Unix Administrator Security Analyst
Resume:
Tamara Lauterbach
Team Manager ISRM Cyber- Governance, Risk, and Controls - Highmark Health
Eighty Four, PA 15330 ************@*****.*** 724-***-****
I2 Analyst Notebook, GRCP, GRCA, AccessData ACE, Palo Alto ACE, CCAK, CCSK, FAIR, Lean Six Sigma Yellow Belt, ITIL, CCSFP, CISA, CFE
Certifications currently studying for: CISSP
WORK EXPERIENCE
Highmark Health- Pittsburgh, PA
Manager – Cyber- Governance, Risk, and Controls March 2021to present
Assisted in development of the 8 steps process of Living Health
Assisted in the development of Living Health Certification
Instituted SOPs, RACI, workflows, SIPOCs, timelines and etc.,on multiple programs especially for Living Health and ATO process
Took on a higher leadership role through multiple management changes to ensure miles stones were met and program continued to develop while demonstrating our core principles.
Closed out multiple remediation findings while educating the enterprise on the importance of audits, controls and reducing risk
Established and improved turn around time(i.e., Client Reponses Requests (RFP/RFI), Internal and External Audits, Remediation, DISA STIGS, Control and Risk Assessments, Application Certification, System Security Plans, Cyber Risk Dashboard, Audit mapping, Legislative Affairs, Exceptions, Escalations and etc.)
Pushed multiple projects to finalization to ensure quality and assurance for the program.
Maintained and handled the budget for C-GRC
Scheduled and safe guarded vendors on needed projects
Multiple BISO representative
Conducted multiple board room meetings for speaking events
Assisted in staffing requests for ISRM as needed
Grew and developed the new stage of C-GRC for 2021 into the enterprise
Consulted with the stages of HMNY involvement into Highmark Enterprise
Consulted with vendors in increase of services and decrease in cost
Identified potential state gaps, developed programs, and ensured compliance prior to executive signoff
Develop control maturity, identifying gaps, recommending enhancements, educating the organization across the network
Worked on tasks and providing needed customer service as requested on multiple projects and programs
Matured Kanban, purposeful dashboard, decks for team to keep priorities in line and projects, improvements and overall needs being completed
Created, maintained, and supported as needed on all projects, SLO, Metrics, KPI and so on.
Managed a team of 15-25 individuals
Team Manager – Cyber Risk and Controls September 2019 to March 2021
Assisted in Insider Threat development and participated as a liaison to InTP SWAT team for Controls and Risk
Instituted SOPs, RACI, workflows, SIPOCs, timelines and etc., on multiple programs
Took on a higher leadership role through multiple management changes to ensure miles stones were met and program continued to develop while demonstrating our core principles.
Established playbooks for multiple programs
Pushed multiple projects to finalization to ensure quality and assurance for the program.
Developed control mapping from HIPAA, HITRUST, SOC2, MAR, SOC1, NIST, ISO-27000-1, COBIT -5, CMMC, etc.
Identified potential state gaps, developed programs, and ensured compliance prior to executive signoff
Develop control maturity, identifying gaps, recommending enhancements, educating the organization across the network
Worked on tasks and providing needed customer service as requested on multiple projects and programs
Developed a CSI project for RFP/RFI development, that reduced daily personnel cost by $750k
Matured Kanban, purposeful dashboard, decks for team to keep priorities in line and projects, improvements and overall needs being completed
Created, maintained and supported as needed on all projects, SLO, Metrics, KPI and so on.
Managed a team of 10-15 individuals
Information Security Analyst – Threat Management August 2018 to September 2019
Assisted in developing the InTP program and Cyber Intel Program
Maintain Event Monitoring in Splunk
Assisted in threat hunting activities as requested
Conduct L1 & L2 security monitoring and incident review using a security information and event management platform (SIEM)
Assist in Incident Response Procedures and worked through the incident closely with IRF Team
Conduct security review for Proxy, firewall, and email related requests and blocks.
Create SOP on procedures and activities
Took on leadership role to build trust throughout the org through multiple management changes to ensure miles stones were met and program continued to develop
Established playbooks for SOAR platform
Pushed multiple projects to finalization to ensure quality and assurance for the program.
Respond to audit evident request relating to Security Monitoring procedure and coverage.
Utilize multiple tools to help increase security needs focusing towards endpoint encryption tools.
Work to mature and detection capabilities across the network
Worked on multiple platforms for on-call needs
Developed a CSI project that reduced Splunk ingestion cost by $660k
Assisted in reevaluating the API daily consumption of Threat Intelligence tool reducing by 50-80 credits less a day to assist in other project needs
Create Kanban for team to keep priorities in line and projects, improvements and overall needs being completed
Create, maintain and supported as needed on all projects, SLO, Metrics, KPI and so on.
Maintain BI tools for all projects
Acted as change agent For Threat Management and Vulnerability
Aires- Robinson, PA
Data Security Analyst – Data Security October 2017 to August 2018
Develop and maintain eDiscovery and Forensics Program while using Encase, Proofpoint and O365 for email security and archiving towards need of legal holds and build cases
Key GRC & GRCA individual with all audits such as SOC2, ISO reports, PCI, Privacy Shield and etc. for annual certification
Physical Security Officer for all locations (monitor, enforce and create the best security practices for all Aires Employees and Visitors)
Assist in all HR needs regarding legal, litigation, terminations, transfers and new hires.
Perform information control reviews to include monthly audits (badge access audit, security camera audit, backup audits, clean desk audits, privileged access audit, access control audits, data protection violations, network breaches, incident response, system maintenance and other audits as requested)
Assists and trains other staff interested or participating in audit controls focusing towards the use of computerized audit techniques, and in developing methods for review and analysis of computerized information systems.
Updated/ created Policies and Procedure for best practices and conducted DR/BCP test to meet standards and need for ITBCP requirements
Worked on Tableau, AV, Splunk, Office protects, MX lookup toolbox, Knowbe4, Carbon Black, Archer, JIRA and Sharepoint
Responsible for the internal controls and risks of a company’s technology network and was first level response for security events
Helped develop the MDM solution and rolled it out to the whole company.
Developed and reported on security monitoring tool, security metrics around security monitoring
Develop, monitor, conduct partner vetting (NDA, COI, Questionnaires, collect/review and analyze SSAE SOC/ ISO reports, W9, utilize DowJones to conduct financial vulnerabilities and compliance checks such as OFAC, and conduct/verify business presence with federal, state and local government authorities).
Coordinate and follow up on audit findings to ensure that management has taken proper corrective action(s).
Coordinates and interacts with external auditors, administrators, faculty, staff and law enforcement officials as appropriate; available upon request to testify in court
Acting Team Lead as requested with 5 employees
PNC BANK- Pittsburgh, PA
IT Cyber Security Specialist- Threat Modeling and Review (TM&R) -Tech & Operations April 2016 to October 2017
Develops and implements security standards, procedures, and guidelines for multiple platforms and diverse system environments. Facilitates system access, operations, and maintenance. Assist and support the monthly recovery rate goal setting process.
Conducts vulnerability assessments, malware defense assessments and other information security routines, consistently
Dealt with HIPAA, lockboxes regulations on projects within Archer, focusing towards customer PHI and PII
Point of contact for the Enterprise Third Party Management that developed in Archer
Provides resolutions to controlling security risks and threats in IT environments; delivers training to staff on distributed information security administration procedures.
Investigates and recommends corrective actions for data security incidents to clients and project stakeholders.
Identifies regulatory changes that will affect information security policies, standards and procedures; recommends appropriate changes. As well protect an organization's data to ensure privacy during the process of storage and communication especially during a data breach.
Ability to utilize tools and techniques for assessing the effectiveness of information security measures, identifying potential risk exposures, and protecting the availability, confidentiality and audit trails of information from destruction or manipulation.
Compile and assisted on reports and security audits for PCI & SOX & SOC tests pertaining to MRA when dealing with internal Audits with OCC, FRB and other government branches to ensure that the bank is meeting the needs of their customers to be compliant with federal regulations
Experienced with Python and Tableau Desktop
Compile, track and analyze reports focusing towards assets inventory and recovery when dealing with unethical employees, termination and collection of assets.
Knowledge of and the ability to detect and prevent business crimes that involve computers/networks as instruments.
Assisting on Cloud upgrades, Cyber Defense, Cyber Forensics, Insider Threat and IAM
Worked closely with the CTO, CIO and CISO of PNC Bank, although was the assistant for the CISO of Cyber Information.
Build DFD, assisted with attack trees, layout risk vulnerabilities throughout the bank and participate in needed InTP issues.
Utilized Fire eye, Splunk, Sguil, Tanium, Encase, IBM analyst notebook, Tableau desktop and etc.
PNC - Access Management Security Administrator-IAM- Tech & Operations October 2016 to January 2017
Develops and implements security standards, procedures, and guidelines for multiple platforms and diverse system environments. Facilitates system access, operations, and maintenance. Assist and support the monthly recovery rate goal setting process.
Compile operational Retail and TM reporting to be provided will be a high focus on compliance
Worked on the Mainframe and revoke and grant provision entitlement throughout 60 different applications such as: RCN, EDI, RPI Research (FTS. Auto Wire), ARS, DFD, DLP, Pinacle (TSC, PWA, PSO, RDW), PEP, AUT, ACH, CMS, CPY, ORR, ORW, ACLS, MCA, TIR/ TOW, STX, TDP, TOAD and etc.
Complete needed maintenance towards other projects that focus on the Mainframe, CRM, and CARS accounts.
Great understanding toward computer skills working out of Access Databases with the understanding of working around confidential information.
Process with VPN token key and VDI non-token key requests.
Compiled and tracked ACF2 and Cyber Ark audit reports
Unix Administrator access (lead individual for CRM and mainframe)
EDMC- The Center & Argosy University Online - Pittsburgh, PA
Reporting Analyst- Recovery Department July 2015 to April 2016
Compile and report on per collector and department wide cash collections and accounts receivable data.
Assist and support the monthly recovery rate goal setting process.
Assist and support the daily, weekly and monthly reporting tools (scorecards, KPIs, metrics, Access Database etc.).
Provide timely ad-hoc analysis and reporting as needed through CARS, CRM and Mainframe.
Perform individual and group project work pertaining to the Re-Entry OOS and share-point
Perform and Assist in third party collection agency data aggregation and reporting
Assist and support process improvement initiatives that promote increase financial visibility and process efficiency
Compile operational reporting to be provided will be a high focus on compliance
Compile Detailed Cash Report; Account Audit; Secure Net; Call Copy Matrix; EOM Report; Down Payment; Sa Rec. VS. Re-Entry Analysis; SharePoint Analysis; 3rd Party Aid Report; Master ARs and ACH Payments Reports & Analysis daily.
Build and maintain two access databases that were used through the department
Assist and support the daily and monthly routine reports such as In-School Campaign, Monthly Performance Trackers and Agency Trackers
Develop Organization Flow Charts and Cross-Functional Flowcharts in Visio
Monitor the spreadsheets for the staff to ensure all procedures are being followed (VLOOKUP, proper notation, all accounts are being worked Etc.)
Issue and monitor day to day production as needed to provide training opportunities with other employees.
Communication to the RD support Team for concerns or issues with Reporting or Requesting information in a new Reporting formats
Worked on Unix Systems (known as key individual within CARS and CRM)
Acting Team Lead as requested with 5 employees
EDMC- Financial Aid Counselor -Finance Department March 2013 to July 2015
Work cohesively with ADA's or Admissions Coordinators in order to facilitate outstanding service to prospective students and their parents.
Maintain 100% Planning Load. Create Plans and explain the Plan and the student's/parent's rights and responsibilities for each aid source. Negotiate Payment Plans. Able to develop Student Financial Plans in concert with Institute procedures and knowledge of Federal regulations.
Assist students/parents with the completion of the FAFSA review the resulting ISIR. Assign the appropriate budget to a student and package the student (award their aid) as well as ensure that aid is paid to students' accounts in a timely manner.
Responsible for complete and accurate files and paperwork, certify loan applications, and complete Basic Verification/QA and C- Code Requirements.
Demonstrate proficiency in timely collections:
For summer term 80% aid paid consistently by end of 5th week of term and 90% by end of 8th week of term.
For all other terms: 90% aid paid consistently by end of 5th week of term and 98% by end of 8th week of term.
Maintain consistently clean files shown through Training Assessments for Compliance with Federal/State regulations, school policies and procedures. -Less than a 10% comment rate per term and less than a 5% potential liability rate for the year.
Control AR funds / Develop and complete data filled reports, focusing on the where each campus is financially and focusing on positive outcomes to develop better communication between the campuses and grad teams.
Develop reports using pivot tables, VLookups, splitters, data tables, KPI and more that are easy to understand and read.
Develop reports labeling which student is needing specific documentation, FAFSA for specific year for all 4 online campuses and 23 group campus for Finance Counselors, Managers, and Directors to ensure proper quality assurance.
EDUCATION
(CONT. Education) Master of Business Administration in Fraud and Forensics -- Carlow University 2021
Master of Science in Information Technology -- South University August 2016
Master in Public Health -- Argosy University April 2015
Bachelors of Art in Psychology -- Argosy University February 2012
General Education -- Canon McMillan High School June 2008
SKILLS
Well-developed communication skills demonstrated through extensive customer service; answering multi GRC/ policies/ auditing questions, paperwork, and positive interaction with individuals at all levels.
Consistently noted by supervisors for outstanding job performances, reliability and multi-tasking skills exhibiting efficiency, accuracy, speed and timely completion of all assignments.
Proven leadership abilities, function as "Manager/Team Lead/Senior" in current and previous positions.
Regularly take on added responsibilities with a "team focused mindset."
Quick minded with proven problem solving skills.
Skilled in excel, powerpoint, office, vizio, and access database
Skilled in compiling, reporting, auditing, and analyzing data
Great public speaking skills
Very adaptable, easy learner
Ability to communicate with and understand the requirements of professional staff in area of specialty.
Knowledge of public auditing policies, standards, and procedures
Can type at 73 WPM
Worked on Unix Systems (known as key individual within CAR)
Pervious USMC DOD experience (2008-2012) “highly confidential”
Contact this candidate