Data Security Risk Management

DAMION C. JONES

******.*.*****@**********.*** 917-***-**** WWW.LINKEDIN.COM/IN/DAMION-C-JONES

Damion is an accomplished and performance-oriented professional with a comprehensive background in safeguarding sensitive data, and compliance. He leverages his years of healthcare experience to transition into a rewarding career as an Internal Security Assessor (ISA) for the Payment Card Industry Data Security Standard (PCI DSS). He is committed to helping organizations meet PCI requirements, enhance data security, and navigate the complex landscape of payment card data protection.

AREA OF EXPERTISE

RMF/Compliance Frameworks Payment Card Industry Data Security Standard Compliance (PCI DSS) HIPAA NIST

Security Tools Sophos Firewalls QualysGuard Cisco Firewalls SonicWall IPS/IDS Multi-Factor Authentication Duo Security VPN Configuration Fortinet Watchguard Cryptography

Virtualization & Cloud VMware ESXI Windows Azure AWS Cloud Microsoft Hyper-V

Network & Infrastructure DHCP Exchange TCP/IP DNS SIEM Active Directory SQL

Security Strategy Vulnerability Management Information Security Policy Application Security Risk Management Cryptography Security Network Architecture Patching and Remediation Management Technical Writing

PROFESSIONAL EXPERIENCE

Cybersecurity Consultant Company Confidential 2022-Oct. 2023

Direct a collaborative effort to develop customized PCI DSS compliance roadmaps for Level 1 Service Providers.

Drastically reduce assessment timeline by developing a PCI DSS scoping methodology to thoroughly review network diagram of level 1 service provider to ensure it accurately reflects the cardholder data environment (CDE) and supports compliance with PCI DSS requirements allowing the company to meet financial projections.

Successfully manage a SAQ (Self-Assessment Questionnaire) of Level 4 startup by implementing a comprehensive risk management and vulnerability program using industry-standard tools and methodology. Resulting in a $250,000 savings on 3rd party audit fees.

Integrate database configuration, F5 load balancer, and domain controller reviews into a comprehensive PCI DSS compliance strategy, ensuring that all components of cardholder date environment (CDE) are adequately protected and continuously monitored, allowing the company to be PCI compliant.

Implement internal employee training programs on data security and PCI DSS compliance, these training initiatives educate staff on the adherence to security best practices. Resulting in an increase in staff awareness.

Cybersecurity Compliance Analyst Massage Therapist Kai Massage Therapy 2015-Present

Orchestrate and ensure security of financial transactions, consistently maintaining a 97% availability rating and processing credit card payments totaling $300,000 annually.

Collaborate with internal stakeholders to establish and maintain a comprehensive data retention policy, ensuring full compliance with PCI DSS Requirements. Eliminating the risk associated with storing sensitive payment card data.

Manage regular compliance audits to ensure data privacy and security, resulting in an impeccable 100% compliance rating with industry regulations.

Optimize the incident response process, enhancing our ability to detect, report, and mitigate security incidents 20% faster, reducing the organization’s exposure to data breaches.

Leverage exceptional interpersonal skills and meticulous attention to detail to maintain an outstanding client retention rate of 94%, building trust and fostering long-term relationships.

Founder PCI Subject Matter Expert Compliance Analyst Nijah Amayo LLC 2019-Present

Conduct risk assessments, Pre-Assessment Scoping, Compliance Validation for various entities, resulting in improved PCI readiness.

•Lead risk assessment for a global manufacturing company and identified critical vulnerabilities, resulting in the implementation of security controls that reduced the risk of a major data breach.

•Develop and implement a comprehensive GRC program for a large financial institution, resulting in a reduction in security incidents and a increase in regulatory compliance.

•Administered data protection policies and procedures for a global organization, resulting in a reduction in data loss incidents and improved compliance with data protection regulations.

•Conduct gap analysis for a financial services company and recommend improvements to the cybersecurity program, resulting in increased confidence from customers and stakeholders and improved regulatory compliance.

•Organize security awareness training for employees of a large healthcare organization, resulting in increased awareness of security threats and improved compliance with security policies and procedures.

Youth Development Specialist PCI DSS Trainer Admin. For Children Services 2019-2021

Supervised and ensured the safety of at-risk youth within a secure juvenile detention facility, accumulating 3,000 hours annually. Mentored and supported appropriately 1000 youth ranging from ages 9-17. Imparting essential life skills, problem-solving abilities and social skills while maintaining a strong focus on security, compliance, and audit requirements.

•Designed a comprehensive cybersecurity awareness program tailored for minors, emphasizing online safety, privacy, and responsible digital behavior, resulting in implementation facility wide.

•Spearheaded security protocols and compliance measures to safeguard sensitive information within the juvenile detention facility, contributing to a 100% audit compliance record.

•Collaborated with a multidisciplinary team to optimize the facility’s recordkeeping systems, reducing errors, and improving data security, resulting in an increase in operational efficiency.

•Demonstrated strong analytical and problem-solving skills by identifying and addressing technological gaps within the facility’s monitoring practices, leading to an increase in coverage area.

EDUCATION

New York College of Health Professions AOS 2010

Baxter Clewis Cyber Academy 2022

Cydeo Cybersecurity Training 2021

CERTIFICATIONS

Qualys Guard Vulnerability Management Detection and Response (VMDR) 2024

CompTia Security+ 2024

Cisco Cyber Ops 2024

Contact this candidate