Business Analyst Information Security
Resume:
LORRIE STAPLES-ELLIS
Cumming, GA *****
ad17xr@r.postjobfree.com
http://www.linkedin.com/in/lorriestaplesellis
VALUE SUMMARY
Experienced problem-solving liaison for cybersecurity technical development & the business to ensure cybersecurity principles, processes & methods are implemented to protect business data. Ability to address business interpretation of compliance security directives to ensure both business needs & information security technical solutions are implemented to meet federal directives & support compliance audit functions. Ensure security standards & policies are applied & continue meeting business needs for profitability. Proven strong professional interpersonal & leadership skills, including the ability to communicate concepts to both technical & non-technical users & groups. Maintain a fundamental understanding of Identity & Access Management security standards & ability to apply risk management principles to all aspects of the business.
Key Skills
Cybersecurity Projects in regulated industries, finance & healthcare industries, compliance efforts & understanding of governance requirements & guidelines
Use cases, Functional Requirements, Non-functional Requirements, Reporting Requirements, process diagrams, context diagrams, current state & future state process flow diagrams, logical/physical diagrams
Procedures, processes (as-is & to-be), user help documents, training, segregation of duties for entitlements, SOX, SOC2 & 3, PKI
Strong facilitation, oral & written communication skills with all levels of an organization,
Self-motivation & self-starter, curious, eager to learn new technologies & work in a dynamic team environment
Financial services background & understanding
Technical
Solid understanding of computing environment, systems concepts, enterprise web applications design, security concepts, database design, data schema, data integration, data mapping, QA testing, test plans, test cases, scripts, CSV templates, UAT development & coordination, defects management & tracking.
oIdentity access management - user authentication & access management in an integrated environment including mergers.
oData integration of web applications with backend databases, legacy systems, & third-party integrations to meet compliance requirements of Sarbanes-Oxley SOX & BSA FinCEN, including HIPPA compliance for database design, records, retention, retrieval, & BI reporting.
Full lifecycle project experience – Agile/Scrum sprints, backlog grooming, scoped, planned, gathered, developed, coordinated, & managed business requirements for various projects & systems from the initial project planning & scoping, requirements gathering with multiple business units, through all phases of testing (QA & UAT), systems implementation & post-implementation support.
Cybersecurity projects - Identity & access management (IAM), Identity Governance & Administration (IGA) for users & elevated access entitlements. Includes Role Based Access Control (RBAC), Privileged Access Management (PAM), worked with LDAP & Azure AD for access groups, nested groups, etc., migration to Oracle Identity Management (OIM), Sailpoint IdentityIQ, & CyberArk Vaults.
Strong technical understanding of financial services regulatory environment, with a focus on Cybersecurity Risk for the last 8 years.
Strong problem solving, root cause analysis, & associated solution implementation to address risk issues & compliance.
Rapid adaptability to new technologies, processes, procedures & applications.
Communications
Interactions with all levels of an organization to affect change & achieve project & business goal success, interacted with users, application owners, vendors, & clients for full life cycle of projects throughout concept, development, implementation, & production support. Experience leading & directing work with both internal & external partners in a highly collaborative environment.
Customer business processes & requirements. Business process modeling for redesign with process automation & decision solutions. Excellent attention to detail & excellent organizational skills.
Provided user support & coordinated resolution of issues including change management processing, root cause analysis, escalation & communications of issues through to resolution. Provided user acceptance testing & training.
Presentation & communication skills, interacting with all levels of employees & clients.
PROFESSIONAL EXPERIENCE
SR SECURITY ANALYST CONSULTANT
Randstad Corporation (Contractor for McKesson Corporation)
Teleworking
05/2023 – Present
Representative of BISO (Business Information Security Office) team working on the following:
Extremely aged outstanding risk Items to resolve audit issue findings:.
oKnowledge of all facets of cybersecurity to address.
oLiaison with the various business groups to address cybersecurity risks
Planning & design efforts to remediate BISO project implementation.
Used extensive knowledge of cybersecurity to determine solutions and custom design needs
Conducted comprehensive security survey assessments with all facets of Security to create an overall informative documents to share security information for non-security application owners & operations managers. Effort identified security risks to infrastructure, applications, and data. Developed strategies to mitigate these risks.
Worked as a liaison between the Penetration Testing & Security Operations team efforts to ensure that Applications Performance Management (APM) standards were successfully implemented to remedy documented audit issues.
Liaison worked through gaps in security processes post-implementation of pharmacy floor processing to the maintenance of same with Production Operations. Brought the parties together and pressed them past the verbal communications to the concrete, workable documentation to move the necessary responsibility forward to close the security gaps discovered.
Tracking the lifecycle of vulnerabilities ensuring remediation by accountable IT Teams, coordinating cross-functional teams & communications, facilitating efforts, utilizing experience in cybersecurity & software development to resolve issues.
Led sub-BUs in engagements to plan, facilitate & remediate security issues across McKesson’s CoverMyMeds Business Units. Collaborated & coordinated with the security engineers & application owners to bring application security to compliance and close out critical & high security issues from HIPAA audits, SOX audits, security audits, etc.
Managed the capture of CMDB information into the OneTrust and LeanIX tools used by all IT Operations.
JOBSEEKER FROM 10/2022 – 05/2023
1.Self-taught Sailpoint User Administration tutorials to supplement the previous experience with Sailpoint and enhance user requirements.
2.Began tutorials to learn the full capabilities of CyberArk administration.
3.Working through International Information Systems Security Consortium (ISC)Â Systems Security Certified Practitioner (SSCP) training to obtain certification.
SR SECURITY ANALYST CONSULTANT
Experis Corporation (Contractor for Wells Fargo Bank)
Teleworking
04/2022 – 10/2022
Member of Commercial Banking Risk Portfolio project to determine user access & entitlements for Policy & Procedures for Segregation of Duties for hundreds of applications.
Worked with applications & application owners to determine whether there were toxic combinations or remediation needed.
Support the risk identification, assessment, measurement, monitoring, mitigation & reporting of operational risk for Commercial Banking applications & processes
• Gained a working understanding of key processes, requirements applying governance policy across entitlements grants for application users (including Privileged Access Management segregation).
• Performed analysis, documentation, monitoring & reporting of Segregation of Duties efforts ending Toxic Combinations (via audit with tools such as Sailpoint).
• Built partnerships within Commercial Banking to ensure that the risk governance requirements were met.
• Monitored & reported on risks & issues.
• Documented playbook procedures to investigate survey responses to determine whether compliance was met or further remediation needed.
SR CYBERSECURITY ANALYST / PRIVILEGED ACCESS MANAGEMENT
Matlen Silver (Contractor for Fiserv Corporation)
Teleworking
09/27/2021 – 03/04/2022
Migration team to implement CyberArk to combine disparate directory systems from corporate mergers & acquisitions.
Member of Privileged Access Management team migrating applications & servers from Centrify to CyberArk PSM, OPM, for all merged Fiserv & First Data systems. Fulfilled audit requirements to establish access controls & monitoring for privileged access users as a financial services provider for global corporations. Provided policy guidance, advice and direction for implementing policies, standards, and IT controls for IAM. Documented system requirements for IAM, interfaces, performance KPI’s, business rules.
Gathered & aggregated identity data from a variety of different sources such as LDAP directories, databases, applications, and web services. Performed data analysis for Azure AD groups, users & applications for coordination of migrations to the CyberArk Vault platform. Guided application owners, network system owners, & others on security requirements & protocols during development & implementation of these migrations.
Researched users & permissions for non-AD users with custom solutions for UNIX/Linux applications to implement Cyberark OPM tool to capture & manage the privileged access users with solutions needed to obtain compliance. Combined data to create pooled accounts for multiple users to be able to self-administrate their UNIX/Linux environments. Uploaded data to CyberArk via PowerShell scripting. Used Sailpoint IdentityIQ to crosscheck that information was correctly reflected in setup & reporting.
Designed onboarding adoption processes for all servers/applications that were not on Centrify Privileged Access prior to our efforts, creating intake forms & collaboration tools to gather this information from the applications & servers to bring them into compliance. Included processes, task lists, analysis field gathering, testing, user setup for access, dashboard creation for users to see progression.
CYBERSECURITY ANALYST
Mastech Digital (Contractor for Accenture Corporation)
Teleworking 100%
03/18/2021 – 08/31/2021
Applied solid Identity Access Management experience with sound understanding of project delivery processes to support companywide global initiative to migrate all applications roles & entitlements into a centralized identity governance and administration (IGA) center supporting IAM & risk management initiatives
Created cybersecurity process improvements for 1400 Applications’ Security roles & entitlements for internally used applications, including third party vendor apps, OOB, B2C (client-purchased Accenture applications) to manage identity via Azure AD & Sailpoint IdentityIQ.
Implemented processes to ensure that application user entitlements data properly accepted into Sailpoint IdentityIQ system for the internal management of application & data security. Established Entitlements Reporting via requirements development for reporting results to the application owners.
Designed comprehensive user stories for implementing new automation of application user roles & entitlements (including third party application integration) & repeated data submission to Sailpoint..
Liaised with the IT Infrastructure team & Technical Architecture Analysts to integrate security requirements into core infrastructure practices with defined requirements for standard practices & tools to create & manage identities & access controls.
Developed relevant documentation for secure user entitlement process flows so that Operations could assume this responsibility seamlessly after full project implementation.
Measured & monitored progress at clearly defined points in the applications reporting process to ensure that assessment deliverables were on-time & reported accurate information.
CYBERSECURITY BUSINESS ANALYST / INTEGRATION STRATEGIST
The Select Group (Contractor for Truist Bank)
Teleworking 100%
12/9/2019 – 12/31/2020
Strategist working on the Identity & Access Management team to migrate applications to the Oracle OIM platform for regular, periodic cybersecurity attestation & certification of user roles & privileges. Effort performed to address a Federally identified deficiency for BB&T’s applications & expanded to include SunTrust Bank applications with the merger into Truist Bank.
Conducted meetings & negotiations with applications business managers & technical managers to determine & manage application migrations into the standardized platform (Sailpoint IdentityIQ) to manage all user access rights & privileges certifications (Azure AD). Documented requirements for risk management to combine applications & user access roles & privileges, third party-supported applications, so that continuity could continue after the merger.
Scheduled & conducted discovery meetings to determine current roles & privileges environment to assess migration needs into OIM.
Served as the applications liaisons to identify issues.
Compliance/governance efforts for audit documentation/traceability efforts to ensure that all previous applications already migrated to Oracle OIM had properly documented the process & audit trail required to obtain Federal oversight approval by the due date. Performed Operational Readiness audits to ensure that all applications complied with the standards for the new Truist standards for IAM.
Sr. SECURITY BUSINESS ANALYST / CYBERSECURITY
HireVergence (Contractor for Equifax Corporation)
Alpharetta, GA
11/2018 – 08/2019
Project team member for complex security projects to implement best-in-class security solutions that ensure the data integrity and privacy of the technology systems.
Project efforts in an Agile/Scrum environment; Jira/Confluence tools for tasks, sprints, requirements, security guidance & process/procedure documents for Global Security Architects & other IT teams to integrate & implement applications & network security tools to protect Equifax systems.
Capture assessment of complexity for design requests, & development/management of cybersecurity requirements for various needs (IAM, PAM, RBAC, cloud, encryption). Worked with architects to determine remediation efforts to protect from future data breaches. This included efforts to capture logging from the myriad of applications & ensure that data was secured & inaccessible to criminal activities.
Conversion from Microsoft applications environment to G-Suite & AWS (cloud), GCP (cloud) environment.
Represented the business units’ interests to determine cybersecurity impacts to other applications to preserve business continuity & functionality.
oSolutions requirements for secure file transfer & encrypted email using G-Suite including encryption requirements (Voltage to Symantec) & migration of Access Manager (Sailpoint) to Bluebird (Cloud). Interviewed business units & users to determine if custom development was needed to integrate with G-Suite, after finding that there would be critical impact to the business. Raised the criticality of this discovery so that remediation could be affected to provide the encryption functionality lost due to incompatibility with G-Suite. .
Vendor capability vetting for Cloud Computing conversion to select the best Cloud Access Security Broker for the environment for implementation of in-line protection & prevention from hacks & attacks. Vetting & analysis of vendors against environmental requirements to meet Equifax audit & remediation’s exacting standards for security of Equifax data both on-premises & in the cloud.
Patching services documentation & repeatable standards implementation.
Requirements & vetting of vendors for multifactor authentication & authorization of unmanaged access of BYOD & managed access of Equifax assets in various scenarios & access of data within the cloud.
Business Analysis of requirements, level of effort & scoping for architects for other miscellaneous efforts including: vulnerability risk remediations, third party partnership security projects, CyberArk authentications & migration to cloud, Cloud guidance on containers CD/CI, cloud PAM.
Sr. SECURITY BUSINESS ANALYST / CYBERSECURITY
CompuGroup, Inc. (Contractor for Highmark Health Services)
Remote
04/2018 – 08/2018
Short-term projects to remedy backlog of Identity Access Management (IAM) Roles & Entitlements Based Provisioning for Cybersecurity development projects for dedicated healthcare partner – included IAM & PAM efforts.
Provided Business Analysis & IAM liaison support for users of the new Medicare product.
Assessed & provided high-level analysis for large, complex projects for new products to be marketed for IAM Cybersecurity.
Projects included:
oMDM implementing privileged access users, admins, & various types of user roles.
oInfrastructure initiatives for IAM support & integration with partner systems (SAML, roles alignment, etc.).
BUSINESS ANALYST / CYBERSECURITY
Diversant, LLC (Contractor for E*Trade Financial)
Alpharetta, GA
08/2017 – 10/2017
Short-term project for automation of Role Based Provisioning onboarding for new hires & transfers.
Interfaced with various departments to gather information to streamline roles & groupings of company personnel for application entitlements access.
Sr. BUSINESS ANALYST, ACCESS MANAGEMENT / CYBERSECURITY
Principle Solutions Group (Contractor for SunTrust Robinson Humphrey)
Buckhead, GA
05/2017 – 08/2017
Access management Cybersecurity project for Compliance & Audit to determine access for network folder cybersecurity
Determined group authorization rights & permission
Assessed risk profiles mandated by the SEC
Monitored cybersecurity access to applications with investment information for clients
Determined business rules for individual roles entitlements & attributes – least privilege access
Setup application model to track history of access to proprietary files
CYBERSECURITY & COMPLIANCE ANALYST / BUSINESS ENGAGEMENT
KForce Corporation (Contractor for Kaiser Permanente Corporation)
01/2016 -- 04/2017
Member of team providing cybersecurity solutions requirements & complex analysis for identity access & authorization security,
Created processes & requirements for new cutting-edge user tolls & solutions, aligned solutions with governmental & corporate standards, identifying risks, & access validation for existing & new devices to login within a healthcare environment. Analyzed data requirements & processes for groups, roles, & data required for elevated access of database admins of the Oracle Enterprise Directory.
Communications liaison for all business engagement communications, including setting up user acceptance testing, managing timelines & announcements, production release planning with applications impacted, liaison for all applications to interact with identity access management development changes.
IG&AM (Identity Governance & Access Management) Cybersecurity projects for Kaiser Permanente including:
Project Planning – estimation, level of effort assessments for IG&AM projects
Project Execution of all effort requirements, user acceptance testing, problem/defect reporting, implementation team
Identity & Access Management Projects during Contract Period:
Infrastructure changes for migration of OIM 10g to 11gR2 PS3
oOUD integration with AD & ED
Single Sign-on framework, including implementing Risk Based Access Management (RBAM) for multifactor authentications
oConvergence of all user types
oAdaptation for non-conforming applications to capture user login data “silently” (such as device IP)
oAccommodation for applications that stored & operated via Cloud AWS
oFederated single sign-on for Affiliates
oPassword replacement product analysis for mobile authentications & capabilities
oBYOD Proof of Concept research for Swype, PingID, tap cards
Enterprise Directory migration to centralized DBAM (Database Access Management)
oRequirements development for administration of groups & roles across divergent applications
oAdministrator password authentications for EUS (Enterprise User Security)
PCI compliance for password expirations & modification to user experience for compliance
Migration of non-SSL to SSL connections for security compliance effort
SHA 1 to SSHA-512 upgrades for all password hashing for security compliance effort
Effort to capture device IP for tracking. login assessment & enterprise access information capture
Privileged Account Security - requirements for privileged account security administration via CyberArk
Worked with the CMDB to add records, add fields required to support cybersecurity
Testing of applications for APM to determine system performance, response times, throughput, communication of the integrated systems for processing of orders.
SR. BUSINESS ANALYST
Optomi, LLC (Contactor for Recall Corporation, now Iron Mountain)
Norcross, GA
07/2015 to 11/2015
Actively involved in PMO project efforts that required supplementation of a Senior-level BA able to be inserted into any project in progress & provided any project effort necessary, for both Agile & waterfall project efforts simultaneously for implementing & customizing Warehouse Management Systems & Salesforce custom applications. Participated in Operational Readiness to support the Production release of all Recall software deployed to ensure that all compliance controls were met.
Coordination of defects for BPM tools implementation in international call centers in Malaysia & Singapore. Communications coordination with all global locations for user acceptance testing & defect triage, coordinated changes, retesting, & liaison for assistance. Interactions included language translations & communications with other time zones the world over.
LEAD BUSINESS ANALYST, IAM Security Services / Cybersecurity
SunTrust Banks (Employee)
Atlanta, GA
01/2014 – 02/2015
Identity & Access Management (IAM) business systems analysis for complex migrations & integrations to Oracle OAM/OIM 11g for external/client logins & secure connections by understanding IAM principles & guiding streamlining efforts to support development. Gathered & created requirements for Risk-based access (RBAC) multi-factor RSA authentication through SAML in the headers & API’s, including interfaces with online applications, desktop, IVR & mobile applications.
Project collaborations with multiple cross-functional teams from the various lines of business to integrate the client-facing applications to a single sign-on platform for a better client user experience with the bank & its various subsidiaries for user one-stop access to all their accounts. This also included interfaces via SAML to third parties, such as rewards & bill payments services to provide seamless access to the clients. Ensured access & security governance principles were applied throughout the development efforts.
Requirements
Provided coordinated business analysis for cross-stream Identity & Access Management projects that integrated with online banking applications, requirements gathering & guidance for business understanding & coordination with application “calls” to IAM API’s, providing overall security synergy between different online client-facing applications for user authentication functionality & management.
Implementation of security solutions with emphasis on user authentication security guidelines, & internal administration of Role-Based Access Control (RBAC), such as, enterprise class identity management, converging multiple systems of provisioning rules, decision rights, policies & entitlement accountabilities for roles-based access management & understanding of privileged accounts & segregation of duties, & audit compliance.
Gathered & documented use cases for the management of privileged accounts, created CSV templates for datafeeds
Analysis of corporate information security risk documents & an understanding of security risks with various user channels & methods to access accounts.
Investigated regulatory compliance requirements, including disaster recovery standards & login data storage requirements (logins/logouts, failed logins, attribute changes, SOX regulations, etc.)
Testing
Assistance with testing team for user authentication processes via API’s to ensure a single sign-on transparency for the client logon experience.
LEAD BUSINESS ANALYST, Fraud Applications SME
SunTrust Banks (Employee)
Atlanta, GA
12/2010 – 12/2013
SR. BUSINESS ANALYST, Fraud Applications
Modis Corporation (Contractor for SunTrust Banks)
03/2010 - 12/2010
Provided Business Analysis, UI & functional design, decision matrices, efforts planning, & training for multiple implementations (waterfall, iterative, agile), performing as a liaison for multiple fraud investigation business units (Anti-Money Laundering, Enterprise Fraud Management & Corporate Security), the software/process flow development team (Pegasystems developers) & DB2 DBA's. Worked with DBA’s on BI data design, data mapping, data definition tables, & BI reports. The solution was a heavily customized fraud management application which incorporated business process automation for fraud/suspicious activity documentation & processing, including e-filing of qualifying fraudulent activity with the Federal government, including preventing the willful destruction of evidence for Federal investigations (SOX compliance). Participated in Operational Readiness to support all Production release of the CSI & associated applications software deployed to ensure that all compliance controls were met including FinCEN & BSA requirements.
APPLICATIONS EXPERIENCE
Google Applications: G-mail, Sheets, G-Drive, Cloud
JIRA: Agile development tasks, project backlog capture & grooming
Confluence: Documentation, Process, “How to …”, Project Repository
Rally: Used for project management & documentation
Amazon Web Services (AWS)
Microsoft:
MS360, Azure AD, MS Office, MS Project, MS Outlook, MS Visio, Windows 7 & 8, 10, SharePoint, MS Word, MS Excel, MS Access, MS Lync, MSTeams, AD (Access Directory), Skype
Sailpoint: IdentityIQ, Identity Security Platform, OneTrust
Miscellaneous:
CMDB
OneTrust
LeanIX
HP Application Lifecycle Management (ALM) – formerly Quality Center
Pegasystems PRPC, BPM tools (completed Pegasystems Business Architect training)
PowerShell
Sailpoint
Salesforce
SQL
SOA (Web Services, API’s, IAM)
Splunk Fundamentals
Varonis DatAdvantage
Oracle Applications & Database Development:
Identity Management - OIM, Access Management (OAM, API Gateway)
Enterprise Directory (ED), Active Directory (AD)
BEA Aqualogic (Plumtree) – content management system
E-Business Suite – including Oracle 1Q2221i PA, FA, INV, BOM, AP, PO, CRM, ECC, FI, LO, SD, MDM applications for customization projects
Primavera Enterprise Project Portfolio Management
Experienced with these practices:
SDLC & Agile/Scrum, AgileSAFE Product Owner, Iterative, Continuous Development, Change Management, Waterfall methodologies
Sarbanes-Oxley (SOX), HIPAA policies & procedures
Bank Secrecy Act (BSA) – Patriot Act for AML
Process modeling (BPM) / dataflow diagrams / data schemas / data integration / XML / SOA
UML (use case structuring), user stories
Scrum, Product Backlog Items, Sprints
Relational database / Object-oriented concepts / data development
Identity & Access Management, Identity Governance & Access Management – authentication & authorization
EDUCATION
Bachelor of Science in Information Technology, University of Phoenix, 12/2004
Honors: Summa cum laude
Associate of Arts, Business Administration, Florida State College, Jacksonville
PROFESSIONAL
Member, IIBA (International Institute of Business Analysis)
Contact this candidate