Privacy Officer Active Directory

MYRIANE SAO

Cyber Security Audit/Compliance Analyst

(adodj7@r.postjobfree.com)

240-***-****

Silver Spring, MD

Highly organized and dedicated IT Audit, Risk and compliance professional with 5 years of experience directing complex projects, developing strategies and leading teams to further the enhancement of overall regulatory compliant operations. A motivational leader who can easily work in and navigate and environment committed to personal development and with the ability to learn quickly and multi-faceted operational division. Experience knowledge in implementing controls, policies, procedure, processes, and assessment focusing on the improvement of business operation, regulatory affairs, compliance and information security, risk management, strategic planning, Privacy t5 and Data Protection. Penetration testing, Security Management & Operations, Vulnerability Scanning, Certification and Accreditation (A&A), NIST 800-53rev4 and NIST SP 800-37 rev 1, NIST 800-18, NIST800-34, NIST 800-60Vol1&2, NIST 800-30, NIST 800-137, FIPS 199/200, FISMA, NIST Family of Security Control, POA&M, Jira, Confluence, HIPAA, HITRUST, PCI-DSS, Incident and Contingency Planning, eMASS and eHealth information security technologies. Complete all projects on time with the highest level of scrutiny and attention to detail to ensure result exceed expectations. Strong Communication skills with experience working in a team environment, able to collaborate with individuals from diverse backgrounds.

PROFESSIONAL EXPERIENCE

IT Audit/Compliance Analyst, Avaya, Inc May 2019 - present

Coordinate, execute and perform lead audit function during internal audit to ensure compliance with applicable regulations and international laws and standard, standards, guidelines and procedures implement, manage and track effectiveness of corrective action plans and provide management with regular updates.

Collected Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamless and updated, reviewed, and aligned SSP to the requirements in NIST 800-53, rev4; so that assessments can be done against the actual requirements and not ambiguous statements.

Using GRC tools like Practical Threat Analysis (PTA) and The GRC Stack, which aims at synchronizing information and activity across governance, Risk Management and Compliance to operate more efficiently, enable effective information sharing, more effectively report activities, and avoid wasteful overlaps. Perform Scanning: Run port Scanning using tools like Nmap to obtain the list of open/active ports and services; and Vulnerability Scanning using tools like Nessus to identify weaknesses in the software and review Security Audit Logs: using SIEM tools like Splunk to verify that the Access Control.

Researches and interprets current and pending laws and regulations, industry standards and client and vendor commitments to understand and communicate compliance requirements and technical writing for policies, standards, and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation.

Facilitate vendor onboarding process and perform third party risk assessments ranging from Critical to low risk and Perform vendor risk assessment reviews according to pre-established policies and procedures managing multiple reviews in parallel

Work on mapping the SIG and control standards to the VRA Questionnaire and Manage SLA reviews and ensure that liquidated damages have been correctly calculated, manage and conduct meetings effectively and efficiently.

Clear understanding of emerging information security trends, including changes in security frameworks and regulatory requirements / Research on new regulation by reviewing regulatory bulletins while performing periodic security and compliance gap assessments on new and existing systems, processes, and technologies.

Preparing the Inventory Activity Report (IAR) and reconciling the vendor accounts and invoice monthly Reviewed services and provided by vendor define scope of assessment based on the standard information gathering (SIG) questionnaire

Perform vendor security assessment activities including evaluation of vendor controls and practices, process enhancements, performing onsite assessments, reviewing independent audit service reports and endure Governance sets tone for the entire company’s attitude to risk, ethics, and business practices.

Developed Standard Operating Procedures (SOP) as well as System-based Policies and Procedures and maintained up-to-date knowledge of cyber threats by researching top vulnerability database website, National Vulnerability database, OWASP Top 10.

Experience and experience with cloud data security and working with public cloud solutions, Comfortable with IaaS, PaaS, and SaaS and categorizing Systems with Stakeholder into either high, moderate, or low Impact level using the Vendor procurement form or scorecard according to the request of proposal.

Data Management applications, Statistical Data Analysis systems, Clinical Data Entry applications, electronic data capture systems. Familiarity with regulated systems (GxP, CFR 21 Part 11) and systems validation; Life Sciences, Biotech or pharmaceutical industry experience preferred Comfortable with project methodologies, and familiarity with tools including MS Project and Excel

Supports and collaborates with HIPAA Privacy Officer and Privacy Team on implementing programs to monitor compliance with regulations and organizational standards related to patient privacy and Protected Health Information Recent exposure to Agile concepts and tools like JIRA and Confluence also preferred.

Responsible for reviewing and assessing supplier evidence as related to the information security aspect like SIG, SOC 1 and 2 reports, Visa and Mastered certified, compliance certified.

Maintain a comprehensive PCI-DSS compliance program and maintain a comprehensive SOC compliance program with IDS understanding Snort signature/ rule logic, Sandbox analysis experience, Phishing alerts analysis, interpreting proxy logs and correlation with other logs.

key performance indicators (KPIs) and key risk indicators (KRIs) to measure and monitor program performance for the program strategy and supporting initiatives. Manages third party vendor management programs by defining security controls based on tiers of vendors, performing risk assessments for new and existing vendors, and partnering with legal to review contracts for new and existing vendors. Delivers and manages a security awareness & education program and monitors and measures compliance and performance

Establish and manage additional compliance programs across the Company (PCI-DSS, HIPPA, FISMA, SOC, Money Transmitter, COBIT, ITL and ISO (20,000/27,000).

Develops an enterprise risk management program that supports risk identification & assessment, response & mitigation, control monitoring & reporting, and measurement and tracking of risk.

Implement policies and procedures and enforce information security. perform self-assessments on all systems under my purview to ensure compliance with documented security requirements and to detect any system level vulnerabilities. Prepare a summary report of the findings and ensures proper protection and / or corrective measures are taken.

Develop and maintain System Security Plan (SSP), Contingency Plan (CP), Incident Response (IR) Plan, Standard Operating Procedures (SOPs).

Ensure all supported artifacts and results are documented.

Assist in designing and implementing risk mitigation strategy to foster organization cyber resilience.

Security Control Assessor, Acquia, Inc March 2016 - April 2019

Performed Security Control Assessments using NIST SP 800-53A as a guide (Interview, Examination and Testing).

Created Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST 800-53A.

Prepared FISMA and FedRAMP related Security Assessment and Authorization (SA&A) documentation for customer IT programs.

Categorize the information system using NIST 800-60 Volume 2 and FIPS 199 as a guide and select security controls using NIST 800-53 and FIPS 200 as a guide.

Protect privacy by safeguarding Personally Identifiable Information (PII), conduct Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA) and a System of Records Notice (SORN).

Perform the steps involved in the execution of the Risk Management Framework (RMF) to enable the organization to successfully complete the A&A process using NIST 800-37 as a guide.

Ensured that management, operational, and technical controls for securing the information system are in place and are followed. This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.

Reviewed and compiled the security control implementations, test results, Security Assessment Reports (SARs), Plan of Action and Milestones (POA&M), risk acceptance recommendations, and risk mitigation strategies to support the recommendation for client risk acceptance authorization decisions.

Worked with technology teams to gather control design requirements and facilitate discussions to bring to closure identified control issues.

Create, monitor, and update the status of Plan of Action & Milestones (POA&Ms) to ensure weaknesses are resolved in accordance with their scheduled completion date. Plan, and Analyze results from vulnerability scans and ensure they are remediated, as necessary.

Perform ongoing continuous monitoring using NIST 800-137. Work with the project manager and technical team to develop strategies and plans to enforce security requirements and address identified risks

Provided feedback top project lead on performance issues and improvements on implemented security assessment approaches, processes, procedures, methodologies etc.

Reported to the supervisor periodically on team and individual work accomplishments, problems, progress in mastering tasks, work processes, and individual and team training needs.

SKILLS

Knowledge of Nessus Tenable, Wireshark, Nmap, Splunk.

Unix (IOS), Windows, SharePoint, Microsoft Office

Framework: SOC 1-2 / ISO 27001/ PCI DSS / HIPAA/JIRA/AGILE// NIST 800 Series/ FISMA/ FIPS / FedRAMP / GDPR/PCI/ NIST CSF / CCPA / HITRUST / New-York Financial Regulation/ Privacy/CCPNA/AWS/CLOUD SERVICES/Active Directory, COBIT.

XACTA, CSAM, Scout, JIRA, Service Now.

Analytical, personal, and interpersonal skills

Project management and Attention to detail

Excellent verbal and written communication and Technical Writing

Patching and Vulnerability Remediation Management

Supply Chain and Asset Management

Multi-tasking work independently and with team

Vendor Risk/ Third-Party Security Risk Management

Business Continuity plan and Disaster Recovery plan

Plan of Action and Milestones (POA&M)

Incident and Contingency planning

SOC Report

SIG Core/ SIG Lite/Customize Questionnaires

EDUCATION/CERTIFICATIONS

Bachelor’s Degree in Computer Science, University of Yaoundé 1.

Certified CompTIA Security +

Certified Information System Auditor (CISA)

CISSP In Progress

Contact this candidate