PROFESSIONAL SUMMARY:

Confidential is an experienced IT security professional with vast experience in the identification and remediation of key risks for clients across different industries. He has identified and communicated to senior management the identified risks and opportunities to strengthen the control environment as required, with a strong knowledge of regulations and available tools to manage the security requirements of any large organization.

CORE COMPETENCIES:

• Cyber Resilience
• IT Compliance
• Availability Management
• Authentication Protocols
• Third Party Risk Management
• Vulnerability Scanning
• OWASP Top Ten Risks
• IT Risk Assessments

SKILLS & TOOLS:

Applications & Tools: MAS360, AD Manager, AD Audit, SolarWinds, MS Azure, SCCM, vSphere Hypervisor, ESET NOD32, McAfee, Kaspersky, Trend - Micro, and Viper Anti- Virus Symantec Intruder Alert, Symantec Endpoint, Symantec Enterprise Security Management, Active Directory/ GPO Policies, Symantec Ghost, EFS Encryption, PKI, PGP Software, Net IQ, Wireshark, Splunk

Operating Systems: UNIX/Linux, Windows

Regulations: SOX, GLBA, PCI-DSS, HIPAA, FFIEC

Security Tools: CyberArk, Qualys, Imperva, QRadar, Nipper, Nessus, Nmap

Standards: ISO 27001, ISO 20000, ISO 8583, COBIT 5,NIST

GRC Tools: RSA Archer eGRC, MetricStream, Openpages

PROFESSIONAL EXPERIENCE:

Confidential

IT Security & Compliance Analyst

Responsibilities:

• Developed incident, preventative incident, preventative incident tickets and reports.
• Conducted live migration drills with sustain teams and advisor call centers to test response time of teams.
• Documented and tracked the timeline of events that occurred in the process to resolution for each of the incidents managed in support of post mortem/root cause analysis.
• Involved with architectural and network team to install and tune intrusion detection systems to match organizations security posture.
• Institute Information Security awareness .
• Conduct risk assessments and business impact analysis to mitigate the risk of information loss and determine gaps in Information security processes and procedures.
• Establish and maintain working relationship with business to provide guidance on security measures around business processes.
• Design and ensure implementation of approved access control measures to the different application support teams, third party vendors on and offshore.
• Liaise with business operations to proactively assess security policy compliance and monitor risks.
• Coordinate and perform compliance audits in accordance with information protection, data asset and threat provision under the Gramm-Leach-Billey and Sarbanes Oxley Acts
• Coordinate external/3rd party audits, including PCI DSS, Incident Response Planning, and Business Process Improvement reviews.
• Manage internal IT audit engagements including system platform audits, PCI Compliance Readiness reviews, IT Risk Assessments, change management, and business process control assurance.

Confidential

Technical Advisor

Responsibilities:

• Independently identify, troubleshoot, document, replicate customer’s network security and vpn in an enterprise environment R77.30 and R80.10 Confidential firewall using Siebel ticketing system
• Managing and monitoring firewall management server in an enterprise environment
• Log monitoring in R77.30 and R80.10 Confidential firewall
• Troubleshoot TCP/IP network using relevant protocols in linux and window environments
• Responsible for providing support in Confidential R77.30 and R80.10 software environment
• Assessed and analysed the risks and exposures for several types of network architecture system designs (WAN/LAN),management server, internet, vpn and wireless(802.11)telephony, ensuring data is sent through secure protocols to protect critical company assets and resources
• Troubleshoot and resolve network connection issues focusing on network diagnostic
• Escalate complex network problems in accordance with internal processes

Confidential

IT Risk Analyst

Responsibilities:

• Updates System Security Plans (SSP) Using NIST as a guide to develop SSP, Risk Assessments and Incident Response Plans
• Provide services as security control assessor (SCA), an integral part of the Assessment & Authorization process that includes A&A scanning, documentation, reporting and requirements analysis
• Monitor Security Controls leveraging NIST in order to perform periodic vulnerability scanning and test portions of applicable security controls annually
• Review and document contingency plans (CP), privacy impact assessments (PIA) and risk assessment (RA) documents per NIST 800 guidelines for various agencies
• Perform Continuous Monitoring (CONMON) tasks for the purpose of identifying & reporting new findings to clients via vulnerability assessment reports.
• Applied Risk Management Framework (RMF) Using NIST as guide for assessments and CM
• Ensured security controls were implemented correctly, executed per design and provided appropriate results
• Experienced with CSAM for assessments and uploading artifacts in security documents
• Supported DEV OPS efforts as point of contact for all clients and user requests
• Performed testing, QA, and reported defects via JIRA
• Review firewall systems, cyber security controls, authentication mechanisms, remote access, protocols, applications, networks, operating systems, servers and all other relevant aspects of securing IT operations for corporate and client data
• Assist with Security and IS management, the Legal department, Fraud department, Human Resources and law enforcement agencies to manage security vulnerabilities or inquiries.

Confidential

Security Analyst

Responsibilities:

• Performed vulnerability assessments using client provided security compliance scans and POA&M
• Leveraged analysis results to identify and resolve anomalies with validation script, facilitating close out of findings to meet ATO due dates
• Reviewed and processed manual security artifacts provided by system engineers via IV&V efforts
• Developed dashboard tracker to manage received artifacts using approved Open Source Tools
• Utilized Splunk machine learning capabilities to analyze logs, research incidents, and provide feedback to management (Non-Prod)
• Assist Information Security Engineer with complex risk decisions and provide advice and guidance where required.
• Conduct meetings, interview control owners, generate documentation request lists, evaluate documentation and prepare recommendations for improvement.
• Demonstrates advance understanding of organization's Information Security, Cyber Security and Business Continuity Management to clients during onsite visit, speaking on conference calls, email responses and completing client’s questionnaire
• Develop and manage the Information Security delivery of the Vendor Risk Assessment program.
• Develop infrastructure and IT Process assessments for use across the organization's computing environment.
• Document risk issues in the designated risk register
• Engage with technical process owners to understand technical process steps, identify risk, and drive toward a completed documentation that aligns with the IT Governance and Risk Management programs

Confidential

IT Business Analyst

Responsibilities:

• Assisted in writing Test Plans, Test Cases and participated in User Acceptance Testing.
• Compliance attestation testing of financially significant applications for Change Control and Logical Access processes.
• Conducted security assessments to determine the effectives of planned and implemented security controls.
• Developed maps, workflow diagrams and flowcharts of current and future business processes.
• Ensured preventative and predictive maintenance programs are developed /established and functioning efficiently to support operation requirements.
• Evaluated client’s key IT processes such as change management, systems development, computer / data Centre operations and managing security at database, network and application layers.
• Facilitated Change management Process from Request for Change (RFC) to implementation and review.
• Identified areas for business improvements.
• Organized meetings with system owners prior to assessment schedules.
• Performed all aspect of verification including feature testing, functional testing, unit testing, regression, load and performance testing.
• Performed systems security evaluations, audits, and server logging reviews to verify secure operations.
• Reviewing internal policies and procedures and existing laws, rules and regulations to determine applicable compliance and the adequacy of underlying internal controls.