Skilled Information Security Analyst with over 7 years experience in Information Security system assessment, Risk assessment of General support systems (GSS), Risk management ,Risk Management Framework and assessment ,unauthorized access viruses and a wide range of vulnerabilities and threats and major Applications (MA). Well-versed in IT risk assessment, 3rd Party/ vendor security control assessment and auditing. FISMA, HIPAA, SOX, GLBA, SOC report, and ISO 27001. Experienced in Compliance testing, change management, Incidence Response, Configuration Management, Contingency planning and a wide range of Control measures, NIST 800-53, NIST 800-53A,NIST 800-37, NIST 800-30,NIST 800-34, NIST 800-18 . Able to thrive in fast-paced and challenging environments where accuracy and efficiency matters.
Team player mentality
SQL server Database Analysis
Experienced in Disaster recovery and Business Continuity solutions
Experinced with the use of the following regulations and standards
FISMA, NIST, HIPAA, ISO 27001, PCI DSS, SOX etc.
Perform risk assessments by analyzing questionnaires such as third-party engagement profiles and due diligence evaluations.
Serves as a subject Matter Expert (SME) in key third-party risk domains.
Evaluate third party control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to: ISO 27001, SIG, SOC reports, as well as Privacy, Compliance, Business Resiliency, Cyber and other risk domains.
Analyze third-party risk data, including exit strategies and performance scorecards.
Liaise with key business partners and team members to facilitate risk analysis to identify appropriate criticality of third parties.
Manage required artifacts, perform quality control reviews, and support the end-to-end processing of third-party assessments.
Develop working knowledge of the Bank operations and business services, as needed, to execute due diligence reviews and other risk activities.
Contribute to the Third-Party Risk & Oversight program execution and adherence, including process enhancements and remediation efforts, as applicable
Review completed SIG questionnaires based on vendor inherent risk
Document risks and recommendations based on a vendors lack of controls
Identify and measure risk associated with vendor security controls
Perform Third Party Risk Assessment to assess the effectiveness of vendor's controls against ISO 27001, HIPAA, SOC 2 type 2 report, HITECH, and Meaningful Use requirements through the use of GRC tools such as Archer.
Creates issues to be entered into servicenow for lack of documentations response by vendors to be remediated.
Assessed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, organizational and polices safeguards in order to maintain HIPAA compliance base on Office of Civil Right (OCR) protocol, NIST SP 800-66 Rev1 and security controls (NIST SP 800-53).
Experienced with the Library of NIST's Special Publication (SP) documents such as NIST SP 800-53 Revision 4, Security and privacy controls for Federal Information systems and organization and FIPS 199 for categorization.
Performed security assessments, Developed, reviewed, and updated Certification and Accreditation (C&A) packages and Authority to Operate (ATO) documentation for systems hosted and owned by the Company.
Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
Development of HIPAA compliance reports, documenting auditing findings and development of corrective actions plans.
Maintain strong working relationships with individuals and groups involved in managing information risks across the organization.
Sustain and improve the enterprise information security risk management framework, policy, processes, and tools
Manage the risk reporting process with the Director of Information Security Program Management and Chief Information Security Officer (CISO)
Performed Vendor Risk Assessment to verify the effectiveness of vendor's control measures against ISO 27001, HIPAA, HITECH, through the use of GRC tools.
Document and report risk to Vendor Assessment management team, business partners, and vendors
Develops, implements, monitors and reports performance measures that demonstrate value and ensure vendor performance
Manage relationships with security, technology and business stakeholders to identify and communicate security risks and mitigation approaches
Develop and implement the next-level down risk management processes (process-level, asset-level, etc.), including embedding risk assessments into existing capabilities (architecture reviews, secure design and development, etc.)
Develop and articulate the vision, strategy, and direction of the information security risk program
Work proactively with the IT compliance function regarding key information security risk considerations
Researching, identifying, and mitigating security threats to information systems.
Assist in the development of key security standards and guidelines by performing an in-depth security assessment for HIPAA, PCI DSS, ISO 27001 and SOX to help gain compliance.
Assessed incoming threats and developed plans to close loopholes.
Perform vendor documentation review and analysis
Assess current business practices and identify opportunities to promote effective third party risk management
Developed System Security Plan (SSP), Security Assessment Report (SAR) and POA&Ms.
Provides professional security engineering and compliance efforts according to, HIPAA, PCI-DSS, Sarbanes Oxley 404, GLBA, regulations to develop security infrastructure monitoring and incident management scorecard reporting systems for executive management review.
Developed and implemented best security standards, and researched on latest security trends
Coordinated with Departmental agency staff as necessary to provide guidance on the process of conducting risk analysis and computer security reviews, security assessments, the preparation of Disaster Recovery Plans in the Continuity of Operations (COOP) plans, security plans, and the processes involved in the DOL required activities for the Certification and Accreditation of Major Information and General Support Systems (MIS/GSS)
Job Titles Held: