PERSONAL PROFILE

I am an IT Security analyst with extensive knowledge in security tools, technologies and best practices especially in FISMA/NIST and Sarbanes-Oxley 404, COSO, COBIT, ISO, HIPAA, PCI-DSS and have much interest in helping organisations secure their information systems. I have more than three 3 years of experience in system security monitoring, auditing and evaluation, C A and Risk Assessment of GSS General Support Systems and MA Major Applications . I have the ability to work under pressure and able to work with or without oversight supervision. I demonstrate high level of diplomacy and professionalism at all times and I have a genuine desire to learn and also to make impact in the organization I work with.

CAREER OBJECTIVES

I am seeking for an Information System Auditor or Information Assurance position in a growth oriented organization with focus on FISMA, Sarbanes-Oxley 404, system security monitoring and auditing risk assessments audit engagements, testing information technology controls and developing security policies, procedures and guidelines.

SUMMARY OF WORK EXPERIENCE

I am specialized in areas such as Certification and Accreditation C A , Risk Management, Authentication Access Control, System Monitoring, Regulatory Compliance, Physical and environmental security, Incident Response, and Disaster Recovery. I am an expert in FISMA and SOX 404 compliance, IT Security Training, developing security policies, procedures and guidelines. I am a fast learner and easily adapt to new working environment. I have very good analytical and organizational skills. I have the ability to do multi-task, and can also work independently and also in a team. I have a strong verbal and written communication skills and also in technical writing skills.

IT EXPERIENCE

IT Security Consultant

confidential

• Conducted IT controls risk assessments that included reviewing organizational policies, standards, procedures and guidelines.
• Auditing of major applications and assessing control gaps.
• Assessed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, organizational and polices safeguards in order to maintain HIPAA compliance base on Office of Civil Right OCR protocol NIST SP 800-66 Rev1 and security controls NIST SP 800-53 .
• Development of HIPAA compliance reports, documenting auditing findings and corrective actions.

IT Security Analyst

confidential

• Conducted IT controls risk assessments that included reviewing organizational policies, standards, procedures and guidelines.
• Developed a security baseline controls and test plan that was used to assess implemented security controls.
• Developed and conducted ST E Security Test and Evaluation according to NIST SP 800-53A
• Conducted a security control assessment to assess the adequacy of management, operational privacy, and technical security controls implemented. A Security Assessment Report SAR was developed detailing the results of the assessment along with plan of action and milestones POA M to the Designated Approving Authority DAA to obtain the Authority to Operate ATO .
• Assisted in the development of an Information Security Continuous Monitoring Strategy to help Smart Think Inc. in maintaining an ongoing awareness of information security Ensure continued effectiveness of all security controls , vulnerabilities, and threats to support organizational risk management decisions.
• Assisted in the development of Privacy Threshold Analysis PTA , and Privacy Impact Analysis PIA by working closely with the Information System Security Officer ISSO , the System Owner, the Information Owners and the Privacy Act Officer
• Developed an E-Authentication report to provide technical guidance in the implementation of electronic authentication e-authentication
• Developed a system security plan SSP to provide an overview of federal information system security requirements and describe the controls in place.
• Conduct a Business Impact Analyst BIA to identify high risk area where audit effort will be allocated to.
• Performed Certification and Accreditation documents in compliance with FISMA/NIST and SOX 404 standards.
• Conducted meetings with the IT client team to gather evidence, developed test plans, testing procedures and documented test results and exceptions.
• Conducted walkthroughs, formulated test plans, documented gaps, test results, and exceptions and developed remediation plans for each area of testing.
• Performed IT operating effectiveness tests in the areas of security, operations, change management, and email authentication.
• Developed the audit plan and performed the General Computer Controls testing, identified gaps, developed remediation plans, and presented final results to the IT Management team.
• Developed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, organizational and polices safeguards in order to maintain HIPAA compliance base on NIST SP 800-66 Rev1 and security controls NIST SP 800-53 .
• Routine development of HIPAA compliance reports, documenting auditing findings and corrective actions.
• Trained and supervised staff on HIPAA requirements related to information technology. Initiated and lead information security awareness and training programs.
• Was responsible for the development of key security standards and guidelines by performing an in-depth security assessment using frameworks like COBIT, HIPAA and PCI DSS to help gain compliance.

IT Compliance Analyst

confidential

• Developed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, organizational and polices safeguards in order to maintain HIPAA compliance.
• Developed HIPAA compliance reports documenting auditing finding and corrective actions. These reports were submitted to the ISSO.
• Involved in the security awareness and training of staff on HIPAA requirements as it related to information technology.
• Conducted Certification and Accreditation C A on general support system and major application using the six steps of the Risk Management Framework RMF from NIST SP 800-37 in order to meet the necessary Federal Information Security Management Act FISMA .
• Developed System Security Plan SSP , Security Assessment Report SAR and POA Ms that were presented to the Designated Approving Authority DAA in order to obtain the authority to operate ATO

Computer Lab Coordinator

confidential

• Assisted Students with PC and Desktop Application Issues Regularly performed hardware and Software maintenance
• Facilitated bi-weekly seminars on the use of Microsoft Office Applications.
• Engaged and tracked Priority issues with responsibility for the timely documentation, and escalation