SUMMARY OF QUALIFICATIONS:

• I have a proven record as a successful leader, business resiliency, process and security analyst. eveloped documentation for business processes, software, hardware, and personnel.
• Analyze data to identify and anticipate trends.
• Oversee and drive completion of projects. Make recommendations on new solutions and initiatives based on best practices and mandates.
• Thoroughly document and present applications’ strengths, weaknesses, opportunities and threats.
• Work with stakeholders as well as developers to accomplish corporate objectives maintaining transparency, time constraints and budgets.

SKILL SUMMARY:

Tools: Third Party Risk Management (TPRM), Ariba, SOC2 Compliance, FFIEC to TPAQ map, CSAM, ServiceNow, Business Requirements Document (BRD), Governance, Risk and Compliance (GRC), ITIL Framework, Sarbanes Oxley, Symantec - SIEM, A to I /dependency mapping, DataGuard, Data Vaulting, TSM, Site Recovery Manager, Avamar/Data Domain, Azure, HIPAA, ISO 27001, CMDB/ITSM, Root Cause Analysis, UML- (Swimlane, Sequence Diagram/Modeling- as is and to be), Due Diligence, FAT, UAT, SIT Testing, Business Process Mapping/Development, and Business Process Improvement, RAD, Waterfall, Agile Methodology- Scrum/Sprint facilitator, ITSM, FIPS, Paragon, LDRPS, Security Controls Assessments, Gold Disk, Nessus and Retina scans, FISMA Guidelines, A-123, POA&M, Business Resiliency, ADDM, Neebula, Deep Dive, NIST 800 -34, 53, 84, 37, 171 Mandates, SharePoint - RASCI, Environmental Management, Remedy, Proof of Concept, CONOPS, RBD and RAD, XACTA, SAP, NOC Implementation, FCD 1&2, MS Office Suite, SOP creation/customization, Risk Management, ISACA

PROFESSIONAL EXPERIENCE:

Confidential

Third Party Risk Analyst, O’Fallon, MO

Responsibilities:

• Working closely with the Quality Assurance team to coordinate and fulfill the third party assessment questionnaires (TPAQ) with an emphasis on corrective action plans (CAP) for the Incident Management Log (IML)
• Mapped Federal Financial Institutions Examination Council to the Confidential Third Party Assessment Questionnaire with an emphasis on the Guidance and supporting questions
• Ensure assessment and supporting materials were complete and met Confidential and the supplier’s expectations including the identification of controls gaps, weaknesses and vulnerabilities.
• Clearly document and define risks, potential impacts and the probability of such an event.
• Escalate high risk findings to Third Party Risk Managers (TPRM) within Global Supply Chain to drive decisions, formal sign-offs and security treatment plans.
• Compose and post risk assessment reports regarding third party exposure and risk likelihood.
• Created assessment packages Third Party Assessment Questions (TPAQ Questionnaires) based on the supplier’s task/service to Confidential . This includes Cloud Services, Electronic Transportation Media (ETM)/Courier, Continuity of Business, Physical Security and European Agent Banks.
• Generate through CASP assessments packages within identified system and in alignment to the third party risk management (TPRM) Process framework
• Supports the Information Security (IS) Risk Assessment team within Third Party Risk Management, enhancing and/or maintaining the IS Risk Assessment program, managing, monitoring, and prioritizing assessments to effectively balance capacity across the team
• Collaborates with Quality Assurance (QA) and internal supplier relationship owners to understand business requirements, and provides them with support, education, and training to build their risk awareness
• Provides guidance and direction on conducting thorough Information Security due diligence to onboard and pre-screen prospective new suppliers. Advise direct reports, as needed, to engage with prospective supplier's technology and security teams to assess their technology, operating methodology, and security policy
• Provides guidance and direction on the assessment of external information security certifications and/or internal/self-assessed evidence (Information Security Policies, SIG, Audit Reports, Technology Infrastructure and Process and Data Flow diagrams, etc.)
• Establishes requirements on recommendations of risk mitigation techniques or compensating controls to relationship owners and suppliers based on business requirements, nature of relationship, and criticality of supplier
• Partners with the Legal department as Information Security subject matter expert in review of Master Service Agreements and Statements of Work when on-boarding or at renewal; opines on additions, removals and/or changes to clauses

Confidential, Kansas City, MO

Deputy Team Lead DR/Project Manager

Responsibilities:

• Lead efforts to effectively identify risks, partner to develop remediation approaches and controls, ensure remediation plans are executed and validated.
• Provide expertise on all risk matters requiring review and ensuring all risk management deliverables are met accurately and timely.
• Providing risk management leadership to mature technology processes, and provides input to the risk reporting for the group.
• Audit, test and review system architecture and implementation for compliance with best practices and/or regulatory compliance mandates.
• Perform risk assessments of IT infrastructure or applications and make recommendations for improvements based on the client’s stated risk tolerance levels. Review and recommend administrative, technical and physical controls to mitigate identified risk. Develop information security policies, standards and baselines based on best practices and/or mandates.
• Design or review disaster recovery and business continuity plans including business impact assessments, RPO / RTO recommendations and test cases.
• Provide strategic leadership and budgeting for the division setting goals and objectives for profitability, service delivery and client satisfaction.
• Work with multiple teams (capacity planning, operations, queuing etc) to ensure current SLAs are correctly structured in order to provide maximum recovery windows without jeopardizing service.
• Provide real-time escalation, recovery, and restore capabilities for any failure of service; notify the proper support teams; and coordinate recovery as needed.
• Escalate all major issues and notify senior management—ensuring the right people know of the incident at the right time
• Provide daily management status reports and metrics, reviewing them daily for trends and potential problems
• Act as principal liaison and the internal voice of the Command Center and Investigator systems readiness and performance trends.

Confidential, Peoria, IL

Global Information Systems Lead Analyst/Project Manager

Responsibilities:

• Maintain PCI security standards for various applications from an infrastructure to application perspective regarding data protection and awareness
• Application to infrastructure mapping
• In functional testing and event management- LAN-Network, WAN, Firewalls and the beginning of the infrastructure recovery, DNS changes
• Direct and assist with development of DR activities for IT Teams (e.g., DR plans, testing)
• Advise Infrastructure teams on DR design and helps identify gaps and issues
• Provide input to DR Specialist on policies, standards and procedures
• Maintains repository, Archer for DR documentation
• Provide training and awareness of DR policies, procedures, and templates
• Collect and maintains KPIs/metrics for DR activities
• Provide periodic reports of DR performance to DR Manager. Manages, maintains, and reports on DR issues. Orchestrate the execution of DR recovery
• Use of technical infrastructure components (WAN, LAN, Networks, Middleware, Mainframe, Distributed Servers/storages, backup/recovery technologies, etc.). Proficiency with virtualization, cloud, and automation
• DataGuard, Snap-mirroring, RecoveryPoint as well TSM and Avamar/Data Domain for data recovery, replication and storage
• Primary Recovery Data Center Hardware Name (including HostName /URL where applicable)

Confidential

Technical Business Analyst/Project Management, Baton Rouge, LA

Responsibilities:

• ServiceNow-Assess the available technologies and recommend solutions to ensure efficient, accurate, and quality implementation and maintenance of the systems. Served as a liaison between the functional technical areas, as well as guided the decision-making process to ensure the appropriate solution is identified and selected.
• ServiceNow and Axios implementation as a technical business analyst as well as Workforce Optimization implementation. Work closely with the Network Operations Center (NOC) to implement the CMDB as well as VMware relocation. To make these changes Proof of Concept Methodology was used.
• Helped design and develop ITIL based ITSM solution for enterprise.
• Agile/Waterfall methodology was the path of deployment for ServiceNow with Neebula more like Joint Application Development (JAD)
• For ServiceNow, the Data Center relocation and Service Catalog Implementation, I utilized the statement of work (SOW) to define and complete the business requirement document BRD(s) maintaining adherence to existing service level agreements (SLA). This was greatly influenced by the As-is/To-be or future state portion.
• ITILv3 implementation of ServiceNow functionality:
• Keep customer(s) up-to-date on status of requests or issues.
• Translate functional/business requirements into technical designs.
• Develop and implement new applications or modifications to existing applications.
• Document unit and integration testing as well as system integration testing.
• Document implemented processes and procedures for different audiences.
• Service Catalog creation and implementation as EM based on interviews and interdependent work requirements.
• Used Deep Dive Investigation, Proof of Concept (POC) utilization

Senior Information Assurance Analyst/Security Analyst/Project Manager

Confidential, Austin, TX

Responsibilities:

• Support a governance framework to provide transparency, accountability, and escalation of risk management related matters.
• Through MS Project and keeping the stakeholders abreast via presentations, I developed and updated C&A security artifacts such as security plans, contingency plans, risk assessments, privacy impact assessments, incident response plans, configuration management plans, configurations checklists, and interconnection security agreements. Including continuous monitoring, self-assessment testing, and audit and compliance support. Conducts audits on artifacts to ensure they meet all applicable FISMA, NIST, VA, and CDCO criteria, including obtaining management approval. These artifacts and the ATO(s) were implemented with strict adherences to timelines.
• Ticketing system used was Remedy - CA Service Desk an exclusive ITILv3 product used to manage incidents, service requests and change management document configuration items’ status.
• I also possess experience in the areas of server operations and management; systems administration, change management, network management, capital planning, websites operations maintenance, asset management and systems architecture.
• Continuing to draft and implement the following initiatives and supporting documentation for the VA during my tenure:
• Business Impact Analysis
• Risk Analysis (RA)
• Mitigation strategy creation
• Business Continuity Disaster Recovery Plan (BCDRP)
• Facilitated functional and tabletop test
• Facilitated scrum sessions during exercise
• Adherence to ISO 27000 standard 11 domains, NIST and HIPAA guidelines on matters pertaining to confidentiality, data integrity and availability.
• Interpret Retina and Nessus Scan results based on the IP address summary, dynamic vs. real-time scans, active and passive vulnerability scans, New IP addresses and open ports analysis as well as monitoring mobile devises was in the reports.
• Analysis is based on Confidential standards ( 800-53, 800-60, 800-37) FISMA, and stored in the SMART and put XACTA

Senior Certification and Accreditation Analyst/Security Analyst

Confidential, MS

Responsibilities:

• Provide real-time analysis of security alerts generated by network hardware and applications. Event management to log security data and generate reports for compliance purposes.
• Provide data to the Confidential and Confidential for the Certification and Accreditation Process to receive an authority to operate and authority to connect (ATO/ATC). Provide input to leadership on improvements and recommendations
• Worked extensively with the Confidential to assure the mainframe’s migration was in accordance with Confidential and Confidential regulations which included but not limited to the System Security Plan, Security Features Users Guide, and the Privacy Impact Analysis
• Charted and tracked milestones for the MF migration from Dallas to Stennis Space Center with the failover location in Virginia. All these systems and their dependencies were on 1 of three Logical Particians (LPARS)
• Systematically evaluate, describe, test and authorize systems prior to or after a system is in operation.
• Motivates team members and facilitates team meetings and acts as liaison, problem solver, and facilitator
• Make sure proper documentation is in place which includes but is not limited to SLA(s), MOU, ATO, RTA, COC
• Perform comprehensive evaluation of the technical and non-technical security controls (safeguards) of an information system to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirement

QA Senior Security Analyst-Project Manager

Confidential, MO

Responsibilities:

• Subject matter expert (SME) regarding business continuity, mitigation strategy creation and accurate documentation for the application database. As the Business Process developer, I was instrumental in putting applications and system’s DR plans through phases of SDLC especially adding the BIA to phase zero.
• Adherence to Confidential and HIPAA guidelines on matters pertaining to confidentiality, data integrity and availability.
• Maintained security standards, procedures, processes, guideline and policies, such as user authentication rules, security breach resolution procedures, security auditing procedures, and use of firewalls and encryption routines
• Prepared status reports on security matters to analyze security risk and response procedures. Monitor and recommend solutions for correcting issues related to security technology performance and capabilities. Track and monitor software viruses
• Document server load balancing for EMR
• Implemented FIPS -199 to the criticality application/system assessment
• MS Project is the tool used to keep stakeholders and QA team management abreast of my progress
• PM and SME for the conversion to the implementation of Confidential 800-34 as the guideline for DRP template
• Continuing to draft and implement the following initiatives and supporting documentation for Confidential during my tenure:
• Business Impact Analysis (BIA)
• Continuity of Operations Plan (COOP)
• Risk Analysis (RA)
• Mitigation strategy creation
• Business Continuity Disaster Recovery Plan (BCDRP)

DR Team Lead/Project Manager

Confidential, St. Louis, MO

Responsibilities:

• Scrum Facilitator during the functional testing period, Implemented and established tele-working.
• Ticketing system used was Remedy-CA Service Desk an exclusive ITILv3 product used to manage incidents, service requests and change management document configuration items’ status
• Modified Agile was the methodology of choice
• Escalate issues and/or incidents when appropriate
• Effective mentor on the components and benefits that the entire team had in DR. Put together and respond to OIG/Cyber Data-calls
• Drafted and implemented the following initiatives and supporting documentation for the Confidential DCIO during my tenure:
• Business Impact Analysis (BIA)
• Software Development Life Cycle (SDLC)
• Request for Automation (RFA)
• 24 x 7 availability to collaborate with cross functional SMEs to resolve complex technical and functional problems
• Include ad hoc document redundant components to guarantee continuous operation for mission critical systems.

Business Analyst/DR Specialist

Confidential, New London, CT

Responsibilities:

• Recovery-related documentation review
• An analysis of existing documentation
• Identification of infrastructure and application dependencies
• A comparison of recovery mitigation steps identified for the application vs. industry best practices
• Gaps and recommendations
• Emphasis on infrastructure recovery for tiered applications.
• Elicit business, functional and non-functional requirements using, interviews, document analysis, requirements workshops, surveys, business process descriptions, used case, scenarios, business analysis, and task and workflow analysis
• Updated their CMDB-Application Repository Core (ARC)
• Perform discovery analysis including elicitation of business requirements from Subject Matter Experts (SMEs). Draft required SDLC documents for approval and creating process flow diagrams, tables and screen mock ups. Risk allowance and aversion analysis and documentation applicable for proprietarily developed and custom commercial of the shelf (CCOTS) software
• As facilitator under the agile SDLC, I contributed in two main activities which were the continuous Vision and Scope Sessions