Information Security Analyst/ Compliance

PRINCE ARREY

C: 240-***-**** ad475y@r.postjobfree.com

Washington DC

Summary

A highly qualified, respected., dedicated, and results-driven professional with a consistent record of success as a Risk Analyst. A very exceptional team leader with strong ability to work and collaborate effectively in a team environment. Also, has a great sense of urgency and able to apply risk-based approach to prioritized work. Very experienced in achieving the three goals of Cyber-Security, confidentiality, integrity and Availability of the organizations systems, network and data. Information Security Risk Assessor

EagleBank -Bethesda MD, August 2020 to Current

• Worked with EagleBank Risk and Vendor Management to document and execute the Third Party/Vendor Information Security Risk Assessment program.

• Worked with vendor management to obtain all documentation for review and solve concerns recommend changes and investigate concerns.

• Review vendor provided compliance and security reports such as SSAE16 SOC1/SOC2, ISO27001, NIST 800-53, FedRAMP, PCI-DSS, CSA CAIQ etc.

• Responsible for delivering the annual information assessment, preparing the annual cybersecurity preparedness assessment (using the FFIEC Cyber Security Assessment tool or equivalent) and completing the cybersecurity controls assessment (using the NIST Cyber Security Framework or equivalent). These reports provided input into the Annual Information Security Report to the Board.

• Worked with development teams to provide appropriate and effective remediation guidance for vulnerabilities discovered during various project/program implementation security assessments. Third Party Risk Analyst

Washington Tech Solutions -Greenbelt MD, May 2016 to August 2020

• Plan and execute onsite security /risk assessment for third party vendors.

• Ensure risk is managed throughout third-party life cycle (planning, due diligence, contract transition, ongoing monitoring and exit).

• Ensure appropriate systems are updated; remediation action plans to address control weaknesses are documented and approved by appropriate stakeholders.

• Experience in using risk-based approach to interpret and comply IT regulatory requirements.

• Developed, Document Security policies for compliance audits.

• Gather due diligence documentation and complete the risk assessments for third party relationships in accordance with third party management policy.

• Maintain, track and report on third party risks to the appropriate stakeholders.

• Conduct periodic audits /assessment for potential and existing suppliers through questionnaires, site visits, and review of other documentation including assessment reports (SOC 2) to identify control gaps and risks.

• Design, maintain and implement enterprise Security policies for compliance.

• Work with legal team to review contracts before it is signed.

• Experience with contract and Vendor negotiations.

• Act as remediation analyst to work with vendors in remediating findings discovered during the onsite/virtual assessment.

• Implementation of security policies within SOC and data center environments.

• Perform Vendor risk assessment s to identify emerging key risks and reassess current risks.

• Analyze document, and also perform expertise during implementations.

• Support the IT risk and compliance team in all aspects of application and infrastructure. Cyber Security Analyst

Federal Management Systems -Rockville, MD February 2013 to May 2016

• Provide services as a security control assessor (SCA) and perform as an integral part of the assessment and authorization to include A&A, documentation, reporting, reviewing and analysis requirements.

• Review and document Contingency Plans (CP), Privacy Impact Assessment (PIA), and Risk assessment (RA) documents per NIST 800 guidelines for various agencies.

• Work with ISSO, AO and security team to assess security control selected and assess the weaknesses and produce (RTM) or test case and all findings reported in our SAR report.

• As a team we determined security categorizations using FIPS 199 as a guide, review, update and develop Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA), System Security Plan (SSP) and system of record Notice (SORN).

• Apply appropriate information security controls for Federal Information system as specified by NIST 800-37, SP 800-53rev4, FIPS 200 and OMB circular 130 appendix.

• Work with system engineers to remediate vulnerabilities and close Poams together with my ISSO.

• Developed policies, controls and procedures to safeguard organizational assets, ensure data integrity, availability and confidentiality.

• Experience in developing and updating System Security (SSP), Contingency Plan, Disaster Recovery Plan, incident Response Plans and Configuration Management Plan. Skills

• Strong written and Oral communication skills.

• Ability to work effectively with a diverse group of users who have varying levels of computer expertise.

• Excellent analytical and problem-solving skills.

• Microsoft Office suite and advanced excel skills.

• Ability to communicate risk related concepts to both technical and non-technical team members.

• Excellent presentation and interpersonal, collaborative skills.

• Technical expertise in achieving cyber security goals (CIA).

• Good leadership potentials and time management skills.

• Ability to prioritized workload adhere too deadlines as well escalate issues.

• Ability to multi-task while working in a fast-paced, ever changing environment.

• Knowledge of ISO 27001/PCI DSS/HIPAA/NIST/FISMA/FIPS /CobiT, HITRUST and SOX.

• Vendor Risk/Third Party security Risk Management, Very familiar with FFIEC Handbook controls.

Education and Training

• Bachelor of Science Louisiana State University

• Certified Information Systems Auditor (CISA) ISACA

• CompTIA Security+

• Certified Scrum Master

• CISSP in progress

Contact this candidate