Information Security Management

Highlight

Strong problem solving and project management skills, knowledgeable in Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), Disaster Recovery Plan.

Vulnerability Management

Vendor Risk Management

Communication Skills/ Organization skills

Project Management Skills

Third Part Risk Assessment & Business Agreements

Standardized Information Gathering Questionnaire (SIG)

FRAMEWORK

Sarbanes-Oxley Act, SSAE 16, Access Control, PCI-DSS, HIPAA, ISO 27001, FISCAM, FISMA, General Computer Controls, Application Control Testing, Risk Assessment, Data Center Audits, Change Management, Security Controls Testing, Nessus Vulnerability Scanner Business Continuity, Policies and Procedures, NIST 800-53, FISCAM SOC 1 & 2.

RELATED EXPERIENCE

Cybersecurity Governance and Compliance

CareFirst, Owings Mills April 2019 – Present

Develop, update and maintain Information Security policies, standards, guidelines, and procedures; Identify gaps where new policies, standards, guidelines, or procedures are required and work with SMEs to develop the necessary documents

Collaborate with teammates to ensure requests for risk assessments are accounted for and tracked throughout request lifecycle

Conduct ongoing third-party security assessments to validate appropriate controls are in place. and manage, monitor and track third party compliance.

Document and communicate with business and IT regarding security risks and deficiencies.

Provide Information Security consulting and subject matter expertise on third party service contracts and/or Sourcing arrangements.

Assess the adequacy of a vendor's security program to safeguard the client’s data, and ensure proper evidence is gathered to facilitate timely closure of remediation plans

Serve as advisors to the business by ensuring an ongoing awareness of identified risks

Lead and facilitated vendor partner performance assessment conversations and determine course correction action plans as applicable.

Ranked vendors in accordance with their security posture, designating classifications based on scorecard reviews.

Assess vendors against security requirements and execute periodic vendor security reviews.

IT Auditor

Ernst & Young (EY) (June 2018 – April 2019)

Assisting organizations in the identification and management of information security risks by assessing the current state, prioritizing improvements and conducting projects to reduce risk and improve regulatory compliance

Assist with the performance of information security and privacy risk assessments as well as related ongoing compliance monitoring activities

Tested IT general and application controls and performed walkthroughs and detailed testing of controls to evaluate the design and operating effectiveness of controls

Conducted compliance audits to identify areas of vulnerability and risk, and provided recommendations for POA&M

Planning, organizing and conducting information system audits

Reviewing all aspects of information systems and related controls

Identifying and remediating control and performance gaps compared to leading practice, helping clients gain stakeholder buy-in, reduce risk, and increase value and visibility of IT cost

Reviewing detailed analysis of the control environment to gain assurance over effective operation of controls Perform periodic enterprise risk assessments and inquiries of applications, business processes.

IT Auditor

Genesis Healthcare, (November 2015 – May 2018)

Tested ITGC Controls and documented their efficiency.

Work closely with other members of the security and other IT teams on day-to-day operations.

Assisted in maintaining Information security policies, standards and procedures.

Maintains risk assessments related tools with the goal of improving efficiency, reducing costs, improving agility and optimizing information technology governance, risk, and controls management processes, while providing an overall view of the organization’s risk profile.

Performed risk assessments to identify current and future security vulnerabilities.

Maintained information security awareness programs, regularly conducting exercise to educate employees of the information security and best practices.

Participated in departmental IT Policy & Risk Assessment process improvement projects

Escalate high or critical severity level incidents to Incident Handlers

Investigate and triage of incident when they occur.

Investigated and managed privacy and security incidents; supporting the management of privacy. breaches; responding to privacy and security complaints; analyzing privacy and security risks.

Assist with preparation for external and internal information security audits.

Monitored corrective action plans to ensure that internal findings and recommendations are remedied, and actions are implemented.

EDUCATION: Bachelor of Arts in International Affairs (2014)

University of Baltimore, Baltimore

CERTIFICATIONS

Certified in Risk and Information Systems Control (CRISC)

Cyber Policy (Utica College)

ITIL 4 Foundation

Contact this candidate