Security Analyst Information
Resume:
JEROME NYONGBELA
Address:Hyattsville-MD. 202-***-****
Email: *************@*****.***
Background
IT Skilled, compliance leader and strategic innovator with a 5+years in progressive management experience in successfully directing complex projects, developing strategies, and leading teams to further the enhancement of overall regulatory compliant operations. A motivational leader who can easily work in and navigate and sometimes ambiguous environment committed to personal development and with the ability to learn quickly and multi-faceted operational division. Specialize knowledge in implementing policies, procedure and processes focusing on the improvement of business operation, regulatory affairs, compliance, privacy and information security, risk management, strategic planning and health information security technologies and objectives of Confidentiality, Integrity, and Availability
Experience
MAY 2021- PRESENT
IT RISK AND COMPLIANCE ANALYST, HEWLETT PACKARD ENTERPRISE (WTS)
Assist with the verification that application software/network/system security and control postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
Monitored risk assessments and assessed validity using industry-specific methods.
Built disaster management and recovery plans for several types of financial emergencies.
Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
Collects and documents evidence of compliance with applicable policies, procedures, and regulations.
Participates in third-party risk assessment and management processes.
Operates vulnerability management tools to identify security weaknesses and validate compliance with standards.
Facilitates external audits by collecting requested evidence, analyzing requirements, and coordinating overall response.
Work with Director to track enterprise compliance across multiple security frameworks including NIST CSF, HIPAA, HITRUST, SOC 2 and ISO and maintain up-to-date records of requirements and corresponding mitigating controls.
Support the management of technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures, and standards to validate maintenance of security configurations.
Conduct and/or oversee all time bound IT Security Calendar Activities like TCP/IP scanning, ID validation, health checks, log(s) review, anti-virus management, server patch management and ensure closure of all related tasks
Demonstrates proficiency in the Microsoft Office Suite (Word, Excel, V lookup, and PowerPoint) or related products.
Contribute to the design and implementation of IT General and Application Controls to ensure Gannett’s compliance obligations are met (e.g.: PCI, SOX, HIPAA, etc.).
Utilizes Data Privacy GRC Tool (Trust Arc) and other Regulatory support tools (Nymity) to assess Data Privacy and Regulatory Compliance related matters and determine if the shift in environment will impact the DP and compliance activities owned by GIS.
Technical acumen to manage and enhance enterprise Data Privacy tools and solutions.
Collaborate with security teams to ensure our IT environment meets our security requirements.
Respond to RFPs and client security assessments accurately and in a timely manner
Plan, execute, and report on diverse types of Security/Privacy GRC reviews, including post-remediation validations
JUNE 2019-APRIL 2021
Vendor Security and Relationship Consultant, Humana (WTS)
Assist in developing and implementing Governance, Risk and Compliance (GRC) program
Respond to RFPs and client security assessments accurately and in a timely manner
Four years in Vulnerability Management Analyst (Qualys)
Drive recurring risk assessments in a timely manner with little supervision or direction
Conduct third party risk assessments
Assist the Director of Security in tracking identified risks and exceptions, and managing to resolution
Collaborate with clients, internal partners, and third parties to prioritize, mitigate and resolve identified risks
Identify and drive risk scenarios to actualize risk and risk remediation activities
Support generation of intellectual property and submit patents to advance business objectives.
Collaborate with business leaders and engineering directors on security risks and opportunities.
Identify cybersecurity opportunities that enhance the developer and customer experience.
Improve and shape the program by identifying gaps in activity logging and communicate requirements and use cases to the engineering teams.
Work closely with the Business Information Security organization to incorporate identified sensitive positions into the risk monitoring workflow.
Partner with other J&J teams to support a coordinated response to insider risk activities including Employee Relations, Human Resources, Legal & Compliance, Global Security, Brand Protection and other ISRM teams.
Contribute to security awareness activities.
Establish requirements for the operation of data collection and ingestion into the analytics platform to detect insider risk behaviors.
Daily, Weekly, and Monthly operations verification across scheduled security activities, including infrastructure vulnerability scanning and user access reviews
Supporting the organization's Information Security and Data Privacy requirements, procedures, and controls which includes working with outside audit teams for NIST, PCI, SOC, and other audits
AUGUST 2017-APRIL 2019
SECURITY ANALYST, CITIBANK
Supply the detailed knowledge and ability needed to manage the security aspects of an IS. Maintain responsibility for the day-to-day security operations of the system.
Map vendor SOC2 to company SIG questionnaires responses.
Review third party artifacts such as SIG questionnaires, SOC2 reports, ISO27001 certification, and other security program and policy information
Security Control Assessments Preparation
Vulnerability Management and Change management
Providing support for implementing and enforcing information systems security policies, standards, and procedures
Have a working understanding of GDPR compliance requirements. Previous experience supporting GDPR, CCPA, HITRUST, HIPAA
Ensure all security controls meet security requirements for all information that will be inputted, stored, and transmitted
Helping with preparation, review, and updating all documentation
Develop system security policies and ensure its compliances to the various frameworks we adhere to
Serve as a subject matter expert for information security and data privacy
Developed solid working relationships with businesses and clients a single point of contact for GRC
Ensure information security compliance s with CCPA PCI-DSS.
Worked with SOC and SIEM teams to monitor environment logs to ensure DLP
Worked with vendors in remediating findings discovered during the onsite/virtual assessment.
Ensure compliance requirements and best practices are incorporated during the Cloud platform configuration, monitor and report on the cloud compliance program.
Perform the entire audit cycle, including risk management and control management over operations' effectiveness, financial reliability, and compliance with all applicable directives and regulations.
EDUCATION
OCTOBER 2015
BARCHELOR IN INFORMATION TECHNOLOGY, UNIVERSITY OF BAMENDA- CAMEROON BAMENDA
CERTIFICATION:
SECURITY PLUS, CISA
CISM IN PROGROSS
ures compliance with established internal control procedures by examining records, reports, operating practices, and documentation.
SKILLS
Microsoft Office 365
Risk Mitigation
Critical Thinking
Fluent in English
Data Management.
IT audit
One-Trust
ServiceNow
Python
Linux
Sleep command
For Loop
SOC reports
Nessus (Vulnerability Scanner
Vulnerability management Analyst
Qualys
SOX (Sarbanes oxley) Acts
Analytical Skills
Cloud Security
ISO/BSO, PCI DSS, HIPAA, NIST, HITRUST, GDPR, CCPA,
FEDRAMP
Contact this candidate