
Manages compliance related activities to document, schedule and collect documentation requests and procedural information to support audit and assessment activities, including SOX, PCI, and internal audit reviews.
Manages user authentication, authorization and access controls for systems and applications.
IT Compliance Analyst, 10/2008 to 01/2010 Arthur J Gallagher & Co. – , ,
Performed IT risk assessment and document the system security key controls Met IT team members to gather evidence, developed test plans, test procedures and documented test results and exceptions Designed and conducted walkthroughs, formulated test plans, test results and developed remediation plans for each of the testing Wrote audit reports for distribution to management and senior management documenting the results of the audit Participated in SOX testing of the general computer controls Developed a business continuity plan and relationships with outsourced venders.
Evaluated clients key IT processes such as change management system development.
Help Desk Technician, 05/2007 to 09/2008 – , ,
University of Phoenix Assisted Students with PC and Desktop Application Issues Regularly performed hardware and Software maintenance Facilitated a weekly one hour seminar on how to use Microsoft Office Applications Engaged and tracked Priority issues with responsibility for the timely documentation, and escalation.
Education
MBA: Project Management, Expected in University of Phoenix - , GPA: Project Management
Bachelor of Education: Social Sciences, Expected in University of Cape - , GPA: Social Sciences
Professional Affiliations
Skills
Automation, Change Management, hardware, Content, clients, documentation, senior management, Information Security, ISO, ITIL, Access, Excel, Microsoft Office Applications, Power Point, Publisher, Microsoft Word, network, office equipment, organizational, PCI, policies, processes, Project Management, risk assessment, Risk Management, Sarbanes-Oxley, SAS, security analysis, SSP, technical support, Validation, Visio
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
How this resume score could be improved?
Many factors go into creating a strong resume. Here are a few tweaks that could improve the score of this resume:
