Cybersecurity Analyst Compliance
Resume:
Shawana Gaines
Phone: 202-***-****
Email: adwevh@r.postjobfree.com
PCI Analyst Cybersecurity Analyst Compliance Analyst PROFESSIONAL SUMMARY:
11+ years of experience in Sales & Business Development with proven experience and a strong track record in driving business development over $3M.
10 + years of experience working with PCI DSS, Pen Testing, SOC, Threat Detection and Response, Auditing, and GRC.
6 + years of experience working with Security Operation Center from monitoring networks and systems for suspicious activity to identifying possible security threats. Performing real time cyber defense incident handling tasks- forensic collections, intrusion correlation and tracking, threat analysis and system remediations.
5 years of experience in Product Management while driving Product Development from conception to launch.
11+ years of experience in Social Media Marketing overseeing the direction of social media campaigns, building social video content, and developing online communities from scratch.
4 years of experience in Digital Media developing video content and executive producing commercials.
Accomplished over 20 + years with working with HIPPA,OSJA, and Regulatory compliance.
Executed hours in cloud safety, automation, vulnerabilities and mitigations
Diverse knowledge in multiple areas of cyber security and troubleshooting
Protected organizations and their customers by securing sensitive data and critical assets from current and emerging threats
Wealth of knowledge in PCI DSS compliance and maintaining compliancy by identifying and resolving compliance gaps.
TECHNICAL SKILLS:
Microsoft Office (Word, Excel, PowerPoint,Teams, Outlook)
Adobe, Slack, Photoshop, Google Docs, Google Sheets, Canvas
Cybersecurity Frameworks: NIST, ISO, PCI DSS, CIS Controls, GDPR
Vulnerability Scanners-Nessus, Qualys Guard
Endpoint Protection – McAfee AV, Qualys Guard
Pen testing – Wireshark, nmap
Cloud Security- Azure, Oracle, GCP and AWS (pending)
Security Audits- PCI DSS
Information Security
PROFESSIONAL EXPERIENCE:
Baxter Clewis Consulting Dallas, TX July 2022- Present PCI Security Analyst
Led an audit team focused on the development of a hardening guide for Windows 2016 server minimizing internal and external threats regarding data security breaches; allowing the organizations’ reputation and the protection of cardholder data (CHD).
Managed Payment Card Industry Payment Security Standard (PCI DSS) assessments for 15 organizations by conducting walkthrough with system administrators to assess evidence of system configurations to ensure proper compliance implementation were in place.
Implemented a security policy manual regarding automatic disconnect of sessions for remote access technologies while ensuring the correct period of inactivity and annual revision was being established with the intent of securing the systems from backdoors to critical resources and the card data environment (CDE).
Deployed Qualys Guard and Tenable Nessus scanning tools to perform vulnerability assessments on hundred of applications and operating systems according to a broad range of emerging threats while evaluating the common vulnerability scoring systems (CVSS) level.
Oversaw as Team Lead the clients’ strategic planning to ensure Payment Card Industry (PCI) compliance was established and maintained; validating a card not-present merchant and their compliant Attestation of Compliance (AoC) and Self-Assessment Questionnaire (SAQ).
Consulted for clients by performing a Payment Card Industry (PCI) audit focusing on the remediation of findings towards an Attestation of Compliance (AoC) enhancing their posture prior to a potential security breach.
Assessed the Group Policy Object (GPO) password policy identifying a finding of insecure attempts to establish passwords while recommending the remediation based on Payment Card Industry (PCI) compliance in order to reduce by 80% any excessive brute force attacks into the organizations’ network.
Identified a potential finding of the absence of a logging and monitoring system while active admin accounts and outdated patches to system components; where providing remediation that would benefit the Confidentiality, Integrity and Availability (CIA) Triad of the cardholder data (CHD) stored in the environment.
Spearheaded the evaluation process of the company’s’ risk profile by configuring and deploying network firewalls with content filtering services increasing the savings of an approximate of
$300,000 on third-party auditors’ fees.
Patterson and Patterson Tax Services (Charlotte, NC) October 2020- Present Cybersecurity Analyst
Oversaw access controls during a PCI Assessment where unauthorized access, weak user credentials and system misconfigurations were present while addressing and documenting findings in deliverables for the clients’ remediation team.
Managed the compliance risk program of the client by helping to secure Personable Identifiable Information (PII) while classifying data by level of sensitivity as restricted.
Reduced the scope of the business by adjusting a flat network to facilitating segmentation with internal firewalls and properly configured with strong access control lists (ACL); providing better analytics around network monitoring, network access and devices such as Endpoint Device Protection (EDP).
Removed a misconfiguration regarding default account in a software before deployed into production environment preventing a malicious individual from re-enabling the account and gain access to cause a potential security data breach. Marrakesch, Inc (Aiken, SC) JULY 2019- June 2020 Cybersecurity Analyst
● Identified enabled unnecessary services on a servers’ configuration file provided the recommendation per PCI DSS to ensure to change vendor supplied defaults and remove or disable these services in order to minimize the impact on compromised systems.
● Implemented data encryption & protection, information security policies and enforced HIPAA compliance by conducting a threat assessment to identify the data to be encrypted utilizing advance encryption standard (AES) to add a layer of protection to data at rest and backups.
● Launched an Information Security Policy that created measures to protect cardholder data
(CHD) and enforced cyber awareness trainings regarding risk assessment in order to identify critical assets, threats and vulnerabilities.
● Secured electronic protected health information (e-PHI) by ensuring transit of data was encrypted as well as updating privacy policies of the organization.
● Ensure inventory tracking for every IT equipment or medical device that contains ePHI and coordinate with the compliance team to ensure effective monitoring of systems and restrictions enforcement.
● Conducted assessment of Point of Sales (POS) device on weekly basis to ensure adequate functionality and payment terminal approval from the PCI Council in order to maintain the security of an approximate of 10,000 transactions per year. CG Restaurants & Bars (Cornelius, NC) September 2012- March 2014 Compliance Analyst
● Utilized scanning tools to identify devices on their network and collect information about the software version that is installed and compare to known vulnerabilities in order to implement an approach strategy for a vulnerability management program.
● Maintained Information Security Policies by conducting annual revisions especially to sections of data protection for physical and digital assets involving end users and network components. Kent OMS (Greeensboro, NC) April 2012- December 2018 Regulatory Compliance Specialist
● Identified risks and making recommendations for improvements based on Health Insurance Portability & Accountability ACT (HIPAA) and security best practices. Maintaining HIPAA compliance and developed new policies and implemented procedures to ensure PHI integrity
● Coordinate efforts of staff members around the goal of PCI compliance. Designed programs to increase staff awareness of new policies and procedures
● Developed and implemented approach strategy for implementation vulnerability management program. Performed vulnerability scans and assessed findings from vulnerability scans, configured, exported reports and interpreted
● Applied control concepts to all defined PCI Payment Channels and ensure all maintain compliance with the PCI DSS Standard.
EDUCATION:
Master's Degree in Cybersecurity – Cyber Operations ECPI University, 2021
Bachelors Degree in Biology
Winston-Salem State University, 2000
CERTIFICATIONS
Qualys Guard Vulnerability Management, (2022)
Qualys Guard PCI Compliance, (2022)
Qualy’s Guard Patch Management, (2023)
Qualy’s Guard File Integrity Monitoring, (2023)
Qualy’s Guard Cloud Security Assessement and Response, (2023) Qualy’s Guard Endpoint Detection and Response, (2023) Qualy’s Guard Cybersecurity Asset Management, (2023) AZ 900 Certification, (2022)
Oracle Cloud Infrastructure Foundation 2021 Certified Associate, (2022) Oracle Cloud Infrastructure 2021 Certified Architect, (2022) Cardiopulmonary Resuscitation Instructor (CPR) -expires 12/25 Basic Life Support Instructor (BLS)-expires 12/25
Advanced Cardiac Life Support (ACLS) -expires 12/25 Pediatrics Advanced Life Support (PALS)-expires 12/25 ISC Certified Information Systems Security Professional CISSP, (In Progress)
Contact this candidate