IT Security, compliance, vendor risk, due dilligence
Resume:
Cynthia Holden
Chicago, IL
*********@*****.***
SUMMARY
High performing, enthusiastic information technology and business/legal services professional with excellent communication skills. Leverages research and prior professional experience to develop and improve business processes. Possesses comprehensive understanding and application of the eDiscovery Reference Model (EDRM), NIST framework, experience in data management system implementation, and information governance. Extensive knowledge of enhanced documentation quality and compliance standards within the engineering, legal, and insurance industries. Has designed business process flows, identified strategic process improvements, and implemented record retention standards. Presently, seeking an information governance, legal operation management, or information technology role to leverage current expertise, deliver upon and enhance enterprise goals.
EDUCATION
June 2015 DePaul University College of Computing and Digital Media
Master of Science- Information Systems
August 2012 Loyola University Chicago
Bachelor of Arts- Business Management
PROFESSIONAL EXPERIENCE
August 2022-Present Cool Kids LLC
Proprietor
Provider of early childcare for ages 6 months to 11 years of age
February 2022-October 2022 Morningstar
IT Compliance Analyst
●Manage the life cycle of vendor risk assessment requests submitted by internal business owners
●Assess scope of engagement and assign initial vendor risk tier
●Distribute information security risk assessment to vendor
●Analyze vendor submitted assessment and supporting evidence and or documentation (SOC 2, SSAE 16-18) according to established business security policies, standards and ISO 270001 framework to identify security risks
●Report identified security risks to business owner via report to determine if the business accepts the vulnerabilities
●Ascertain security compliance remediation actions and work with vendors to resolve vulnerabilities
●Deliver final report and GRC recommendation to business owner
●Schedule next vendor review assessment
●Respond to client due-diligence questionnaires regarding internal information security controls, standards, policies, etc. provide supporting documentation, and assist with any follow-up activities
●Perform identity access SOX audits on servers and privilege network accounts
April 2021-July 2021 Walgreens
Senior eDiscovery Analyst
●Collaborates with in-house counsel relating to the identification, preservation, and collection of electronic files in support of the eDiscovery program
●Assists legal teams with running data searches and document review projects
●Coordinates the issuance and management of legal holds, including tracking custodians and data on legal hold
●Supports and coordinates the forensic collections of company data in collaboration with in-house and external counsel, vendors, information technology, and other business functions
●Documents and ensures timely compliance with legal requests; manage projects to completion, including regular check-ins with stakeholders
●Provides support and training to users on the company’s eDiscovery/Legal Hold program and technologies
●Interacts as needed/requested with outside counsel and vendors, under the supervision of company attorneys and/or the director of the eDiscovery program regarding the status, depth, and/or expansiveness of materials collected and/or preserved for purposes of responding to eDiscovery requests
●Provide reporting and metrics to legal division management as needed/requested
June 2020- Nov 2020 Jackson National
eDiscovery Analyst
●Manages eDiscovery requests and deliverables to ensure all requests are completed in a timely manner
●Coordinates the preservation and collection of data with IT and Information Security in response to data requests from outside counsel and third-party subpoenas
●Implement legal holds and perform ESI search, collection, and review utilizing advanced eDiscovery in the MS Security and Compliance Center
●Organizes and oversees large-scale document review in Veritas Enterprise Vault, including creating complex searches, filters and, recommending best practices
●Engages with internal support and vendors to remediate technology issues
●Identifies and implements process improvements, including creating and updating existing documentation
●Provides training on technology applications to members of the Litigation and Investigations team
●Assists with other enterprise projects regarding data governance
Contract: Synectics/Takeda Pharmaceuticals
Aug 2019 – Nov 2019 Legal and Compliance IT Analyst
● Forensically image laptop and mobile devices utilizing EnCase Imager and Cellebrite software
● Initiate in-place legal holds and collections in the O365 environment using O365 Security and Compliance Center
●Engaged with internal legal to facilitate proper usage and management of Legal Hold Pro
●Coordinated with IT Asset Management to improve IT asset retrieval and preservation process to improve compliance with chain-of-custody standards
●Updated process documentation surrounding ESI collection, preservation, and remediation etc.
Jun 2015 – Dec 2018 CNA Financial
IT Security Specialist
●Utilize EnCase Enterprise computer forensic software to collect, search, analyze, and produce electronically stored information (ESI) in support of litigation matters and corporate investigations
●Served as the SME for the entire lifecycle including requirements gathering, design, testing, and training of the Exterro Fusion Legal Hold and Project Management cloud solution
●Apply information security best practices regarding chain of custody and articulate user responsibility for information governance & security compliance
●Participate in vendor/software resource selection process to ensure selection meets eDiscovery and compliance requirements
●Engages with Computer Security Incident Response Team (CSIRT) to respond and resolve security threats in the enterprise infrastructure and IT environment leveraging the NIST framework to mitigate risks
●Draft and implement standard operating procedures and maintain documentation library via SharePoint
TECHNOLOGY EXPERTISE
MS O365 Security & Compliance Center Advanced eDiscovery, Veritas Enterprise Vault and Discovery Accelerator, Relativity, Salesforce, Jira, OneTrust, UpGuard, Reuter’s Legal Tracker, Guidance Software/OpenText EnCase Forensic tools, IBM Atlas Legal Hold, Exterro Fusion, BMC Remedy, ServiceNow, Legal Hold Pro, SAP, Documentum, MS Office Suite, MS SharePoint, MS Exchange Server, Master Control, MS Active Directory, and various in-house database systems
Contact this candidate