SUMMARY

• Experience security, risk, compliance and privacy analyst
• Experience in data/information security and compliance with various data regulations and standards.
• Creating and maintaining standards required for protecting data and information system.
• Performing the capacity planning required to create and maintain security metrics.
• Reviewing policies and procedures. Implementing and enforcing security for all section of information system to aid compliance with regulations, laws and standards.
• Creating monitoring and maintaining security awareness program to help increase security awareness.
• Putting standards in place to ensure that all practices are performed with proper integrity and security.
• Assist in evaluating security measures implemented to protect information and information systems.
• Managing information security risk to help promote confidentiality, integrity and availability of information processed by information system.
• Establish a continuous monitoring strategy to proactively monitor and track security weaknesses and the status of their mitigation.
• Create security metrics to help measure the effectiveness of security measures and control implemented to manage risk.
• Review, update and prepare enterprise security and privacy program for data regulations such as GDPR, CCPA, Privacy Shield and other state, national and international data regulations.
• Present status of security program as well as risk management effort to senior management and stakeholders.
• Great understanding of risk, risk management framework steps as well as various security and privacy frameworks, regulations and laws.
• Threat analysis, vulnerability management and Risk management.

PROFESSIONAL EXPERIENCE

Data Governance Analyst

Confidential, Oklahoma

Responsibilities:

• Develop, evaluate and implement information security and privacy governance processes, including policies, standards, procedures and risk management practices.
• Map current policies, standards, procedures and guidelines of the organization information security management system (ISMS) according to International standard organization (ISO 27001 and 27002) standards.
• Work with the data governance team and legal team on implementing and improving the organization current privacy email response project.
• Review software updates/improvement specifications for any privacy related weaknesses or vulnerability.
• Map current organization ISMS to EU - US privacy shield primary controls.
• Support the security and risk department by mapping organization’s current ISMS program to ISO 27017 and ISO 27018.
• Ensure compliance with all relevant state and federal privacy laws and analyzed company projects for compliance with US Government privacy laws, international privacy laws and company policies.
• Provided project support and privacy guidance as well as Consulted on the creation of privacy risks as part of the organization wide GRC program.

Information Security

Confidential, Oklahoma City, Oklahoma

Responsibilities:

• Support in the team of information security professionals to conduct Security Authorization packages (C&A) based on NIST standards for general support systems and major applications.
• Use security assessment tools to determine security posture of information systems and create a Plan of Action & Milestones (POA&M) to track system vulnerabilities and control weaknesses
• Monitor and advise on information security vulnerabilities related to all team's infrastructure systems. Analyze vulnerability result to help remediate vulnerabilities and threat.
• Collaborate with the stakeholders to implement the security control safeguards and documented the implementation within the organizations System Security Plan (SSP) and Security Control Assessment Plan.
• Oversee the preparation of a Comprehensive and Executive Certification & Accreditation (C&A) packages for submission to the Information Assurance Program Office for approval of an Authorization to Connect (ATC).
• Hold kick-off meeting with CISO and systems stakeholders prior to assessment engagement.
• Analyze and evaluate IT scan tool vulnerability reports for patch and change management and remediation.
• Help remediate findings by Audit teams to better improve the security stature of the system. Assist in Investigation of events, incidents and breaches of policy, standard and other acts of non-compliance.
• Support the privacy team in implementing privacy policy and procedures that align with various regulatory/statutory requirements.
• Maintain, review and manage security/compliance related awareness education and training control materials.
• Provide and assist staff with security awareness training to help improve the security posture of the organization.
• Engage agency and other third-party partners in risk management and information security management. Perform audit liaison duties to help external auditors perform audit and review duties.
• Hold remediation meetings with other system administrator to help improve risk management procedure and improve the continuous management practices and enterprise overall security posture.
• Work with the privacy workgroup/committee to review privacy controls for compliance with various regulatory/statutory requirements.
• Assist in preparing the organization for SSA audit by responding to SSA questionnaire and providing documents required by SSA auditors to evaluate enterprise security posture.

Jr. Information Security and Risk Analyst

Confidential, Houston, TX

Responsibilities:

• Support other Enterprise units to identify and manage various risk management activities such as Risk appetite, Risk Metrics, Risk Register etc.
• Create and update Contingency plans and Disaster recovery plans for information systems following NIST guidelines.
• Conduct continuous monitoring after authorization (ATO) to ensure continuous compliance with the security requirements.
• Develop, review and update Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance with NIST and other industry best security practices.
• Performed risk assessments; developed and review system security plan (SSP), Plans of Action and milestones (POA&M), Security Control Assessments, Configuration Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP) and other tasks and specific security documentation.
• Review and perform regular updates on enterprise security policies, standard and procedures.
• Assist in preparing for SSAE audit as well as other audits between organization and client.
• Work with various agency departments such as HR, Finance and Data governance to help create a robust continuous monitoring process.
• Review internal and external audits and review of IT general controls (ITGC) and internal control systems and work with other agency’s business units to monitor security controls and data protection.

TECHNICAL SKILLS

• Operating systems:
• MS-DOS, Windows system, Windows Servers.
• Control Tools & Utilities: Nessus Vulnerability Scanner
• LyncIM, Microsoft Outlook, SharePoint, Skype, Confluence.
• Performance Improvement
• Leadership Skills
• Problem Solving
• Communication Skills
• Information Gathering
• Interpersonal Skills
• Attention to Details
• Zeal to always improve