Information Security Analyst
Resume:
Christopher J. Cronin
Kennesaw, GA ***** 678-***-**** advpg4@r.postjobfree.com www.linkedin.com/in/cjcronin2023 INFORMATION SECURITY ANALYST
Leadership Project Management Information Technology & Information Security GRC Regulatory Compliance Information Assurance Privacy Risk Management Risk Audit & Assessment PCI DSS, SOC I and SOC II, HIPPA and HITRUST CSF, NIST SP 800-53, SOX, GDPR, and ISO 2700 series GAP and Risk Identification Corrective Action Plans, Remediation & Mitigation Controls Management Solutions Development Policy and Procedure Management SDLC Change Management Documentation Communication Information Security Awareness & Training Endpoint Security Anti-Virus and Anti-Malware Identity Access Management (IAM & RBAC) Application Management Vendor Management, SIG & SIG Lite Questionnaire Management Vulnerability Management and Penetration Testing and Remediation Strategic Planning Asset & Information Management Physical and Environmental Security BCP/DRP/Incident Management RFI & Contract Reviews Microsoft Office ServiceNow Experienced IT and Information Security professional with proven ability to lead enterprise level solutions to protect the confidentiality, integrity and availability of information and assets. Experienced leader and member of a large, international, and geographically dispersed IT and Security organization. Enthusiastic leader in the execution of strategic corporate technology initiatives, information security objectives, GRC, and compliance. Implemented, educated, and enforced policies, procedures, controls furthering a philosophy of and dedication to industry leading standards for IT, Security and Compliance excellence. Regularly requested to lead critical client facing security, GRC and compliance related engagements. Experience
The Echelon Group Woodstock, GA March 2020 –
October 15th, 2021
Information Technology Consultant
Partnering with company VP Information Technology, COO, President, and Operations Management providing IT and GRC support for Direct-to-Consumer and Business-to-Business call center operations.
• Conduct business-critical Information Security/GRC audits and assessments using expert understanding of information security best practices, policies, and regulatory standards in support of clients in Financial, Healthcare, Retail, Technology, and Communication sectors ensuring compliance with client contractual requirements and regulatory compliance.
Created Work-At-Home infrastructure, access, and asset management by implementing detailed policy and process documentation, asset, and user access management (logical and physical) resulting in the successful transition supporting a remote workforce.
Configure secured desktop builds for new and existing employees.
Provided 24/7 incent response providing remote and on-site support to achieve maximum system availability.
Engaged in the development and reviews of IT policies and procedures to establish and maintain organizational standards, guidelines, security certifications, and compliance activities. CHRIS CRONIN 678-***-**** advpg4@r.postjobfree.com Page 2 Alorica Kennesaw, GA
Information Security Analyst Jan 2015 – Oct 2019
Led and managed multiple, contractually mandated annual client-specific Information Security audits to ensure compliance with client information security and privacy requirements by organizing project teams consisting of HR, ER, Training, Client Development, Client Operations, remote site IT support, Enterprise Endpoint support, voice recording and screen capture support, database, server, network, SOC, Information Security, BCP, Incident Response and Service desk department representatives resulting in the successful support and completion of all client compliance assessment requirements ensuring continued compliance with and exceeding client expectations and ensuring positive business relationships.
Provide on-site auditing support by traveling to domestic and international call centers and data centers in support of PCI DSS, SOC I and SOC II, HIPPA and HITRUST CSF, NIST SP 800-53, SOX, GDPR, and ISO 2700 series regulatory compliance and client security audits successfully certifying company compliance with regulatory and client specific security standards.
Managed and coordinated audit findings and vulnerabilities remediation activities with internal teams and departments, documenting and communicating corrective action plans to all appropriate department, audit and assessment project team members resulting in successful implementation of solutions via approved company change control procedures.
Communicated audit risks, findings, vulnerabilities and solutions to clients, auditors, Client Solutions team, Information Security Team and Management using ad-hoc, daily and weekly audit and assessment status reports keeping all participants and management fully informed of the current state and progress of all information security audits and GRC assessments.
Managed vulnerability scanning and penetration testing scheduling and execution with internal security SME’s and external third-party vendors.
Managed vulnerability scanning and penetration results review, results reporting and communication to management. Responsible for issue, gap, and vulnerability tracking and remediation through to completion of final corrective action plans using ServiceNow and communication with application and system owners and IT SMEs.
Provided audit remediation evidence to the audit project team and participated in audit closing activities to confirm acceptance of all identified audit risks, findings, vulnerabilities solutions and remediation activities and compliance with all security and GRC controls to client's satisfaction ensuring successful audit completion and engagement closing.
Engaged in the management, development and reviews of security policies, procedures, and security awareness training materials to establish and maintain organizational standards, guidelines, security certifications, and compliance activities.
Successfully conducted and completed 70+ client-specific InfoSec audits ranging from simple to complex questionnaires Standard Information Gathering (SIG Lite and SIG) to on-site audit reviews of data centers, call centers, policy, and IT security control evidence.
Provided regulatory control evidence to the Information Security leadership for PCI DSS, SOC1 and SOC2, and HITRUST audits by working with the appropriate system administrators and support staff ensuring compliance documented compliance with security and GRC compliance standards and requirements. West Asset Management (WAM) (A subsidiary of West Corp.) Marietta, GA Jan 2012 – Dec 2014 DIRECTOR – INFORMATION SECURITY
Partnered with VP, Information Security, West Corp., managing and coordinating all security operations for WAM, including PCI, FISMA NIST 800-53 annual assessments, Client security audits and policy/procedure management and development.
Managed a team of Information Security Analysts coordinating all security and GRC company engagements communicating project status and results with Sr. Management and external third parties. DIRECTOR – INFORMATION SERVICES West Asset Management Marietta, GA (Sep 2006 – Dec 2011)
DIR of a department of programmers and application developers.
Implemented SDLC, Change, Control, and source code security and control policy and procedures. EDUCATION
Bachelor of Science (BS) in Computer Science Texas A&M, Corpus Christi, TX CHRIS CRONIN 678-***-**** advpg4@r.postjobfree.com Page 3
Contact this candidate