Sign in

Security Analyst Information

Alexandria, VA
January 18, 2023

Contact this candidate



Alexandria, VA 571-***-****


Information security analyst that has a track record of being able to recognize, evaluate, and track business risk and compliance issues to provide solutions based on industry-specific frameworks.


Frameworks:ISO27001 & ISO 27002 Information Security Management, NIST Series, HIPAA compliance, HITRUST, PCI-DSS, SQL, RMF(FISMA), SOC (Type II), SIG Questionnaire, Microsoft Office applications.

Skills: Risk Assessment, Vendor Risk Management (TPRM), working knowledge of ST&E, SAR, SAP, SSP, POA&M, Information gathering.

Skilled in risk-based approach to monitoring third-party vendor security practices and compliance, Threat Assessment, Incident Management, Access Control, Change management, Contingency Planning, Risk Mitigation, Disaster Recovery, contingency planning, Cloud Computing.


Victoria’s Secret (Contractor) Third Party Risk Analyst June 2021-Present

Conduct third party risk assessments in alignment with company security policies and industry standards to evaluate the effectiveness of security controls.

Review vendor security questionnaires including the Shared Information Gathering (SIG), Cloud Security Assessments (CAIQ) and supporting evidence to evaluate vendor security posture.

Review third-party security documents (e.g., SOC 2 reports, ISO 27001 certifications, Scan Results, vendors policies/procedures) to identify vulnerabilities and gaps in vendors environment.

Work closely with vendors and business lines to facilitate collection of vendor security documentation.

Execute and document assessment activities following established processes and procedures.

Develop and update third party risk management program policies, procedures, and best practices.

Perform risk monitoring, managing the risk remediation process, ensuring risk treatment plans are executed effectively

Manage risk reporting, creating reports to inform stakeholders and risk owners.

Monitor and assess third party performance to ensure compliance with the TPRM program, regulatory requirements, and service level agreements.

Monitor third-party service providers for compliance with information security policies and procedures.

Deloitte (Contractor) Information Security Analyst August 2019– June 2021

Supported risk management programs (such as performing risk identification, risk scoring, risk mitigation, and risk interactions reviews).

Audited and analyzed security assessment results in the Security Assessment Report (SAR).

Reviewed and validated all relevant NIST 800-53 Security Controls and applicable departmental policies for each IT system assigned.

Supported the creation of security awareness initiatives and policies.

Managed and conducted control testing using RMF process, categorization and control selection, ST&E SAR, POA&M to help adopt a multilayered approach to risk management.

Assisted system owners with the development and submission of POA&Ms.

Ensured appropriate documents have been obtained to fulfill assessments.

Assisted with the development and submission of risk assessments.

Provided cybersecurity compliance trends and issues and provided process improvement recommendations to increase standardization across programs.

Conducted meetings with the IT client team to gather evidence, developed test plans, testing procedures and documented test results and exceptions.

Worked closely with operations teams to update and implement information security policies.

Digital Intelligence Systems (Contractor) Cyber Security and Risk Analyst

March 2017– August 2019

Supported risk management programs such as performing risk identification, risk scoring, risk mitigation, and risk interactions reviews.

Conducted technical evaluation of information system design, focusing on information security aspects and accreditation according to the NIST Risk Management Framework.

Reviewed program documentation such as Risk Assessments, Security Plans, and Contingency Plans.

Conducted thorough reviews of all vulnerabilities, architecture, and reported findings in documents.

Run scans to detect vulnerabilities in web applications.

Performed risk assessments, audits, and tests to ensure proper functioning of data processing activities and security measures.

Reviewed system logs and details related to potential security investigations.

Maintained an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations

Utilized a ticketing system (Jira) to handle incident management.


George Mason University Fairfax, VA



CompTIA Security+

CISM (In Progress)

Contact this candidate