Post Job Free
Sign in

Security Information

Location:
Alpharetta, GA
Posted:
May 01, 2018

Contact this candidate

Resume:

PAMELA A. EDGERTON

Alpharetta, Georgia Phone: 404-***-****

E-mail : ***********@*****.***

~ IT SECURITY ANALYST ~

Information Security Compliance Audit

Profile

Results-oriented and performance-driven IT professional with outstanding background in client support services, network, and project management; able to bridge the gap between technical and non-technical teams. Proven ability to coordinate support activities and processes through outstanding verbal and written communication skills. Familiar with evaluation, selection, and purchasing functions.

Skilled at increasing line of business audit; passed rating by implementing risk management standards and practices for risk factor identification and exposure management

Principally effective in leading evolution of technical and non-technical solutions from development through implementation

Able to utilize formal software deployment methodologies and best practices; adept at providing consultative services and managing diverse projects

Expert at implementing comprehensive security programs and solutions to generate consistent bottom-line results

Skilled at communicating with internal departments and senior management, supporting product / service presentations, and meeting with customer expectations

Strengths

Systems Security

SOX, SOC 1 and 2

Identity & Access

Scrum Master

Remediation

Regulatory Compliance

Risk Assessment & Management

eDiscovery/Forensics

ISO 27001 Compliance

SAFe Agile Framework

Technical Summary:

Software

MS Office 365, Adobe Acrobat, HEAT, Remedy, SharePoint, IronMail 6.5.1, MS Exchange, Websense, Sarbanes-Oxley Comply, Laboratory Information System Software, Medical Manager, Risk Navigator, Archer, Sailpoint, Encase Guidance Software, Discovery Attender, Relativity, Symantec Enterprise Vault, LeanKit, Tableau, Rapid7, Kairos

Career Path

Information Security Business Analyst

2015 - Present

McKesson, Alpharetta GA

Assist BUs with process improvement with regards to security and compliance.

Engage and build relationships with other groups inside and outside of BU, including auditors, business teams, vendors, customers, and partners.

Assist with HIPPA, EHNAC, SOX, SOC 1/2 assessments

Review and provide walkthrough testing evidence to internal and external auditors

Assist with the coordination of the yearly US Pharma Disaster Recovery Exercise

IT Security/Risk Analyst– Information Security Risk Management

2014 - Present

McKesson, Alpharetta GA

Act as a liaison to the lines of business to ensure that all aspects of logical access to key financial and other critical applications are structured and documented appropriately.

Assist in the daily administration of Archer. Craft and communicate updated, effective IT Security Policies and procedures based on Archer and ISO 27001 framework and NIST 800-53. - Engage and build relationships with other groups inside and outside of BU, including auditors, business teams, vendors, customers, and partners.

Assist with HIPPA, EHNAC and Vendor risk assessments

Review and provide walkthrough testing evidence to internal and external auditors

Approve/Deny Policy Exceptions

Monitors and reviews policies, standards and procedures and provides advice on compliance with government guidelines and regulatory requirements. Identifies areas of opportunity for process, control, or cost improvement.

IT Security Specialist– Enterprise eDiscovery and Forensics

2013-2014

ING, Atlanta, GA

Follow proper protocols in preserving electronic evidence. Document chain of custody

Effectively manage and analyze large volumes of electronic data.

Perform investigative analysis of electronic data according to the specific needs of the case

Utilize tools such as EnCase, Symantec EV and Relativity to execute investigative analysis

Customize analysis and professional reports for investigations

Conducts electronic searches of mailboxes, mail archives, shared and personal network drives, documentation systems, and client endpoints. Process collected data based on legal counsel requests.

Gather evidence from custodians identified by the General Counsel in a manner that maintains the integrity of the evidence and follows proper chain of custody procedures.

Manages eDiscovery projects; prioritizes multiple projects to meet litigation discovery deadlines.

IT Security/Compliance Consultant – Enterprise Technology and Risk Management

2012-2013

SunTrust Banks, Inc Atlanta, GA

Act as a liaison to the lines of business to ensure that all aspects of logical access to key financial and other critical applications are structured and documented appropriately.

Plans and coordinate logical access evaluations on all critical applications, executing these evaluations and interpreting the results, identifying internal access control weaknesses, and making recommendations for cost-justified improvements in operations.

Conduct application assessments

Monitors and reviews policies, standards and procedures and provides advice on compliance with government guidelines and regulatory requirements. Identifies areas of opportunity for process, control, or cost improvement.

Act as a liaison with internal business units and external agencies to assess compliance, risk, and security issues.

Identify and recommend resolutions. Provides training to less experienced analysts. May be responsible for a specific program/function.

Security/eDiscovery Forensics Analyst

2010-2012

LexisNexis – Alpharetta, GA

Follow proper protocols in preserving electronic evidence. Document chain of custody

Effectively manage and analyze large volumes of electronic data.

Perform investigative analysis of electronic data according to the specific needs of the case

Utilize tools such as EnCase, Discovery Attender and Concordance to execute investigative analysis

Customize analysis and professional reports for investigations

Conducts electronic searches of mailboxes, mail archives, shared and personal network drives, documentation systems, and client endpoints. Process collected data based on legal counsel requests.

Gather evidence from custodians identified by the General Counsel in a manner that maintains the integrity of the evidence and follows proper chain of custody procedures.

Manages eDiscovery projects; prioritizes multiple projects to meet litigation discovery deadlines.

Generally, assists in supporting the technology requirements of the legal department.

Assist in the development and documentation of business and technical requirements for tools required to support investigations, eDiscovery, and collection of evidence.

Assist in the development, review, and documentation of departmental procedures around eDiscovery and collection of evidence.

Interpret and communicate technical findings to non–technical audiences

Security Compliance-

Responsible for reviewing and documenting Technology Risk Management industry trend tool solutions such as policy compliance software and/or appliance.

Contribute information and documentation for the standard Domain Technology Risk Management Reports.

Recommend, schedule and ensure application of fixes, security patches, disaster recovery procedures and any other measures required in the event of a security breach.

Develops security requirements documentation including but not limited to security policy, operational procedures, and standards

IT Security Compliance Analyst and Release Management

2007-2010

MetLife – Alpharetta, GA

Oversee and implement SOX/SAS70 compliance activities including scoping, documentation, testing, remediation and assessment of deficiencies

Organize and prepare SOX status reports for management and external auditors

Involve and contribute in SAS 70 Certification for six applications including vulnerability assessments, security test and evaluations

Analyze proposals and Quality Assurance SOX forms prior to production; gather, review and perform self-test for nine key controls, such as user entitlement, change management and password security

Supply status update and metrics monthly and assume full responsibility in storing and/or archiving of all testing documents

Work closely with process owners on completing documentation revisions due to remediation, changes in control activities or organizational changes

Manage and maintain SOX documentation templates, protocols and user instructions; support process owners in maintaining documentation

Oversee completion of quarterly, semi and annual IT control testing, including sample determinations and report results

Serve as main point of contact for SOX/SAS 70 related IT questions and testing evidence; execute timely completion of quarterly reviews and annual SOX audits by cooperating with external auditors (Deloitte and Touche)

Serve as main point of contact for Release Management. Supervise the Remedy Ticket administration offshore consultants. Directly manage the overall release calendar and ensure proper communication with the entire IT Team.

IT System Analyst

2003-2007

Sealy Inc.- Trinity, NC

Administered email security (SPAM, Phishing, and viruses) using CipherTrust IronMail System; designed the implementation and migration of IronMail

Conducted in-depth analysis regarding email security needs, as well as maintenance of black and white lists

Monitored security trends and developed security threat matrixes regarding SPAM, Phishing attacks, spyware and viruses

Utilized end user-training and Symantec Antivirus Enterprise edition to manage enterprise virus and spyware defenses

Maintained existing security related patch levels on 2000 PCs and laptops and around 150 servers

Oversaw the effectiveness of internal controls, data protection and compliance with security policies and standards relating to SOX

Established IT controls for new processes and executed new controls or standards

Assisted with internal audits and coordinated internal resources related to required testing of existence and in compliance with proper controls and procedures within scope of Sarbanes-Oxley section 404, COBIT, COSO and ISO 17799 requirements

Education / Credentials

DeVry Institute of Technology, Atlanta, GA

Bachelor of Science in Computer Information System

Certifications:

ITIL v3 Foundation

SAFe Practitioner

Certified Advanced Scrum Master (SASM)

CISSP Certification, Scheduled 2018

COMPTIA - A+ Certified, Security+ Microsoft-MCP

Encase-eDiscovery/Forensics

Cipher Trust- IronMail

Symantec Enterprise Corporate Edition

Training:

Internal Controls Compliance Regulatory Compliance; SOX, SSAE16 SOC 1 & 2; ISO 27001, NIST 800-53

COBIT and COSO framework

EHNAC



Contact this candidate