Information Security Technology
Resume:
Camille E. Simms
**** * **** ****** ************, PA 19153 215-***-**** (C) 215-***-**** (H) *************@*******.***
Education
DREXEL UNIVERSITY, Philadelphia, PA
BS in Computing Technology, Graduated Cum Laude, June 2006
COMPUTER LEARNING CENTER, Philadelphia, PA
Diploma Computer Programming, GPA 4.0
Experience
Mathematica Policy Research, Princeton, NJ April 2014 - Present
Information Security Analyst
Manage all aspects of the corporate Information Security and Privacy program for 10 sites and satellite offices to ensure corporate compliance as well as compliance with contractual obligations.
Provide Subject Matter Expert (SME) support to the Chief Information Security Officer (CISO) to ensure client applications and systems receive their Authority to Operate (ATO) with a security posture in accordance with NIST guidance.
Partner with information technology team leads to provide security input for strategic planning and budget preparation
Work with operating divisions, project directors, and management to ensure alignment of privacy and information security policies, procedures and practices with business strategy.
Perform all aspects of audit activities for the annual IT Security audit based on NIST 800-53 framework including risk assessments, planning & scoping, leading opening, closing and status meetings, conducting interviews and testing, control evaluation, work paper documentation, drafting of issue statements, providing meaningful recommendations, and follow-up/verification of issue closure to ensure continued compliance with contractual obligations, established policies and procedures, and to identify weaknesses or gaps prior to any external assessments.
Liaise with information technology leads, systems analysts and programmers on the management of system technologies to identify and support information privacy and security requirements.
Provide relevant security language for proposals as well as budget specifications for project staff and area leaders.
Prioritize, assign, and monitor assignments for security analyst and associate staff maintaining staff billability and productivity.
Create and manage documentation associated with the implementation of policies, plans and procedures for the Continuity of Operations Plan (COOP), Incident Response, data security, corporate security manual, system security plans, and security awareness and phishing training.
Conduct annual COOP testing, training, and exercises for 10 sites formulating and recommending modifications to satisfy new operational requirements that reflect current business processes in alignment with senior management
Manage the development, dissemination, and review of security training and awareness for all staff.
Create and manage onboarding process and security requirements for consultants and other non-Mathematica staff.
Triage and manage security incidents to ensure the appropriate resolution as indicated by contractual documentation. Enlisting the assistance of general counsel when necessary to communicate events to external parties.
Deloitte & Touche LLP, McLean, VA October 2012 – April 2014
Senior Consultant
Lead Sarbanes-Oxley, and Financial Statement audits for IT general controls, application controls covering logical access, change management, computer operations, contingency planning, physical access controls, and financial applications for various commercial and government industries.
Interview clients to identify, confirm, and document business processes for testing.
Coordinate and conduct weekly status meetings with clients, creating, presenting and maintaining deficiency documentation while monitoring and maintaining budget throughout the duration of engagements.
Instruct and mentor new hires throughout engagements, answering and explaining questions surrounding exceptions, gaps, etc.
Mathematica Policy Research, Washington, DC September 2009 – October 2012
Information Security Analyst
Performed periodic IT Security audits to ensure continued compliance with contractual obligations and procedures established.
Lead creation of COOP tests, training, and exercises for 5 sites; and formulated and recommended modifications to satisfy new operational requirements to reflect current business processes.
Camille E. Simms
Page 2
Mathematica Policy Research, Washington, DC cont’d
Lead creation and implementation of policies and procedures associated with incident reporting, response and resolution.
Created and implemented an online Security Awareness Training and Data Privacy & Security programs. Monitored Security Awareness Training sessions, test scores and facilitated remedial training when required.
Worked closely with senior management to identify and train the COOP Management team.
KPMG LLP, Philadelphia, PA January 2006 - September 2009
IT Advisory Senior Associate
Lead FISCAM, SAS 70, Sarbanes-Oxley, and Financial Statement audits for IT general controls, application controls covering logical access, change management, computer operations, contingency planning, physical access controls, and financial applications for various commercial and government industries.
Interview clients to identify and confirm business processes for testing.
Identify conflicts at the business process level in Oracle and BizRights and reviewing processes to audit changes to users, responsibilities, menus, and request groups.
Evaluate the segregation of duties rules configured within the BizRights Authorization Insight (AI) module
Internal Audit support, assisting the client in identifying and testing key IT controls for Oracle systems.
Coordinate and conduct weekly status meetings with clients, creating, presenting and maintaining deficiency documentation or Plan of Actions and Milestones (POA&M) while monitoring and maintaining budget throughout the duration of engagements.
Instruct new hires throughout engagements, answering and explaining questions surrounding exceptions, gaps, etc.
Mentor and assist new hires and interns during their incoming year at KPMG.
University Of Pennsylvania Health Systems, Philadelphia, PA February 2004 – January 2006
System Administrator
Designed and maintained department web sites using Macromedia MX Studio according to specifications of the department chairman or designated faculty members;
Created and maintained all Oracle databases pertaining to the Head and Neck Cancer Center, administering both userid and password in a Windows 2000\XP environment.
Maintained UPHS computer system(s) through day-to-day troubleshooting and modification, requested enhancements, and periodic application or module updates. Supervise staff members responsible for data entry duties.
Collaborated with all levels of staff to ensure that all data is accurate and received in a timely manner.
Assisted the department personnel with information services functions and providing technical support as needed as well as the maintenance of the A/V equipment.
Performed computer and software upgrades as needed.
Provided training for faculty and physicians on various technologies.
SAI People, Inc., (GlaxoSmithKline), Philadelphia, PA February 2003 – January 2004
Security Support (Consultant)
Coordinated, secured, supported, and supervised investigations of varying scales
Utilized EnCase software to extract and analyze both active files and deleted data from networked computer systems to assist in security investigations
Documented findings and forwarded to upper management for hearings both internally and externally.
Maintained Computer Security Incident Response Lotus Notes database as well as authored and updated documentation independently
Interacted with each Line of Business' security to monitor, report, and address security violations, exposures and inefficiencies by providing security tools, assessments, and guidelines.
Reviewed, updated and created Standard Operating Procedures for the Global IT Security Department.
Updated and improved tracking database (Domino Designer) as well as populate news articles online as they relate to GSK’s Global IT Risk Management Department.
REFERENCES AVAILABLE UPON REQUEST
Contact this candidate