Lisa Jones

Cybersecurity GRC Analyst Student Problem-Solver Analytical Leader

ad4i0k@r.postjobfree.com 980-***-**** www.linkedin.com/in/lisa-grc-jones Charlotte, NC

PROFESSIONAL SUMMARY

Dedicated and motivated Cybersecurity GRC Analyst Student with experience in compliance audit, third-party risk assessment, policy development, compliance tracking and familiar with NIST CSF and HIPAA regulations. Proven track record of maintaining accurate documentation. Seeking to leverage my technical and cybersecurity GRC skills to explore how my expertise and proactive mindset can contribute to the continued growth of your company.

TECHNICAL SKILLS

Systems: Windows, Linux (Ubuntu)/Mac Virtualization, Familiar with SQL & Python Database Management: ServiceNow

Software Tools: MS Office, Microsoft Office 365, Slack, WhatsApp, Google Docs, PPT

PROJECTS

Security Awareness Presentation Video

02/2024

Created a Security Awareness video and posted it on LinkedIn.

● Developed a customized cybersecurity safety awareness video to enhance the cyber hygiene practices of specific end-user groups.

● Created Just-In-Time (JIT) cybersecurity awareness content for emerging threats to minimize the risk of access to privileged data of targeted audiences by cyberattackers. Information Security Policy (Phase-I)

02/2024

Researched and Developed an Information Security Policy Focused on Strong Access.

● Demonstrated Compliance with Operational Perspective and Constraints: Successfully ensured that the purpose, scope, authority, and policy statements within the security policy incorporated an operational perspective, meeting NIST SP 800-53 PM-11 (Mission/Business Process Definition) and PL-1 (Security Planning) requirements, to demonstrate compliance and operational effectiveness.

● Crafted Access and Authenticator Management Policies: Developed management protocols for access and authentication mechanisms, aligning with NIST SP 800-53 AC-2 (Access Control) guidelines, to regulate internal and third-party user permissions effectively, ensuring a secure and controlled access environment.

● Ensured Security Policies Aligned with Company Objectives: Strategically designed and implemented security policies that were not only in sync with organizational goals but also practical and actionable for all stakeholders, adhering to NIST SP 800-53 PM-9 (Risk Management Strategy) to ensure policies supported the company's risk management approach.

Third-Party Vendor Questionnaire Development

03/2024

Created a comprehensive and standardized questionnaire for evaluating potential third-party vendors, ensuring alignment with company’s security, compliance, and operational requirements.

● Developed a comprehensive third-party vendor questionnaire, along with supporting documentation and presentation materials to streamline assessment and promote stakeholder understanding.

● Developed a detailed project plan, outlining key phases, timelines, and dependencies to ensure on-time and on-budget completion.

SBAR Framework

03/2024

Developed a SBAR for a Microsoft Security Issue

● Prepared a comprehensive SBAR report to address a security finding, mapping it to all relevant regulatory sources, frameworks, and client PPSGs.

● Identified and resolved a security vulnerability, identifying the technical root cause and recommending actionable remediation steps.

LABS

Cybersecurity Compliance & Audit

02/2024

Hands-on training to enhance the understanding and proficiency in cybersecurity compliance and audit procedures.

● Completed an audit of a subset of NIST SP 800-53 cybersecurity controls, utilizing interview techniques, document review, and system testing to support compliance audit activities.

● Applied knowledge of the NIST Cybersecurity Framework, specifically the Identify, Protect, Detect, Respond, and Recover categories, to ensure thorough evaluation and analysis of cybersecurity controls. Third-Party Vendor Risk Assessment

02/2024

Hands-on training to assist in the decision-making process for selecting a CSP by initiating a risk assessment.

● Performed a risk assessment utilizing the Likelihood and Impact Risk Matrix comparing 3 potential vendors.

● Evaluated key risk areas (data security, compliance and healthcare regulations, service availability, scalability, integration compatibility, vendor reputation and reliability, and cost).

● Assigned risk ratings (low, medium, high) to each key area, incorporating the vendor’s current capabilities, policies, and historical performance data to determine risk levels. TRAINING

EDUCATION CERTIFICATION

Training

Coursera

Google Cybersecurity Professional Certificate 02/2024 - Present Currently enrolled in Coursera’s comprehensive Cybersecurity Certificate program. Receiving16-weeks of extensive online theoretical and hands-on practice providing in-depth knowledge of the latest cybersecurity trends, principles, techniques, ad tools. Gained proficiency in identifying vulnerabilities, mitigating risks, and implementing security measures to protect against cyber threats. The curriculum emphasized practical skills through simulations and real-world scenarios, ensuring the application of learned techniques.

GRC Analyst Master Class Cybersecurity GRC Analyst 02/2024 Completed the GRC Analyst Master Class which empowered me with the knowledge and tools to perform effective cybersecurity compliance audits, conducted comprehensive risk assessments, and developed impactful security awareness initiatives and an information security policy. Interactive lectures and labs delivered practical, job-ready skills.

Per Scholas IT Support 01/2024 - Present

Currently enrolled in Per Scholas’ rigorous IT Support program. Received 13-weeks of intensive hands-on learning/training in a hybrid learning setting employing a combination practical real-word exercises/activities and labs to develop foundational and advanced IT support skills. Learned to troubleshoot and resolve a wide range of hardware, software, and network issues.

Colleges Universities 05/1996

Master of Arts Speech-Language Pathology & Audiology South Carolina State University, Orangeburg, SC

Bachelor of Arts Communications 05/1991

Johnson C. Smith University, Charlotte, NC

Certifications

CompTIA A+ 04/2024

CompTIA Security+ 05/2024

INTERNSHIP

IT Support Tech Intern (Onsite/Part-Time) 02/2024 - Present Computer World, Charlotte, NC

Provide technical assistance and support related to hardware/software updates and maintenance.

● Collaborate with senior technicians to diagnose and resolve hardware and software problems.

● Assist in performing system upgrades, including RAM and storage installations and Windows 10/11 upgrades.

● Contribute to improving overall efficiency by ensuring timely resolution of technical issues, resulting in increased productivity for end-users.

Cybersecurity GRC Intern (Remote/Part-Time) 02/2024 - 02/2024 Skillweed, McKinney, TX

Assists in developing and implementing cybersecurity policies, conducting risk assessments, and ensuring compliance with relevant laws and standards to strengthen the organization's security infrastructure.

● A one-month, intensive internship providing immersive, hands-on experience in Cybersecurity as a GRC Analyst

● Demonstrate problem-solving and communication skills during a collaborative class assignment to choose preferred third-party vendors considering risk assessment and vendor selection criteria.

● Engaging in real-world use cases for assigned projects, developing practical skills for immediate workplace impact.

● Equipped with experience in foundational knowledge of NIST CSF and HIPAA, the understanding of encryption, access controls, firewalls, and common security threats, and the ability to document findings, risks, and recommendations in a structured and understandable format. WORK EXPERIENCE

Compliance & Office Administrator 06/2020 - 11/2023 Owner/Operator, Concord, NC

● Mitigated company risk by implementing a compliance tracking system, reducing violations by 30%.

● Utilized transportation management software (Motive) to streamline office procedures and protocols, resulting in a 20% increase in operational efficiency and a 15% reduction in administrative errors.

● Managed the Drug and Alcohol Testing Program per FMCSA regulations, achieving a 100% compliance rate and ensuring a safe and drug-free working environment.

● Improved delivery operations, saving time and fuel costs, demonstrating a focus on security and efficiency.

Travel Speech Therapist 08/2010 - 06/2020

Multiple Companies

● Implemented tailored speech therapy sessions for a diverse population of clients, resulting in a 70-100% improvement in speech, language, swallowing, and/or cognitive skills among clients.

● Adhered to healthcare regulations (HIPAA) and ethical guidelines in patient care, demonstrating a commitment to protecting sensitive information.

● Led workshops on speech therapy techniques, with 95% positive feedback, demonstrating strong communication and knowledge-sharing skills.

● Collaborated with multidisciplinary teams for holistic patient care, indicating teamwork and adaptability.

Speech Therapist 11/2007 - 08/2010

Amedisys Home Health, Gastonia, NC

● Built strong relationships with patients and families, resulting in high retention and referrals

● Conducted assessments to monitor progress, achieving an 80% success rate in meeting therapy goals.

● Developed and delivered on-line caregiver workshops, empowering families and improving treatment outcomes by 30%.

● Adapted communication strategies for diverse clients, improving engagement and conflict resolution.

VOLUNTEER

Tech Mentor (Virtual) 02/2024 - Present

Cyber-Seniors, Los Angeles, CA

Volunteer as a Tech Mentor at Cyber-Seniors, developing engaging training sessions on internet safety to empower senior citizens, honing my communication and knowledge-sharing abilities.

● Volunteer as a tech teacher/trainer at Cyber-Seniors, guiding senior citizens on internet safety best practices and social media navigation for online connection.

● Empower senior citizens with the knowledge and skills to confidently and safely use technology, helping them stay connected with loved ones and reduce their vulnerability to online threats.

● Guide senior citizens in computer troubleshooting skills, enhancing their digital literacy and independence.

Contact this candidate