Risk Analyst Cyber Security

NALAIN MOUSS

Mobile: +1-281-***-**** Email: ************@*****.*** Houston, TX, United States

PROFESSIONAL SUMMARY

Seasoned Information Risk Analyst and Cybersecurity Professional with extensive experience in Governance, Risk, and Compliance

(GRC), third-party vendor risk assessments, and regulatory frameworks such as NIST 800-53, ISO 27001, PCI-DSS, HIPAA, GDPR, SOX, FedRAMP, and FISMA. Proven ability to lead complex risk evaluation initiatives, develop secure architecture reviews, and implement effective security controls in line with industry best practices. Adept in conducting internal and external audits, managing POA&Ms, and supporting security documentation such as SSPs, SARs, IRPs, and ConMon plans. Skilled in SIEM tools

(Splunk, QRadar, ArcSight), vulnerability management (Nessus, Qualys), and incident response. Strong communication and analytical skills with a track record of cross-functional collaboration, strategic risk analysis, and stakeholder engagement. Holds CompTIA Security+

CYBER SECURITY TRAINING/SKILLS/STANDARDS/SOFTWARE

NIST SP 800 Series (e.g., 800-53, 800-37, 800-171) ISO/IEC 27001/27002 RMF (Risk Management Framework) FISMA FedRAMP COBIT ITIL HIPAA PCI-DSS SOX GDPR Risk assessments and gap analysis Threat modeling and vulnerability assessment Business Impact Analysis (BIA) Security control evaluation and documentation Plan of Action and Milestones

(POA&M) management Nessus Qualys OpenVAS Splunk IBM QRadar ArcSight LogRhythm Symantec DLP Forcepoint DLP CrowdStrike Carbon Black Palo Alto Snort Suricata SCAP SCCM Role-based access control (RBAC) Least privilege enforcement Multi-Factor Authentication (MFA) PKI / Certificate management Active Directory LDAP Conduct internal security audits Respond to audit findings Support external audits and assessments Evidence collection and documentation

System Security Plans (SSP) Incident Response Plans (IRP) Contingency Plans (CP) Security Assessment Reports (SAR) Continuous Monitoring (ConMon) documentation Network segmentation and hardening Secure architecture review Secure system/software configuration (DISA STIGs, CIS Benchmarks) Log management and analysis Threat detection and containment Root cause analysis Evidence handling Incident reporting Lessons learned analysis Data classification and handling Encryption protocols (TLS, AES, RSA) Backup and recovery Data retention policies Secure data destruction. CERTIFICATIONS

• CompTIA Security +

• CISA – Certified Information System Auditor – In View EDUCATION

• Houston Community College Houston, TX

Associate of Arts in Technical and Scientific Communication EMPLOYMENT HISTORY

RISGROUP LLC October 2019 to Present

Information Risk Analyst Lead (GRC)

• Collaborated with cross-functional teams, provided training on GRC processes and security practices, and developed comprehensive documentation for identity security processes.

• Conducted access reviews, automated identity management workflows, assessed new IAM tools, and ensured adherence to industry regulations while supporting strategic and operational planning initiatives.

• Created dashboards and reports to track Governance, Risk, and Compliance (GRC) metrics, providing clear and concise updates to leadership on risk management activities and outcomes.

• Supported compliance monitoring and reporting functions by coordinating internal and external audits, gathering evidence, preparing documentation, and addressing audit findings.

• Ensured compliance measures remained up-to-date by staying informed on emerging regulations and guidelines.

• Developed and implemented complex risk evaluation methodologies, creating models and simulation scenarios to test risk conditions and ensure the effectiveness of developed solutions.

• Sourced, compiled, and interpreted data to identify risk trends and discrepancies, effectively communicating analysis outputs to stakeholders.

• Produced comprehensive reports based on data analysis, highlighting company trends, risk factors, and areas for improvement to inform strategic decisions.

• Supported business processes by developing and implementing procedures for operational tasks, ensuring continuous improvement and acting as a resource for management and associates.

• Collaborated with cross-functional teams to develop expert strategies addressing risk evaluation results, monitoring the effectiveness of these solutions.

• Created documentation and presentations to educate stakeholders on risk policies and procedures, enhancing organizational awareness and compliance.

• Collaborated with users, technical teams, and operations to collect requirements, describe data needs, and devise protection mechanisms.

• Conducted reviews of security event logs and alerts from systems like Firewalls, IDS, SIEM, and syslog to analyze security events and investigate threats.

• Produced detailed documentation, including flowcharts and data flow diagrams, for designs, specifications, and end- users.

• Developed and maintained compliance policies, procedures, and guidelines aligned with frameworks such as NIST 800-53, ISO 27001, PCI DSS, GDPR, HIPAA, SOX, FedRAMP, and FISMA.

• Led risk assessments to identify security gaps and ensured compliance with regulatory and legal requirements. FUSE CONSULTING July 2017 – September 2019

Security Risk Assessor (Third Party Vendor Risk Assessor),

• Conducted a security control assessment to assess the adequacy of management, operational, and technical security controls implemented for vendor selection.

• Performed initial review of due diligence on the vendor to ensure updated and applicable to the product/service provided

• Tiered, assessed, and monitored risks associated with vendors to determine Inherent Risk Rating

• Assessed vendors utilizing the stages in the Third-Party Cycle Framework (Onboarding, Due Diligence, Monitoring, Termination Plans, Off-boarding) utilizing NIST CSF

• Conducted regular risk assessments and vulnerability scans to identify potential security threats

• Collaborated with IT and security teams to address security gaps and implement necessary controls

• Assessed emerging risks through ongoing research and monitoring of industry trends, proactively addressing potential threats before materializing into significant issues.

• Conducted thorough risk assessments of vendors, identifying areas for improvement and implementing corrective actions.

• Led initiatives to improve process efficiencies within the Vendor Management team, streamlining operations and reducing costs.

• Coordinated with internal stakeholders to ensure that vendor management activities were integrated with broader business strategies.

• Provided support for regulatory examinations, ensuring that all necessary documentation and evidence were available.

• Collaborated with the compliance team to ensure that vendor management practices adhered to industry standards and regulatory requirements.

• Monitored and reviewed security controls to detect cybersecurity threats, ensuring timely identification and mitigation of potential risks.

Contact this candidate