Sign in

Information Security Analyst

Washington, DC
September 25, 2020

Contact this candidate


Mary Barnor

Richmond, Virginia, United States


I am a Senior Information Security, Privacy, and Third-Party Risk Management Professional with a solid technical background and a highly analytical mind. I have been involved in the information security field for the last 5 -10 years. I preferably work as the linchpin between business and the technical level using my deep technical knowledge as well as strategic and tactical insights to see multiple steps ahead, oversee consequences, and ultimately provide the best solution combining key elements from the information security, privacy, and IT Third-party risk management fields. I am a team player with an open and direct style of communication who uses humor, listening skills, broad knowledge, and interests to create a pleasant working environment. Experience

Senior Third-Party Risk Analyst

Thomson Reuters

Sep 2019 - Present (1 year 1 month +)

Performs / Creates and maintains the Third-Party Risk Management process that ensures the document repository is up-to-date with vendor contracts, risk assessment, and all pertinent vendor oversight details... Senior Information Security Analyst at Thomson Reuters Thomson Reuters

Jul 2018 - Sep 2019 (1 year 3 months)

Information Security Analyst

Virginia Dept of Health [Data Concepts]

Jan 2017 - Jul 2018 (1 year 7 months)

●Developing of security documentations such as Categorization, System Inventory and Definition, System Security plan, Risk Assessment and so on.

● Business Requirement gathering using interviews, meeting workshops, process analysis, use case scenarios, gap analysis

● Requirements analysis to reconcile conflicts, information decomposition

● Translating business requirements into detailed documents, process and workflow diagrams, use case scenarios, wireframes

● Creating deliverables, traceability matrices, project plans

● Collaborates in the development, implementation and maintenance of actionable business continuity and crisis management plans and maintains plan documentation.

● Knowledge of VITA Commonwealth Security Standard SEC 501, SEC 502 in developing Security Risk Assessment, BIA’s, Technical recovery plan and security procedures and so on.

● Assist in developing, implementing, testing, and maintaining disaster recovery plans Mary Barnor - page 1

● Effectively communicate with executives, managers, SMEs to enhance excellent customer – client relationship

Risk Management Consultant [Vendor]


Oct 2015 - Oct 2016 (1 year 1 month)

● Working with the Federal Information Security Management Act (FISMA) requirements, and National Institute of Standards and Technology (NIST) guidelines

● Conducts IT security (network, applications, operating systems, and databases) risk and vulnerability assessments and prepares assessment reports following standard practices.

● Ensures that security requirements for the Agency’s information systems are met by a designated date;

● Participates in business continuity, disaster recovery, and incident response planning

● Ensures risk analyses are completed to determine cost-effective and essential safeguards;

● Maintains and updates system security documentation as required in accordance with Agency policies and NIST;

● Supports continuous monitoring testing and assisting in the management of the Plan of Actions and Milestones (POA&M);

● Ensures that user accounts are managed according to Agency policies and procedures; and validate Common Control inheritance of applications.

● Assist in communicating and facilitating the requirements for security risk assessments for both customs developed and third-party applications within the Freddie Mac Infrastructure.

● Provide security consulting and advisory services to business units and project teams.

● Supports requirements gathering and design efforts of critical projects as needed.

● Responsible for implementing and maintaining a continuous process improvement work environment while executing security risk assessments in accordance with industry standards and best practices.

● Review information security accreditation request Information Security Analyst

CSAAC (Community Services for Autistic Adults and Children) Jan 2011 - 2012 (2 years)

● Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing

● Reviews and continuously monitors implemented security controls

● Creates and maintains security checklists, templates, and other tools to aid in the C&A process

● Performs security control Risk assessment using VITA SEC 501, NIST 800-53A, and NIST 800-171 guidance and as per continuous monitoring requirements

● Performs risk analyses to determine and recommends essential safeguards

● Proactively mitigates system vulnerabilities and recommends compensating controls

● Develops core documents such as System Security Plan, Inventory and Definition, Risk Assessment, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, and so on

● Contributes to and participates in security incident plan exercises.

● Identifies, investigates, and evaluates information security incidents on the network.

● Participates in threat modeling and analysis activities of business processes and current/potential IT solutions.

Mary Barnor - page 2

● Communicates security threats, policies, standards, and guidelines in clear terms to non- technical personnel.

● Under supervision, contributes to a comprehensive information security strategy.

● Performs general and application control reviews for simple to complex computer information systems.

● Performs information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance.

● Directs and/or performs reviews of internal control procedures and security for systems under development and/or enhancements to current systems. Education

Kwame Nkrumah' University of Science and Technology, Kumasi Bachelor of Applied Science - BASc, Business Administration and Management, General 2007 - 2010

Licenses & Certifications


Issued Nov 2019 - Expires Nov 2022



Information Security • Risk Assessment • Risk Management • Microso Office • Information Technology • Teamwork • NIST 800-53 • General Data Protection Regulation (GDPR) • U.S. Health Insurance Portability and Accountability Act (HIPAA) • U.S. Federal Information Security Management Act (FISMA) Mary Barnor - page 3

Contact this candidate