Cyber Security Risk Management

SARWAT AHMED

571-***-**** (c) ********@*****.*** U.S. Citizen

Objective: Dedicated and experienced cybersecurity analyst with over 10 years of hands-on experience in protecting organizations from cyber threats. Skilled in incident response, threat detection, vulnerability management, and security policy development. Seeking to leverage expertise to enhance the security posture of a dynamic organization.

SKILLS

• IT Risk Assessment and Risk Management

• Risk and Compliance Strategy

• IT Audit

• Regulatory Compliance

• Problem solver

• Cyber Security

• Data Privacy

• Self-Motivating

• Data Analysis

• Vendor Management

• Agile Project Management

• Team Building

WORK EXPERIENCE

Steward Health Care July 2021 - PRESENT

Cyber Security Analyst

Dallas-Texas

• Provides guidance and coordination for cyber risk management efforts including evaluation, risk management activities, and reporting to senior management of the organization.

• Serves as lead and point of contact for all cyber security risk management-related activities.

• Provides direction to team members assigned to projects and operational activities associated with cyber security risk management.

• Introduce the use of security metrics to mitigate security vulnerability by analyzing historical threats, addressing risks/gaps/violations, and implementing improvement protocols.

• Performs service management audits to assess gaps in the incident management procedure and worked with business to improve control posture.

• Maintains a strong and ongoing relationship with business partners within various security domains to ensure control requirements are understood and implemented.

• Supports the development of threat and vulnerability management policies and standards.

• Responsible for evaluating security plans, traceability matrices, and residual risk assessments.

• Develops and maintains third-party risk metrics and reports.

• Independently performs vendor risk assessments.

Bank of America Jan. 2020 – July 2021

Cyber Security Analyst.

Dallas-Texas

• Created policies, standards, guidelines, and security awareness training and campaigns for associates to follow related to IT Security and protecting corporate assets.

• Planned security audits to assess company risks around Confidentiality, Data Integrity, and Availability of critical systems and applications.

• Executed cyber security governance for BIA (Business Impact Analysis) DR (Disaster Recovery) and BCM (Business Continuity Management) to ensure internal and regulatory requirements are met.

• Performed Risk Assessments on IT infrastructure including key systems, servers, and network devices.

• Reviewed user access authorization and privileges documentation for completeness and accuracy for SOC compliance.

• Introduced the use of security metrics to mitigate security vulnerability by analyzing historical threats, addressing risks/gaps/violations, and implementing improvement protocols.

• Reviewed security logs to ensure compliance with policies and procedures and identify potential anomalies.

• Conducted third-party risk assessments in alignment with company security policies and industry standards.

• Performed assessments of vendors to identify opportunities for improvement.

• Provided input and aid in the development of policies focused on the security of third-party business processes.

• Supported the development of threat and vulnerability management policies and standards.

KLAY PM. Feb. 2016 – Dec.2019

Cyber Security Analyst

Dallas-Texas

• Managed relationships with all stakeholders throughout the lifecycle of each IT and Cybersecurity project.

• Assisted with awareness and enforcement of information security policies and standards.

• Participated in the creation and communication of best practices for Project Management.

• Assisted with the management of information security third-party risk assessments and implementation of the Risk and Compliance toolset (RSAM).

• Introduced the use of security metrics to mitigate security vulnerability by analyzing historical threats, addressing risks/gaps/violations, and implementing improvement protocols.

• Proactively identified risks and issues on projects - leading team to develop risk management and issues management plans.

• Supported establishing (Cyber) Identity Programs for the Group.

• Created Project plans and assist with monitoring and tracking cybersecurity solution offerings with a focus on external and internal stakeholder congruity and other key metrics.

• Develop and manage plans to address Cybersecurity and IT-related project strengths, weaknesses, opportunities, and threats.

• Supported the development of threat and vulnerability management policies and standards.

EDUCATION / CERTIFICATIONS

University of Maryland Global Campus– Bachelor of Science, Cybersecurity Management and Policy, Fall 2022, GPA: 3.817

• Graduated with cum laude and top of the class.

Certifications:

• CompTIA Security + Certification – Projected March (2024)

Contact this candidate