Senior Information Security Specialist Resume Example

Love this resume?

By clicking Build Your Own Now, you agree to our Terms of Use and Privacy Policy

Jessica Claire
, , 100 Montgomery St. 10th Floor
Home: (555) 432-1000 - Cell: - - -

Skilled Information Security Analyst with over 7 years experience in Information Security system assessment, Risk assessment of General support systems (GSS), Risk management ,Risk Management Framework and assessment ,unauthorized access viruses and a wide range of vulnerabilities and threats and major Applications (MA). Well-versed in IT risk assessment, 3rd Party/ vendor security control assessment and auditing. FISMA, HIPAA, SOX, GLBA, SOC report, and ISO 27001. Experienced in Compliance testing, change management, Incidence Response, Configuration Management, Contingency planning and a wide range of Control measures, NIST 800-53, NIST 800-53A,NIST 800-37, NIST 800-30,NIST 800-34, NIST 800-18 . Able to thrive in fast-paced and challenging environments where accuracy and efficiency matters.


Team coordination
Project evaluations
Exceptional communication skills
Vendor Risk assessment

Team player mentality
Risk assessments
Information gathering
Analysis and reporting
Meticulous attention to detail

SQL server Database Analysis

Experienced in Disaster recovery and Business Continuity solutions

Experinced with the use of the following regulations and standards


07/2020 to Current
Senior Information Security Specialist Axway Software Scottsdale, AZ,

Perform risk assessments by analyzing questionnaires such as third-party engagement profiles and due diligence evaluations.

Serves as a subject Matter Expert (SME) in key third-party risk domains.

Evaluate third party control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to: ISO 27001, SIG, SOC reports, as well as Privacy, Compliance, Business Resiliency, Cyber and other risk domains.

Analyze third-party risk data, including exit strategies and performance scorecards.

Liaise with key business partners and team members to facilitate risk analysis to identify appropriate criticality of third parties.

Manage required artifacts, perform quality control reviews, and support the end-to-end processing of third-party assessments.

Develop working knowledge of the Bank operations and business services, as needed, to execute due diligence reviews and other risk activities.

Contribute to the Third-Party Risk & Oversight program execution and adherence, including process enhancements and remediation efforts, as applicable

02/2019 to 06/2020
Information Security Analyst Actionet, Inc. Fairbanks, AK,

Review completed SIG questionnaires based on vendor inherent risk
Document risks and recommendations based on a vendors lack of controls

Identify and measure risk associated with vendor security controls

Perform Third Party Risk Assessment to assess the effectiveness of vendor’s controls against ISO 27001, HIPAA, SOC 2 type 2 report, HITECH, and Meaningful Use requirements through the use of GRC tools such as Archer.

Creates issues to be entered into servicenow for lack of documentations response by vendors to be remediated.

Assessed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, organizational and polices safeguards in order to maintain HIPAA compliance base on Office of Civil Right (OCR) protocol, NIST SP 800-66 Rev1 and security controls (NIST SP 800-53).

Experienced with the Library of NIST's Special Publication (SP) documents such as NIST SP 800-53 Revision 4, Security and privacy controls for Federal Information systems and organization and FIPS 199 for categorization.

Performed security assessments, Developed, reviewed, and updated Certification and Accreditation (C&A) packages and Authority to Operate (ATO) documentation for systems hosted and owned by the Company.

Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
Development of HIPAA compliance reports, documenting auditing findings and development of corrective actions plans.

Maintain strong working relationships with individuals and groups involved in managing information risks across the organization.

08/2017 to 01/2019
Information Security Risk Analyst Adobe Systems Incorporated Santa Monica, CA,

Sustain and improve the enterprise information security risk management framework, policy, processes, and tools
Manage the risk reporting process with the Director of Information Security Program Management and Chief Information Security Officer (CISO)
Performed Vendor Risk Assessment to verify the effectiveness of vendor’s control measures against ISO 27001, HIPAA, HITECH, through the use of GRC tools.

Document and report risk to Vendor Assessment management team, business partners, and vendors

Develops, implements, monitors and reports performance measures that demonstrate value and ensure vendor performance

Manage relationships with security, technology and business stakeholders to identify and communicate security risks and mitigation approaches
Develop and implement the next-level down risk management processes (process-level, asset-level, etc.), including embedding risk assessments into existing capabilities (architecture reviews, secure design and development, etc.)
Develop and articulate the vision, strategy, and direction of the information security risk program
Work proactively with the IT compliance function regarding key information security risk considerations

Researching, identifying, and mitigating security threats to information systems.

01/2014 to 07/2017
Information Security Analyst Actionet, Inc. Fairmont, WV,

Assist in the development of key security standards and guidelines by performing an in-depth security assessment for HIPAA, PCI DSS, ISO 27001 and SOX to help gain compliance.

Assessed incoming threats and developed plans to close loopholes.
Perform vendor documentation review and analysis
Assess current business practices and identify opportunities to promote effective third party risk management
Developed System Security Plan (SSP), Security Assessment Report (SAR) and POA&Ms.

Provides professional security engineering and compliance efforts according to, HIPAA, PCI-DSS, Sarbanes Oxley 404, GLBA, regulations to develop security infrastructure monitoring and incident management scorecard reporting systems for executive management review.

Developed and implemented best security standards, and researched on latest security trends

Coordinated with Departmental agency staff as necessary to provide guidance on the process of conducting risk analysis and computer security reviews, security assessments, the preparation of Disaster Recovery Plans in the Continuity of Operations (COOP) plans, security plans, and the processes involved in the DOL required activities for the Certification and Accreditation of Major Information and General Support Systems (MIS/GSS)

Education and Training
Expected in
MBA: Masters Business Administration
University of Bologna - Italy, Bologna,
Expected in
Bachelor of Science: Science And Technology
Kwame Nkrumah University of Science And Technology - Kumasi, Ghana,
Expected in
Certification Training: Information Security
Omibia Information Technology - Bologna, Italy,
Activities and Honors
  • International student scholarship Award winner 2012, Bologna-Italy, Member of society of technology and petroleum Engineers

By clicking Build Your Own Now, you agree to our Terms of Use and Privacy Policy

Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.

How this resume score could be improved?

Many factors go into creating a strong resume. Here are a few tweaks that could improve the score of this resume:


Resume Strength

  • Length
  • Personalization
  • Strong Summary
  • Target Job

Resume Overview

School Attended
  • University of Bologna
  • Kwame Nkrumah University of Science And Technology
  • Omibia Information Technology
Job Titles Held:
  • Senior Information Security Specialist
  • Information Security Analyst
  • Information Security Risk Analyst
  • Information Security Analyst
  • MBA
  • Bachelor of Science
  • Certification Training