Resume

Business Analyst Customer Service

Location:

Rockwall, TX

Salary:

Open to negotiation

Posted:

January 28, 2024

Contact this candidate

Resume:

Michael A. Adjetey

Greater Dallas/Fort Worth, Texas Area 214-***-**** ad2559@r.postjobfree.com

Cybersecurity/ Engineer/ Business Analyst

A Specialist in information systems security strategy, governance, risk mitigation, & compliance

Accomplished professional with over thirteen years of progressive responsibility guiding talented teams to implement responsive security initiatives and solutions to enhance enterprise-level services. Passionate about working in collaboration with the infrastructure, applications and data teams to identify, design and manage the completion of security risk detection, mitigation programs, audits and compliance. Ardent to contribute experience and understanding of data governance compliance. Highly skilled, accomplished, and reliable professional with extensive years of experience in providing excellent customer service.

CORE PROFICIENCIES

Enterprise-Level Security Systems & Services Vulnerability Assessments & Audits Cybersecurity Governance

Security Operations Management Regulatory Compliance Security Compliance Network Access Control

Critical and Analytical Thinking Strategic Thinking Communication and Coordination Network Security

Creative Innovative Problem-Solving Detail Oriented Technical Writing Positive Thinker Logical Intuitive

Solution-Oriented and Innovative Problem Resolution Team Leadership and Mentoring

Technical Skills

Advanced Microsoft Office Suite

IS Management Frameworks

Risk Analysis Methodologies

Regulatory Compliance

Security Awareness

Word, Excel, PowerPoint, Publisher

NIST 800 series, CSF, ISO 31000, 270xx, ITIL, COBIT, FFIEC

NIST, OCTAVE, Service Now, Process Unity, On Trust

GRC, GLBA, SOX, SOC, HIPAA, Hi-Tech, PCI-DSS, CSA STAR, ISO

Proof point, Knowbe4, Infosec IQ

Cloud Models

IaaS, SaaS, and PaaS (Public, Private, Hybrid)

Security

IDS/IPS, HIPS, NIPS, ATD/TIE, Anti-Virus, firewalls, 3rd Party Risk Assessment

Vulnerability Tools

Rapid7, Nexpose’, Nessus, Qualys

Environments

Windows 10, Server 2012, 2016, AS400, Unix, Linux, Active Directory

Career Highlights

13+ years - information security management and Operations frameworks such as the NIST Risk Management Framework, NIST Cybersecurity Framework

5 years Security Policies and Procedure documentation

8 years Vulnerability Management

8 years managing third party risk assessment

8 Experience conducting and documenting risk assessments and associated reports and supporting documentation.

6 years assessing cloud security service

5 years managing Security Awareness programs

5 years Security Policies and Procedure documentation

5+ years - Payment Card Industry Data Security Standards (PCI-DSS)

PROFESSIONAL EXPERIENCE

W.R. Berkley June 2022 to Sept. 2023

Lead Cybersecurity Specialist

Coordinates the implementation of system security plans with agency personnel and outside vendors.

Configure questionnaires, workflows, and risk assessment criteria in the ProcessUnity and Archer tool.

Experience in SNOW GRC, RiskRecon, and Security Scorecard.

Assist with implementation and management the Secure System Development Lifecycle (SDLC) processes.

Knowledge and experiencing of implementing Change to Cloud hosted services and infrastructure

Process Improvement (Six Sigma, Process Mapping etc.)

Development, reviewing, adjusting policies to align with frameworks.

Performing assessments, they are doing very detailed assessments where they are quantifying risk, reviewing applicable controls, needs to facilitate that practice, accurately access the risk.

Coordinates the implementation of system security plans with agency personnel and outside vendors.

Lead security training and awareness program for the entire company. Send Phishing training and campaigns on a quarterly and had hoc basic.

Advises management and users regarding security configurations and procedures.

Participates in the development of information technology disaster recovery and business continuity planning.

Analyze scan results to assess the severity and impact of vulnerabilities, categorize them according to industry standards

To create persuasive and well structure written security awareness products.

Ability to create message that suitable to the capability of different audience that may or may not be able to understand technical content.

Ability to convey message in clear, concise and simple way to various employees in the company

Ability to understand and think creatively to create security awareness programs in

Collaborate with IT and system administrators to ensure timely patching and remediation of identified vulnerabilities.

Evaluate change requests for IT software and infrastructure production changes and make

Recommendations (approve/deny/modify) based upon conformity to policy, assessed risk, readiness, and completion of change data

Ensure complete and accurate documentation of change requests including testing results,

Cerate and review implementation plans, and back-out plans

Ensure scheduled service windows, outages, and service level agreements adhered to; provide oversight and escalation during production change windows

Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the cybersecurity program in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.

An understanding of organizational mission, values, goals and consistent application of this knowledge.

An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization.

An ability to apply original and innovative thinking to produce new ideas.

An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.

Review & validate the security governance, risk & compliance of new IT Architecture to ensure compliance to the required frameworks.

Document, implement & handover of any required compensating controls for known IT & IS risks as well as newly discovered IT & IS risks in order to comply with the required frameworks so that successful annual assessments can be achieved.

This position understands how organizations function to accomplish their purpose, and defines capabilities an organization requires to provide a service or meet their goals.

Silicon Valley Bank Feb 2021 to May. 2022

Lead Third Party Risk and Cybersecurity Specialist

Provide support by assessing systems suitability, obtaining and documenting user’s requirements documents, and assisting in data analysis.

Guide business units, application development teams, and third-party vendors to achieve program requirements while enabling the business.

Review of Firewall Rules as well to evaluate new rule requests in the firewall change control tool for overall compliance, segregation & PCI DSS compliance requirements as well as approve or reject as required.

Review & validate the security governance, risk & compliance of new IT Architecture to ensure compliance to the required frameworks. Ensure that Incident & change management in ServiceNow and Jira are followed through to completion by the accountable individuals in a timely manner to support migrations and net new deployments.

Ensure that new environments are compliant to the hardening guidelines as well as identifying risks within existing and newly deployed applications, products or services.

Created a process document to how to assess systems

An understanding of organizational mission, values, goals and consistent application of this knowledge.

Manage and maintain the third-party security risk continuous monitoring program and develop metrics for reporting

Identify ineffective, inadequate, or absent third-party security controls and quantification of risk

Discover, evaluate, assess, systems, networks, and components through the use of vulnerability scanning and risk assessment method.

An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.

Conduct regular vulnerability scans using Rapid7 InsightVM and Qualys Vulnerability Management tools to identify security weaknesses across the organization’s IT environment.

An ability to effectively influence others to modify their opinions, plans or behaviors.

Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.

Create, maintain and improve workflows and forms within ServiceNow GRC./ Archer/On Trust/Jira Stories

Played a key role with the Security Training and awareness program.

Ability to maintain, manage and plan complex security awareness program in long term.

Ability to create persuasive and well structure written security awareness products.

of formats that able to gain more engagement from the employee. in common information security management frameworks such as the NIST Risk Management Framework, NIST Cybersecurity Framework.

Consulting Firm: Nesco Resources

End Client: L3Harris, Link. Jan 2020 to Jan. 2021

Lead Information Application Security Engineer

Implement security and anti-tamper controls into training and simulation solutions

Interact with customers to define Cyber security and anti-tamper requirements, trades, solutions, costs, implementation, system impacts, and effectiveness

Assist programs and monitor program execution throughout product development lifecycle to ensure cyber and anti-tamper objectives are met. Review and assess the security posture of cloud services, prepare findings and recommendations for certification.

Review third-party audits and reports (SOC, ISO, PCI DSS, HITRUST, etc.)

Work with cloud vendors to communicate deficiencies in assessment responses

Assist in streamlining/improving TX-RAMP workflows, processes, notifications, guidance, and communications.

Manage and prioritize multiple assessments

Lead, advise, and educate engineers on Cyber security and anti-tamper concepts and solutions

Prepare briefings to obtain approvals by government agencies for contracted efforts

Ability to conduct an analysis of the NIST SP 800-53 rev. 5 controls and identify controls that can be automated

Cyber Authorization to Operate (ATO)

Ensures all systems are operated, maintained and disposed of IAW documented security policies and procedures including but not limited to Assessment & Authorization (A&A).

Oversees and manages relationships for assigned systems that may be contractor-owned and contractor-operated, ensuring vendors comply with agency security and privacy requirements.

Supports the development and maintenance of all security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.

Risk Management experience per DoDI 8510.01

Experience in common information security management frameworks such as the NIST Risk Management Framework, NIST Cybersecurity Framework

Systems Administrator Experience

Demonstrated history of hands-on work with teams to implement cyber security and information assurance

Possess a working knowledge of Information Assurance concepts for communication and data/processing protections and security assurance

Consulting Firm: Odyssey Consulting

End Client: The Exchange (Dept. of Justice – Retail) Sept 2017 to Jan 2020

Cybersecurity Engineer Consultant

Provided strategy and direction. Design and enforce pragmatic and consistent Information Security policies. Ensured traceability of security compliance including policy adherence, testing and remediation.

Configure questionnaires, workflows, and risk assessment criteria in the Acher tool.

Experience in SNOW GRC and Security Scorecard.

Review and assess the security posture of cloud services, prepare findings and recommendations for certification.

Review third-party audits and reports (SOC, ISO, PCI DSS, HITRUST, etc.)

Work with cloud vendors to communicate deficiencies in assessment responses

Assist in streamlining/improving TX-RAMP workflows, processes, notifications, guidance, and communications.

Manage and prioritize multiple assessments

Ensure that new environments are compliant to the hardening guidelines as well as identifying risks within existing and newly deployed applications, products or services.

Reviews Commercial IT Projects at Planning/Demand Management Stage

Supports infrastructure and application teams regarding vulnerability and hardening standards

Works with business and IT leadership to enforce security and IT policies.

Experience in common information security management frameworks such as the NIST Risk Management Framework, NIST Cybersecurity Framework

Serves as the IT security POC for assigned systems to ensure agency information systems comply with agency Policies.

Oversee and manage relationships for assigned systems that may be contractor owned and contractor operated, ensuring vendors comply with agency security and privacy requirements. Configure questionnaires, workflows, and risk assessment criteria in the SAI 360 tool.

Experience in SNOW GRC and Security Scorecard.

Assist with implementation and management the Secure System Development Lifecycle (SDLC) processes.

Development, reviewing, adjusting policies to align with frameworks.

Performing assessments, they are doing very detailed assessments where they are quantifying risk, reviewing applicable controls, needs to facilitate that practice, accurately access the risk.

Assist stakeholders with IT security related activities to ensure project deadlines are met.

Ability to conduct an analysis of the NIST SP 800-53 rev. 5 controls and identify controls that can be automated

Oversees and manages relationships for assigned systems that may be contractor-owned and contractor-operated, ensuring vendors comply with agency security and privacy requirements.

Cyber Authorization to Operate (ATO)

Ensure all systems are operated, maintained and disposed of IAW documented security policies and procedures including but not limited to Assessment & Authorization (A&A).

Research assigned IT security systems to provide insight on IT security architectures and IT security recommendations for assigned systems.

Report, and respond to security incidents.

Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched and security hardened at all levels of the “stack,” and monitor to see that vulnerabilities are re-mediated as appropriate.

Promote Information Security Awareness and provide training.

Lead vulnerability management team

Created a 3rd party vendor management program in On Trust

Assist in the execution of the client's information security program, including meeting PCI compliance requirements.

Responsible for security risk management operations including facilitating the identification, reporting, management and remediation of cybersecurity risks companywide. Practice planning, time management, negotiation, and delegation skills.

Provide IT Security, risk management leadership and guidance. Plan and Execute Special Security Projects as Needed. Lead Security Remediation Activities.

Work directly with delivery teams to provide guidance and ensure solutions adhere to security policy and best practices.

Samsung Electronics America (SEA) March 2014 to June 2017

System Engineer/ Cybersecurity Specialist

Speaking to and collaborating with a variety of people, such as clients, vendors, management and information technology (IT) staff during the creation and maintenance of a system

Ensure that new environments are compliant to the hardening guidelines as well as identifying risks within existing and newly deployed applications, products or services.

Creating control features to ensure systems effectively meet the organization’s quality standards

Engaging in quality control procedures to ensure that systems are efficient and operational

Lead the security training and awareness programs

Developing a cost-efficient system for projects by performing a cost-benefit analysis

Ensuring that an organization is operating at maximum efficiency, from manufacturing to distribution

Lead and manage a team of programmers and IT support staff

Train team on data security, troubleshooting processes and related skills

Oversee the creation, installation and support for computing systems

Meet with clients to determine their computing and technology needs

Manage projects and meet deliverables according to a set timeline

Work to improve the stability and security of the company cloud and on-premises networks

Occasionally leads morning scrum call meeting, design call, sprint review with the government, sprint retrospective meeting in the absence of the project manager

Cybervision Technology (State of Maine) Feb 2012 to Dec 2014

Security Systems

Lead a SOC 2 Audit at M3 USA. With a checklist provided by my team. Scope, Internal Risk Assessment review, Gap analysis, Implementation appropriate controls etc.

Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan Of Actions and Milestones (POA&M).

Worked with a wide range of clients and was exposed to multiple different types of environments.

Adapted to each environment and performed Security Analyst work responding to threats through Jira, Nmap, Nessus Scan, SharePoint and Qualys to solve different issues.

Coordinate with System Owners and ISSO in preparing certification and Accreditation package for company’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53.

Experience in common information security management frameworks such as the NIST Risk Management Framework, NIST Cybersecurity Framework.

Ability to conduct an analysis of the NIST SP 800-53 rev. 5 controls and identify controls that can be automated

Ensures all systems are operated, maintained and disposed of IAW documented security policies and procedures including but not limited to Assessment & Authorization (A&A).

Oversees and manages relationships for assigned systems that may be contractor-owned and contractor-operated, ensuring vendors comply with agency security and privacy requirements.

Conduct Self-Annual Assessment (NIST SP 800-53A).

Perform Vulnerability Assessment. Make sure that risks are assessed, evaluated and a proper actions have been taken to limit their impact on the Information and Information Systems.

Help in regulatory compliance requirement.

Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.

Collaborate with partners across the organization to understand the risk landscape, control environment, programs and activities

Conducted IT controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard (PCI-DSS).

Broad knowledge of relevant standards (e.g. COSO, COBIT, NIST, FFIEC, ISO, etc.).

Strong interpersonal skills with ability to communicate effectively (fact based and credible), build relationships, challenge, negotiate and use professional judgment when working with key stakeholder across broad functions and geographic regions

THREAT & VULNERABILITY MANAGEMENT ANALYST

Collaborate with CCB Cyber Security, Global Technology Infrastructure, Corporate Cyber teams, and Line of Business Information Risk Management teams for issue resolution and mitigation

Support innovation and enhancement efforts within the CCB Cyber Security function

Analyze penetration test results and engage with technology partners and business units in order to resolve identified vulnerabilities within SLAs

Understand approaches for addressing vulnerabilities including system patching, deployment of specialized controls, code or infrastructure changes, changes in development processes, cloud and mobile devices

Identify and resolve any false positive findings in assessment results

Documents all issues and assists in their resolution

Delivers security training and education to technical staff within findings and acts as an internal security consultant to advise or influence business or technical partners

XTO Energy March 2010 to Jan 2012

Cybersecurity Specialist

Provides end-to-end analysis service for the product, marketing, sales, and digital organizations.

Conducts research, impact & stakeholder analysis, scope determination, and determine the level of effort to complete requirement elicitation.

Defines the breakdown of tasks, resource loading, issue tracking, and resolution management.

Collaborates cross-functionally to clearly document business needs as requirements in user stories to for clearly actionable outcomes and expectations.

Elicits, analyzes and translates business needs into consumable requirements/stories for the technical teams and ensuring that requirement statements are complete, consistent, concise, comprehensible, traceable, feasible, unambiguous, and verifiable, and that they conform to standards.

Provides analytical support for multiple, complex cross-functional initiatives simultaneously, establishes work plans and timelines; coordinates with internal and external resources.

In Collaboration with Project Manager, develops, prepares, and analyzes reports for management review.

Identifies opportunities for improvement in operational performance by providing detailed information, analysis, and investigation including recommendations and immediate decision-making.

Interviews and interfaces with stakeholders and value streams to obtain needed functional, nonfunctional, and operational requirements specifications

Writes user stories, including validation criteria, and providing technical review and validation of requirements to create, prioritize, and maintain a comprehensive backlog of user stories

Lists out risks and constraints in relation to identified requirements

Develops and documents requirements documents and other project related artifacts, such as workflows and processes, associated with the program

Analyzes problems, identifies potential solutions, and works with the system developers to resolve problems

Assists with testing and operational rollout and support as needed

Expertise across one or a broad array of risk issues, including Operational, Compliance, Strategic, Information Security, etc.

Effectively present results, findings and solutions to senior leaders

Commonsprit Health Sacramento

Business Analyst MARCH 2008 to Jan 2010

Worked and had meetings with stakeholders and documenting their request in the form of business requirement using the BRD

Writing requirements and reviewing specifications with stakeholders to ensure the capabilities of their request are met

Worked with business solutions team is gathering requirement for Salesforce customized for Golden 1 Center

Lead Business Analyst for Governance, Risk and Compliance team (GRC) in ensuring policies and process are followed

Responsible for sending monthly financial actual spend to project managers in validating them spend

Gathering, writing requirements and reviewing specifications with stakeholders to ensure the capabilities of their request are met

Responsible for monthly software capitalization and report to finance and accounting team using Tempo

GRC team member responsible for ensuring FTE CapEX hours not exceed maximum tempo hours

Responsible for training new project managers in the use of Tempo, ensuring team members log time and forecasting their budget throughout the year

Worked closely with developers Leads in translating Business Requirement from BRD to Functional Specification Document (FSD)

Involved in the validation of data using Microsoft Management Studio (SQL Server)

Performed analysis and presented results using SQL and Excel. Proficient in writing T-SQL codes like JOINS, STORE PROCEDURES, DDL, DML queries

Worked as company representative with third party client Adaptavist and Powerplant in ensuring provisioning and de-provisioning of users using crowd, Jira, confluence and Lucidchart.

Lead Business Analyst for verification of Business Requirement Document and Functional Requirement Document

EDUCATION & CREDENTIALS

Bachelor of Business Administration, Management Information Systems

CISA, Security Professional, ISACA

ITIL V3 Foundation

Juniper Networks FW/VPN Boot camp

Awards

Best Security employee award at The Exchange 2018

Technical Skills

Advanced Microsoft Office Suite

IS Management Frameworks

Risk Analysis Methodologies

Regulatory Compliance

Security Awareness

Word, Excel, PowerPoint, Publisher

NIST 800 series, CSF, ISO 31000, 270xx, ITIL, COBIT

NIST, OCTAVE, Service Now, Process Unity, On Trust

GRC, GLBA, SOX, SOC, HIPAA, Hi-Tech, PCI-DSS, CSA STAR, ISO

Proof point, Knowbe4, InfosecIQ

Cloud Models

IaaS, SaaS, and PaaS (Public, Private, Hybrid)

Security

IDS/IPS, HIPS, NIPS, ATD/TIE, Anti-Virus, firewalls, 3rd Party Risk Assessment

Vulnerability Tools

Rapid7, Nexpose’, Nessus, Qualys

Environments

Windows 10, Server 2012, 2016, AS400, Unix, Linux, Active Directory

13+ years - information security management and Operations frameworks such as the NIST Risk Management Framework, NIST Cybersecurity Framework

5 years Security Policies and Procedure documentation

8 years Vulnerability Management

4 years Incident Response

5 years Security Awareness

8 Experience conducting and documenting risk assessments and associated reports and supporting documentation.

8+ years – 3rd Party Risk Assessment

5+ years - Payment Card Industry Data Security Standards (PCI-DSS), and Texas Information Security Standards

10+ years - Knowledge of information security practices, procedures, and regulations

Contact this candidate