System Security Compliance Analyst
Resume:
Patrick Pyle
*******@*****.***
IT Security and FISMA Compliance Analyst
Detailed oriented CISM certified professional with knowledge of security tools, technologies, and best practices with more emphasis on FISMA/NIST. 10 years of RMF experience in system security monitoring, auditing and evaluation, C&A and risk assessment of GSS (General Support Systems) and MA (Major Applications)
Summary of Qualifications
Perform certification and accreditation documentation in compliance with NIST guidelines
Develop, review, and evaluate system security plan (SSP) based on NIST Special Publications
Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems
Develop and conduct security test and evaluation (ST&E) according to NIST SP 800-53A and NIST SP 800-53R4
Compile data to complete residual risk report and to insert contents into the POA&M
Experienced in the waiver request process from the AO upon POA&M deadline date
Capable of strategically developing a plan for continuous monitoring
Ability to multitask, work independently and collaboratively with a team
Strong analytical and quantitative skills
Effective interpersonal and verbal/written communication skills
Professional Experience
Morgan Stanley (via Russell Tobin) April 2023 - Present
Privacy Risk Consultant
Support the US Banks Privacy Office team managing the privacy risk program to ensure compliance with Privacy Laws/Regulations.
Support Privacy Impact Assessment (“PIA”) process (responsible for conducting end-to-end PIAs across Bank applications and Bank vendors, leading/coordinating PIA conversations with stakeholders, and ensuring PIA cases and results/findings are correctly tracked).
Validate, document and report found privacy gaps or risk indicators and help product managers develop response plans, including escalating issues when necessary.
Establish and administer a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with other similar functions.
Raise awareness of privacy policies and procedures, particularly Privacy by Design program and Privacy Operating Model.
Design and develop the goals, policies and procedures of the organization’s privacy programs in accordance with appropriate laws and regulations.
Collaborate in creating the mechanism needed for managing and responding to data subject rights requests.
Perform other responsibilities as needed to assist the team.
Integrated Communication Solutions, Inc. May 2018 – April 2023
Senior Information Systems Security Officer
Analyze and update system security plan (SSP), risk assessment (RA), privacy impact assessment (PIA), system security test and evaluation (ST&E) and the plan of actions and milestones (POA&M)
Assist system owners and ISSO in preparing certification and accreditation package for company’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4
Designate systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60
Conduct self-annual assessment (NIST SP 800-53A)
Perform vulnerability assessment to ensure that risks are assessed, evaluated and appropriate actions are taken to limit their impact on the information and information systems
Create standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
Conduct IT controls risk assessments that included reviewing organizational policies, standards and procedures and provide advice on their adequacy, accuracy and compliance
Total Computer Solutions, Inc. March 2012 – April 2018
Junior Information Systems Security Officer
•Provided A&A support on major systems for an IT security and privacy contract.
•Identify security and privacy requirements for systems based on NIST SP 800-53 and the Risk Management Framework.
•Developed and reviewed System Security Plans and Security Assessment Reports
•Assessed assigned systems and recommend methods for protecting computer data and
applications under NIST guidelines
•Ensured necessary data protection and security controls have been implemented
•Developed cyber security policies, plans, processes and procedures to ensure compliance with IT laws, policy and best practices
•Kept current with Federal IT security and privacy requirements, OMB policy memoranda and NIST guidelines
•Reviewed and assessed external services associated with Agency Network. Coordinated with infrastructure and application development teams
•Refined process documentation on cloud/managed services, e.g., FIPS 199 security categorization, security reviews, risk assessment and mitigation and privacy threshold analyses
•Researched current systems and recorded status of controls
•Developed and implemented plans for continuous monitoring
John Jay College CUNY January 2008 – March 2012
Desktop Support
Managed technical troubleshooting with an enterprise environment including systems crashes, slowdowns, and data recovery
Engage and track priority issues with responsibility for the timely documentation, and escalation
Provided information and/or technical assistance to users concerning the development and maintenance of the computer network or for resolution of special problems
Earned recommendation for teamwork, flexibility, and work excellence in providing IT support to students and faculty
Technology Summary
Security Technologies: Nessus, CSAM
Software: MS Office (Word, Excel, PowerPoint, Access, Outlook)
Key Skills
Network & System Security
Risk Management
Authentication and Access Control
Vulnerability Assessment
System Monitoring & Regulatory Compliance
Education
Bachelor of Science in Criminal Justice August 2010
John Jay College CUNY, New York, NY
Certifications
Certified Information Security Manager (CISM)
Contact this candidate