Information Security Analyst
Resume:
Farnoush Bastani
linkedin.com/in/farnoushbastani/
***************@*****.***
Los Angeles, CA
Professional Summary:
● 7 years of experience in different areas of Risk Management and Information Security Compliance
● Experience with security-related regulations, standards, and frameworks such as HIPAA, PCI DSS, ISO 27000, NIST, SOC 2
Certifications:
● CISM (Certified Information Security Manager), ISACA 2020
● Qualys Certified Specialists: Qualys 2020
● Security +, CompTIA 2019
● ISO 27001 Lead Auditor, TUV 2013
Professional Experience
Senior Information Security Analyst
Tarragon Software Solutions Walnut Creek, CA Jan 2021 – Present
● Supervise compliance programs including but not limited to ISO 27001, SOC 2, NIST, HIPAA
● Work with legal, audit, procurement, and IT to address security and privacy risks
● Review audit reports, and establish and implement corrective actions to resolve nonconformities while maintaining communication with management and C-Suite
● Select, identify, and develop InfoSec controls based on ISO 27001, SOC 2, NIST, and HIPAA
● Perform gap analysis, identify control deficiencies, and establish procedures and safeguards to improve organizational security posture
● Assess the design and effectiveness of security controls to advise IT employees and other staff on various issues related to InfoSec
● Maintain IT Asset Management, Vulnerability Management, Change Management, and Security Awareness Program
● Maintain and keep updated risk register and track security risk daily
● Conduct security assessments on vendors and suppliers Information Security Analyst
U4I: Human Rights & Tech non-profit Berkeley, CA Nov 2018 – Dec 2021
● Risk assessments, gap analysis, and subsequent implementation of control activities
● Updated existing security policies and standards and wrote new policies as a part of remediation activities.
● Evaluated the effectiveness of existing controls and design, working with HR, system admins, IT department to resolve issues related to InfoSec.
● Designed a security awareness program and implemented qualitative assessment and simulation tests to assess the improvement of employees' security awareness. Security Analyst
Holistic Resilience Information Security Consulting Jan 2016 – October 2018
● Perform reviews of control procedures based on ISO 27002 to prepare customers for the ISMS audit
● Assist with the risk assessment and risk management processes
● Follow up on audit findings to ensure that customers have taken corrective actions and then liaison with external auditors to get certified for ISO 27001
● Perform information control reviews to include system development standards, operating procedures, system security, communication controls, backup and disaster recovery, and system maintenance for the customers to get certified for ISO 27001
● Assess the design and effectiveness of security controls and advise IT employees, system administrators, and other staff on various issues related to InfoSec
● Participate in Security awareness program, train personnel on data security & privacy related processes and responsibilities
● Track identified Risks, maintain Risk Register, and liaison with control owners to ensure these are remediated within the time
Education:
BS in Management Information Systems (MIS) 2012
University of Tehran, Iran
Contact this candidate