Post Job Free
Sign in

Information Security Analyst

Location:
Dallas, TX
Posted:
February 06, 2024

Contact this candidate

Resume:

Linda Tenkorang

**** *** *** *******, ******

817-***-****

ad3fln@r.postjobfree.com

Career Objective

I am seeking an Information Security Analyst job opportunity with focus on Risk Assessments, Certification and Accreditation (C&A), HIPPA Compliance Assessments and Internal Control Audit engagements.

Summary of experience, Specialties/Frameworks/Standards I have six (5) years of experience in Information Security system assessment, C& A and Risk Assessment of General Support Systems (GSS) and Major Applications (MA). IT risk assessments, 3rd party/Vendor security control assessment, and IT Auditing. HIPAA, GLBA, ISO 27001and FISMA. Physical Security, General Computer Controls, Application Control, Testing, Compliance Testing, Change Management, Configuration Management, Security Maintenance, Contingency Planning, Policies and Procedures, Implementation, Incident Response, Media Protection, NIST 800-53, NIST 800-53A, NIST800-30, NIST 800-37, NIST 800-34, NIST 800-18, SIG Lite (Self- assessment/ Vendor Risk Assessment).

Work Experience

United Medical Center, Washington D.C.

IT Security Analyst October 2018 to date

Assess security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, organizational and polices safeguards to maintain HIPAA compliance base on Office of Civil Right (OCR) protocol, NIST SP 800-66 Rev1 and security controls (NIST SP 800- 53).

Conduct IT controls risk assessments that included reviewing organizational policies, standards, procedures and guidelines.

Auditing of major applications within health systems and assessing control gaps.

Development of HIPAA compliance reports, documenting auditing findings and development of corrective action plans.

Develop Remediation Plans about the results of the HIPAA Security/Meaningful Use Assessment.

Interact extensively with external or internal clients to better understand know issues and requirements.

Acentia, VA.

Cyber security Risk Analyst November 2016 to September 2018

Developed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, organizational and policy safeguards to maintain HIPAA compliance base on NIST SP 800-66 Rev1 and security controls (NIST SP 800-53).

Developed a security baseline controls and test plan that was used to assess implemented security controls.

Conducted a security control assessment to assess the adequacy of management, operational, and technical security controls implemented.

Assisted in the development of an Information Security Continuous Monitoring Strategy

(Ensured continued effectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions.

Developed a system security plan (SSP) to provide an overview of federal information system security requirements (FISMA) and describe the controls in place.

Conduct a Business Impact Analyst (BIA) to identify high-risk area where audit effort will be allocated to.

Conducted meetings with the IT client team to gather evidence, developed test plans, testing procedures and documented test results and exceptions.

Conducted walkthroughs, formulated test plans, documented gaps, test results, and exceptions; and developed remediation plans for each area of testing.

Performed IT operating effectiveness tests in the areas of security, operations, change management, and email authentication.

Routine development of HIPAA compliance reports, documenting auditing findings and corrective actions.

Trained and supervised staff on HIPAA requirements related to information technology.

Assisted in the development of key security standards and guidelines by performing an in- depth security assessment using frameworks like HIPAA, PCI DSS, ISO 27001 and SOX to help gain compliance.

Guarantee Trust Bank

Information security risk analyst May 2013 – October 2016

• Evaluated and mitigated potential risks associated with third-party/vendors.

• Assessed vendor security protocols with industry regulations and overall risk exposure.

• Performed due diligence on vendor assessment and ensured that appropriate security measures are in place to protect the confidentiality, availability, and integrity of information systems.

• Provided consulting services and recommendations on security-related issues.

• Performed administrative duties.

• Participated in all Audit activities to include Risk Assessment, Planning, Control Testing and Evaluation, and Documentation.

• Conducted Vendor SOC Readiness reviews to identify control deficiencies and make recommendations for remediation.

Bachelor’s Degree: Information Technology, University of Ghana, Legon. Skills

• Vendor Risk/Third Party Risk Management, HIPAA, ISO 27001/27002.

• Review and Analyze SSAE16/SOC 2 type II reports.

• Review and update Risk Assessment (RA) using NIST SP 800-30 guidelines.

• Create (POA&M) to take corrective actions resulting from vulnerability scanning, compliance check, System test and evaluation (ST&E).

• Very effective in a team environment and participates in collaborative initiatives.

• Foster the mutual exchange of knowledge and expertise.

• Have the flexibility to multi-task, work independently or share workloads and deal with

• sudden shifts in project priorities.

• Good communication skills to build and maintain customer satisfaction and express.

• Opinions in clear sound manners on Matters associated with IT security.



Contact this candidate