Information Security Analyst
Resume:
Craig W. Heard
Active Security Clearance
Phone: 210-***-****
Email: *************@*****.***
LinkedIn: http://linkedin.com/in/craig-heard
Results-driven information security analyst with expertise in governance, risk, compliance
(GRC), regulatory adherence (NIST, HIPAA, SOX), and cloud security. Proven ability to
manage security risks, implement compliance frameworks, and mitigate vulnerabilities across
regulated industries, including finance and healthcare.
Education
MBA – Information Management, Western Governors University, Oct 2023
AAS – Cybersecurity and Operations, Palo Alto College, San Antonio, TX, Jul 2022
Bachelor of Arts, Columbia College Chicago, Chicago, IL, 2000
Digital Forensics Level 2 Certificate, Palo Alto College, San Antonio, TX, Jul 2022
Training and Certifications
Cloud and Identity Management:
Microsoft AZ-500 Security Engineer Associate (In Progress)
Microsoft SC-300 Identity Access Administrator associate (In Progress)
Microsoft AZ-900 Fundamentals
AWS Certified Cloud Practitioner
Security Foundations:
CompTIA Security+ SY0-601
Technical Skills training:
NDG Ethical Hacking
NDG Introduction to Linux 1 and 2
Supplementary Knowledge:
Percipio Cloud Computing Security
Percipio Introduction to Enterprise Architecture
Professional Experience:
Information Security Analyst (Risk and Compliance) Citicorp/Citibank December
2023 - Feb 2025 San Antonio, TX, 78245
•Ensures compliance with regulatory frameworks such as SOX and ISO 27001,
ensuring that access certifications and segregation of duties (SoD) are aligned with
corporate policies, by performing risk assessment and auditing security controls.
•Conducts quality assurance reviews on data files, enhancing risk mitigation strategies
and ensuring adherence to internal audit requirements.
•Utilizes ServiceNow and ResolveIT to manage access control operations, streamline
incident management, and support compliance workflows.
•Performs strategic risk assessments, identifying security risks, and recommending
mitigation strategies by NIST and PCI DSS standards.
•Provides governance and compliance training, helping teams adhere to security and
regulatory policies while generating compliance reports for audit readiness.
•Interpreted and implemented IT security policies, standards, and guidelines to ensure
compliance with regulatory requirements and enhance the organization's security
posture.
•Provided comprehensive Quality Assurance (QA) for entitlement data in Citi's
proprietary system (EERS), collaborating with application teams and business
information security officers.
•Conducted initial assessment, triage, research, and remediation of issues found in
EERS feeds, improving data integrity and security.
•Managed technical queries related to Citi enterprise platforms, including Mainframe,
•Active Directory, and UNIX, ensuring accurate and timely resolution.
•Led global meetings and assisted in creating high-quality entitlement feeds,
suggesting continuous improvements in QA processes.• Analyzed feed quality and
tracked progress using Citi tools, producing metrics and reports on issues and risks to
drive data-driven decisions.
•Enhanced cybersecurity risk and compliance measures by implementing and
maintaining robust security protocols.
•Provided expertise in GRC, conducting thorough risk assessments and managing
security policies.
•Coordinated with cross-functional teams to resolve complex security issues, ensuring
adherence to compliance standards and improving security protocols.
•Managed access control policies, enforced optimal security standards, and performed
strategic risk assessments to mitigate vulnerabilities.
•Trained new employees on QA processes, reducing ramp-up time by 30%, and
enhancing team efficiency.
Identity Access Management Analyst
Security Services Federal Credit Union November 2022 - June 2023 San Antonio, TX
• Administered identity governance using SailPoint for provisioning, modifying, and
deactivating user accounts, streamlining workflows to reduce errors and improve
efficiency.
•Managed lifecycle processes for IAM roles and entitlements across 207+ system
applications ensuring accurate provisioning, including decommissioning and
compliance with access control best practices and standards.
•Reviewed and processed daily IDAM tickets via the ServU Service Portal to address
time-sensitive access control requests and user account modifications.•Configured and enforced Separation of Duties (SoD) controls and role-based access
control (RBAC) policies to mitigate risk and enhance governance.
•Conducted IAM compliance audits, aligning operations with SOX and internal
regulatory frameworks.
•Collaborated with risk management to identify and remediate risks associated with
application entitlements and roles.
•Integrated and maintained SAML-based Single Sign-On (SSO) solutions for
enterprise applications, enhancing authentication and user experience.
•Supported application testing efforts, developing, executing, and documenting test
scripts for application upgrades and security configurations.
•Managed directory services, including Azure AD and LDAP, to enable secure
provisioning and authentication processes.
•Configured and managed application feeds and connections (e.g., delimited files)
within SailPoint, ensuring accurate data integration into the IAM system.
•Troubleshoot IAM access and security issues, providing management with
recommendations and resolutions to maintain compliance and operational efficiency.
•Communicated with vendors to assess application changes, evaluate security
impacts, and relay requirements to the Access Management Team.
•Designed and deployed IAM roles and policies to secure AWS resources, adhering to
access control best practices.
•Created and maintained reporting dashboards for User Access Control Activities,
leveraging IAM system analytics to support governance initiatives.
IT Management Intern
Cybersecurity Infrastructure Security Agency (CISA) - Department of Homeland Security
July 2022 - December 2023 San Antonio, TX, 78238 (remote).
• Contributed insights on AWS tagging and naming conventions while ensuring
compliance with ITAR and FedRAMP standards.
• Conducted vulnerability assessments and contributed to developing IAM policies to align with
NIST guidelines.
• Managed the ITAR approval process and developed organizational diagrams to support
security and governance efforts.
• Engaged in risk management projects, identifying potential security threats and ensuring that
cloud-based operations followed compliance guidelines.
Projects
Azure Identity and Access Management (IAM)
Configured Azure Active Directory (AAD) for identity provisioning, role-based access control
(RBAC), and conditional access policies.
Implemented Azure Sentinel for Security Information and Event Management (SIEM),
automating threat detection and incident response.
Microsoft Azure Virtual Machine and Web Server Deployment
Created and configured a virtual machine on Microsoft Azure, deploying a web server with best
practices for security and performance optimization to ensure a secure and efficient
deployment.
Deployed Azure virtual machines, applying best practices for secure resource management.Completed structured training on Azure and AWS IAM, focusing on cloud-based access controls
and compliance.
Microsoft SIEM with Azure Sentinel and Powershell
Developed and configured a Security Information and Event Management (SIEM) system using
Microsoft Azure Sentinel, automating security event monitoring and response with PowerShell
scripting to enhance incident management capabilities. Integrated Azure and PowerShell to
streamline the SIEM implementation.
Hosted a WordPress website using Amazon Web Services (AWS)
Set up and configured a WordPress website on Amazon Web Services (AWS) IAM,
implementing secure roles and multi-factor authentication(MFA),including domain registration,
server configuration, and WordPress installation. Implemented security measures to protect
against common vulnerabilities and threats, ensuring a secure web presence.
Core Skills:
Governance, Risk & Compliance (GRC)
Cloud Security (Azure, AWS, etc.)
Risk Assessments & Mitigation
Regulatory Frameworks (NIST, ISO 27001, PCI DSS)
Security Incident Management & Audits
Data Security & Privacy (HIPAA, SOX)
Identity & Access Management (IAM)
Compliance Reporting & AuditingPolicy and Regulatory Knowledge
Policy Development (ISO 27001, SOX, HIPAA).
Regulatory Compliance (PCI DSS, NIST, SOC 2).
Office and Collaboration Tools:
• Productivity Tools: PowerPoint, Excel, M365 (Microsoft 365)
• Visual & Diagramming Tools: Visio, Project Libre (Project Management)
• Collaboration & Workflow Management: Jira, ServiceNowVulnerability Scanning &
Management:
• Tools: Nessus, Wireshark, Kali Linux
• Platforms: Azure Active Directory (AAD), VirtualBox
• Processes: Vulnerability Assessment, Threat Detection, and Remediation
Technical Operations & Troubleshooting:
• Tools: Remote Desktop Protocol (RDP), ServiceNow
• Capabilities: Incident Response, Access Management, and Workflow
Optimization
Contact this candidate