Senior Information Security and Compliance Expert
Resume:
CONTACT ME
Phone: Please email
Email:
*-*************@**********.***
CERTIFICATIONS:
Scrum Master Certified (SMC)
AREAS OF KEY STRENGTH
Demonstrated over 10 years of (IT) security management, leadership, and mentoring in Government and private sectors.
Demonstrated over a decade of successful security auditing
Demonstrated successfully over a decade of audits related to FISMA, ISO 27001, NIST, HIPPA etc.
Demonstrated over a decade as a SME successfully completing various security compliance frameworks including ISO, NIST, HIPAA, FISMA etc.
Over 10 years successful developed security awareness and educational best practice articles, including industry trends, market analysis, and current security technologies.
Conduct audit interviews and request/collect required evidence.
Led and managed a team of 8-15 staff across technology, business, and design departments.
Have been promoted to Director Management level within a 12 month time frame.
Generated weekly, monthly, and quarterly reports on the road map of progress to VP and stakeholders.
Demonstrate the ability to work and manage both independently and within a global team settings
Cultivate a team culture/environment of continuous learning and improvement.
Able to gather, analyze, arrange and form data into story points that’s been used in making decisions.
Led security control assessments based on ISO 27001/NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev1, SOC 2, PCI DSS,
Successfully worked in fast paced, high change environments.
Administer metrics tracking and other means to aid a team in overall planning and team results
Security Tools:
Quality Assurance & Control
RACF/SAF
RACF core security principles (e.g. access control, least privilege, data integrity) and security capabilities
HP ArcSight
Tealeaf Technology CX Mobile
Dragon Malzilla
IBM Site Protector
Altiris; Encase
SIEM Event Management
Encase
Sophos
FireEye
Wireshark
IBM QRadar
Mandiant Information Collector
Vontu DLP
Security Firewalls
Nmap
NetWitness; Sourcefire (Cisco)
Splunk
Symantec; Sophos
RSA
Juniper
Security Technologies:
SSH; SSL; Digital Certificates; Anti-Virus Tools (Symantec, Sophos, McAfee, CA)
Other: TCP/IP; UDP; SSH, FTP; IPSEC; ICMP; RDP; DHCP; DNS; LAN/WAN; SMTP; HTTP(s); LDAP; POP3, Ethernet; Dell Servers; Red Hat Linux; ArcSight CS 1000 Connectors; C++; Visual Basic 6.0; HTML
EDUCATION
Bachelor of Science (B.S.), Computer Information Systems 2001 Strayer University; Washington, DC
Master (M.I.S.),
Management Info Systems Pending: Maryland University; College Park, D
Certified Information Systems Security Professional (CISSP)2021 - Present 100+ hours of CISSP classes taken; Certification - Pending
ASM Educational Center; Rockville, MD
FREELANCE:
Business Consultant for a start-up corp.
Security Compliance Auditor Consultant for a start-up company
INFORMATION ASSURANCE- ISO 27001, NIST 800, PCI DSS POLICY OFFICER -AUDITOR/ASSESSOR -CYBER SECURITY
PROFESSIONAL
Proficient and hard-working SME - Cyber Security Professional with over a decade of experience applying rigorous information security procedures, practices, and policies for Fortune 100 and 500 private and public sector clients. Seeking individual contributor or leadership opportunities supporting clients to deliver security and/or project management services or programs in a dynamic organization. Playing a critical role in shaping the way teams deliver solutions to protect organizations.
CORE COMPETENCIES
Over 10 years of (IT) security management and leadership in government and private sectors.
Demonstrated over a decade of audits related to FISMA, NIST, ISO 27001 and FISCAM, while also developing Systems Security Plans (SSP), Privacy Impact Assessments, and Contingency Plans.
Possess over 10 years of IT Security or Cyber Security experience in Incident Response, Email Security, Data Protection/Governance, Cyber-security threat detection, monitoring, and reporting, Cyber Intelligence and Threat Hunting, or Vulnerability Management
Demonstrated over10 years experience analyzing attack vectors, current threats, and security remediation strategies
10 + years generateed and managed incident response plans, SOPs, articles and project plans to improve and harden defense in depth security posture
Information on current industry strategies for assessing, executing, and scattering data innovation (IT) security evaluation, monitoring, location, and remediation instruments and systems using principles based ideas and abilities.
Information on online protection standards used to oversee take a chance with connected with the utilization, handling, stockpiling, and transmission of data or information.
10+ years in security awareness, security communications and technology communications.
Over 10 years developed and implemented required regulation documentation via Information Security policies/regulations, Compliance Risk Management, Risk Management Rules, Employee Backgrounds, disaster recovery (DR), business continuity(BCP), and HIPPA regulations per alignment with Internal Audit and Security controls.
Over 10 years successfully developed and implemented security policies, procedures, awareness and educational best practice documents/articles, including industry trends, market analysis and current security frameworks per ISO 27001/NIST 800-53, SOC 2, PCI DSS, translating complex requirements as actionable security measures
Performed forensic investigations of users’ activities, utilizing Encase, Malzilla, and other forensic tools
Program/project managed in In-depth knowledge of ISO 27001/NIST 800-53 and RMF methodologies for security controls and risk mitigation methodologies
Work with stakeholders to prepare maps for current and future projects
10+ years of experience in IT audit and/or compliance, with a concentration on leading multiple, simultaneous audit engagements for a Cloud Service Provider, encompassing multiple frameworks
Possess a strong understanding of the NIST Risk Management Framework
Observe and provide consistent, impact feedback for team Agile development
Demonstrated successfully over a decade of extensive knowledge of security practices, processes, and compliance programs within the federal/DC area.
Apply knowledge and comprehension of FISMA, NIST, and SOC-2 information security standard
Managed and monitored over 10 years using various security tools and devices such as Sophos, ArcSight, Site Protector,Fire Eye etc.
Provide weekly reporting of security incidents and events
Conduct regular risk assessments and provide recommendations for mitigating risks
Acting as a facilitator; responsible for facilitating Scrum ceremonies, including Sprint Planning, Day Scrums, Sprint Reviews, and Retrospectives.
Ability to work/manage both independently and within a global team environment
Information on the Security Assessment and Authorization process.
Access control (job based and optional), validation, approval, provisioning, endorsements, and work processes
Break down huge volumes of Mainframe stage security information related to outside information sources
Demonstrated over 10 years of monitoring security intake technologies for reports of security incidents
Information on data innovation (IT) security standards and techniques (e.g., firewalls, peaceful areas, encryption).
Information on network security engineering ideas including geography, conventions, parts, and standards (e.g., use of safeguard top to bottom).
Ability in knowing the assurance needs (i.e., security controls) of data frameworks and organizations.
Mentored and Trained staff for over 10 years via Incident Response, Security Control Assessor, Auditing, SIEM & variety security tools (ArcSight, Site protector, IBM QRadar, Splunk, Encase, Fire Eye, RACF etc.)
Information on significant regulations, approaches, methods, or administration connected with basic foundation.
Information on Risk Management Framework (RMF) necessities.
Information on digital protection and weakness evaluation devices, including open source instruments, and their abilities.
Information on known weaknesses from alarms, warnings, errata, and announcements.
Leading preparation for and/or managing assessment activities
Information on infiltration testing standards, instruments, and strategies.
overseen Identity Access Management (IAM) administrations, including account provisioning, deprovisioning and evaluating for a huge assortment of uses and frameworks
Comprehension of Mainframe Platform Access Security for RACF, DB2, IMS, and CICS facilitated stages
Create, monitored and maintain process documentation
Break down of huge volumes of Mainframe stage security information related to outside information sources
Performing Dynamic Directory and the client organization elements of a wide assortment of multi-client administrations applications.
Information in centralized computer mechanization programming dialects, for Resource Access Control Facility (RACF)
Information on framework and application security dangers and weaknesses (e.g., cradle flood, versatile code, cross-site.
PROFESSIONAL EXPERIENCE
ISO 27001, PCI DSS INFO RISK COMPLIANCE PROGRAM MANAGEMENT/AUDITOR
Aug 2022 - Present
AnalyticsIQ Inc. Consultant Atlanta, GA
Implement & lead ISO 27001 PCI DSS information security policies, procedures and work instruction per various department and stakeholders.
Serve as a ISO 27001 subject matter expert
Implemented robust controls for protecting cardholder data
Managed and conducted frequent risk assessments to identify prevent card transaction data
Successfully implemented strong access controls measures prevent access to cardholder information
Continuously monitored and tested networks to ensure the effectiveness of security controls
Managed and maintained information security policy that addressed PCI DSS requirements
Collaborated and manged meetings with control and process owners successfully to gather in depth information per controls and supporting evidence
Managed and contribute enhanced Cyber security compliance to ensure organization alignment with industry best practice and regulatory standards via ISO 2700, PCI DSS
Developing and implementing regulation documentation via Information Security regulations, Compliance Risk Management, Risk Management Rules, Disaster recovery (DR), Business continuity (BCP), and HIPPA regulations per alignment with Internal Audit and Security controls.
Prepare and guide client through the ISO 27001 certification process; which includes ISMS scoping, documentation development,policy and procedure development.
Obtain, review, and interpret organizational IT policies, standards, and procedures to identify control points that would assist in mitigating risk to the business.
Manged/oversee the project life-cycle, including planning, direction, coordination etc.
Working with compliance manager, leadership and HR to identify company’s security conditions that are required via preparation for ISO 27001 certification
Working with HR to ensure internal compliance with mandated requirements
Developed company’s first Incident Security Response Plan, policy and procedures per ISO 27001 compliance and requirements
Collaborating and communicate with other departments to ensure continuous secure operations and evidence are per required compliance ISO 27001/NIST 800-53
Demonstrating strong technical, analytical, interpersonal, communication and writing skills with technical and non technical Executives, Directors and other stakeholders
Developing security policies, procedures, awareness and educational best practice documents/articles, including industry trends, market analysis and current security technologies per ISO 27001/PCI DSS etc. Compliance
Successfully translating technical security concepts into clear, concise, understandable language via written and verbal communication.
Conduct regular security audits and scans to identify potential vulnerabilities and recommend remediation steps
Reviewing and updating security policies, standards, and procedures as needed
communicate project expectations to team members and stakeholders in a timely and clear fashion.
Developing and conducting from scratch ISO 27001 Policies, procedures, work instructions, via ISO required compliance for ISO 27001 auditing.
building certification road maps and preparation based on clients requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule.
Assist in development of management responses and tracks outstanding items to timely conclusion
Assist stakeholders and department managers in documenting, reporting and remediating Self-Identified Audit Issues, Operational Risk Events or other re-portable activities as appropriate.
Working with stakeholders to prepare maps for current and future projects
leading preparation for and/or managing assessment activities (ISO 27001, HIPAA, etc.) for assigned cloud services through assessment planning, assessment fieldwork, and final report delivery
Work with unit Operations Managers to identify, design, document and implement appropriate controls and process maps, as required per ISO 27001 compliance
coaching team members on continual improvement, growth mindset and maturing current Agile adoption.
Demonstrate strength in working in a high pace change environment.
SECURITY CONTROL ASSESSOR ANALYST PROGRAM MANAGEMENT/AUDITOR - CEO
Jan 2021 - August 2022
Consultant Washington DC/MD
Conducted comprehensive security risk assessments and managed vulnerabilities to protect federal government clients and their assets.
Planned and scoped asset-based assessments, developed communication materials, risk and control matrices, and scope documents to guide evaluations.
Performed detailed walk through with business partners to identify actual versus expected controls and established effective test strategies.
Documented all audit and assessment activities thoroughly to comply with internal and external standards, preparing final reports and presenting findings to leadership.
Identified and managed risks through regular inspections and security reviews while leading remediation efforts when issues were detected.
Developed security policies, procedures, and vulnerability management standards aligned with industry frameworks, such as ISO 27001 and NIST 800-53.
Created and delivered engaging security awareness programs and educational materials to ensure organization-wide understanding of best practices and emerging trends.
Simplified complex security concepts into clear, understandable language for diverse audiences, including non-technical stakeholders.
Leveraged SEO and data analytic s tools to support information gathering and analysis processes critical to thorough assessments.
Utilized content management systems like WordPress for documentation and communication purposes.
Collaborated effectively with cross-functional teams, stakeholders, and third parties to support audit programs and security initiatives.
Applied knowledge of federal regulations and industry standards such as FFIEC, GLBA, PCI DSS, and others to ensure compliance.
Demonstrated strong organizational, analytical, and communication skills while managing multiple projects and priorities.
SENIOR SECURITY CONTROL ASSESSOR ENGINEER LEAD
Nov 2017 – Dec 2018
Blue Canopy Group Washington, DC
Performed full scope security risk management processes for federal government clients
Led Contributed and lead Lessons Learned Meetings
security control assessments based on NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1
Executed and reported on results of IT Compliance assessments by industry best practices and established regulatory standards and requirements (e.g., NIST SP800- 53A, SP800-115, SOX)
Analyzed vulnerability scanning tool results such as those from Nessus, Qualy sGuard, & App Detective
Program/project Managed in In-depth knowledge of NIST 800-53 and RMF methodologies for security controls and risk mitigation methodologies
Developed Security Assessment Plans and Reports as well as Plan of Actions & Milestones (POA&M)
Coordinated with other stakeholders and teams to ensure secure development, deployment, and operations of IT systems
Routinely audited against security configuration checklists (e.g. DISA STIGs, CIS Benchmarks)
Obtain, review, and interpret the evidence provided to validate controls are performed effectively.
Reviewing and updating security policies, standards, and procedures as needed
Mentored junior to mid-level security staff on developing Security Assessment Reports, ERLs, CMPs, SSP, and CPs
Developed and implemented an effective legal compliance program
Proactive audited processes, practice, and documents to identify weaknesses
Educated and trained employees on regulations and industry practices
Drafted and revised company policies
Collaborated with external auditors and HR when needed
Addressing employee concerns or questions on legal compliance
Kept abreast of internal standards and business goals
Provided governance/hazard advice and assist for associates in an IT characteristic or aid delivery of a selected governance/threat place or service globally.
Ensured high-quality and compliance to data governance inside tasks and operations of IT characteristic / enterprise enterprise.
Reviewed and consistence survey insight with testing rehearses, strategy checks and best practices
Collaborated and communicated with other departments to ensure continuous secure operations
Analyzed threat effect on vital statistics property and practice hazard mitigation measures.
Supplied task or operational quality control offerings or provide safety and IT compliance assessments.
Supported the transport of worldwide information governance packages, e.G. Risk management procedures, records safety consciousness packages, facts type, garage & transmission hints, audit coordination and control, or development and preservation of the Information Management Policy Framework.
Continuously revealed and examined risks of these assets, identified potential troubles and support and track threat remediation sports based totally on agreed hazard mitigation answers.
Ensured all of the dangers/gaps/vulnerabilities are maintained in threat register.
Presented and lead Risk Committee meetings to publish the information and inspire advocacy in remediation activities and achieve Compliance state.
Developed & kept Operational metrics (dashboards/metrics)
SR. STRATEGIC SECURITY BUSINESS CONSULTANT
Jul 2016 – Nov 2017
Clear Vision Consulting LLC Laurel, MD
Managed contingency planning and developed Disaster Recovery and Crisis Management policies
Supported incident response activities including those to natural disasters for high profile Cyber attacks
Interfaced with partners and clients to develop organizational strategies, operational efficiencies, and proposals
Initiated an on-going future business plan for Information Security development
Resolved Cyber security issues when needed using strong and effective communication skills
Performed security risk analyses, resilience assessments, impact analyses, and fail-over automation activities
Developed security policies, procedures, awareness and educational best practice documents/articles, including industry trends, market analysis and current security technologies per ISO 27001/NIST 800-53 etc. Compliance
Provided guidance and insight throughout all service delivery organizational positions (directors, managers, product owners, team members)
Developed security policies, procedures, awareness and educational best practice documents/articles, including industry trends, market analysis and current security technologies per ISO 27001/NIST 800-53 etc. Compliance
Communicated strong technical, analytical, interpersonal, and writing skills with technical and non technical VP Executives, Directors and other business stakeholders
INTELLIGENCE SECURITY ANALYSIS PROGRAM MANAGEMENT CONSULTANT
10/2015- - 11/2015
U.S. Senate/White House Washington, DC
Prepared and presented a verbal PowerPoint-based slide tabletop presentation per facilitator guidance, training information, exercise ground rules and proposed objectives, scenario introductions and updates, discussion questions tied to scenario, and “hot wash” instructions.
Articulated, analyzed, and evaluated highly sensitive materials to present a high profiled presentation.
Communicated strong technical, analytical, interpersonal, and writing skills with technical and non technical VP Executives, Directors and other business stakeholders during Cyber Security presentation.
Successfully contributed to DOD agency being awarded contract for the White House via over 5 million revenue.
SENIOR CYBER SECURITY PROJECT MANAGEMENT CONSULTANT
Oct 2015 – July 2016
Hewlett-Packard (HP) Germantown, MD
Led technical security assessments and the delivery of technical solutions to federal government clients
Contributed and lead Lessons Learned Meetings
Verified and implemented detailed security design solutions as identified by the Project/Technical Manager
Led teams in the preparation of multiple security deliverable across multiple technologies
Demonstrated strong technical, analytical, interpersonal, communication and writing skills with technical and non technical Executives, Directors and other stakeholders
Reviewed and updated security policies, standards, and procedures (SOP's) as needed
Conduct regular risk assessments and provide recommendations for mitigating risks
Executed net flows, packet flows, and event logs per QRadar as necessary
Reviewed security processes and identified opportunities for improvements (e.g. change management, etc.)
Conducted research, analyze, and report on current threats and vulnerabilities from emerging security issues.
Worked with Product Owner’s to support and accomplish short/long term release planning, and to keep work backlog prepared for execution.
Served as SME role on projects
overseen Identity Access Management (IAM) administrations, including account, provisioned, deprovisioned, and evaluating for a huge assortment of uses and frameworks
Provided qualitative and quantitative information for new security deals/sales
Presented to clients, as part of HP sales campaigns, often putting forward security domain-specific information
creation Managed, monitored and kept up with user’s frameworks security setup, security grid, information reviewed and arrival of new user’s
Changed security arrangement inside Workday and People innovation as relegated. Audit/carry out
colleagues to instruct, decipher the security prerequisites, and perform setup inside
the framework. Keeps up with tasks for job based and client based security jobs for all partners
Executed and Manged well-being checks and guarantee information respectability security of the information
also, report composing. Upholds inhabitant the executives. This is a specialized job that has information in
security mechanization, framework security, secure application, consistence, and occurrence reaction
the board. This job will accomplice and follow IT consistence, change control warning board, and
SENIOR SECURITY ANALYST CONSULTANT/LEAD/ PROJECT MGMT.
Apr 2014 – Aug 2015
U.S. Patent & Trademark Office Alexandria, VA
Provided security support within a 24/7/365 Network & Security Operations Center (NOC/SOC) environment
Mentored, trained and lead team of 8-10 staff and performed evaluation
Led security team’s strategic planning to improve security incident response SLAs for client
Maintained an inventory of all IT assets and ensured compliance with security policies
Successfully translated technical security concepts into clear, concise, understandable language via written and verbal communication.
Created weekly reports for management, summarizing security events/incidents and any actions and/or remediation process that have taken place
Monitored the network for potential security threats and respond to alerts
Maintained the integrity and security of enterprise-wide systems and networks
Performed ad-hoc vulnerability scans as well as penetration testing of existing production network components
Reviewed vulnerability management processes, suggested applicable change controls and security exceptions
Compiled and communicated security threats gathered through research and analysis of potential customer impacts
Developed and implemented vulnerability management processes and procedures
Recommended & made continuous improvements to the overall Cyber Security Operations processes and architecture
Investigate, analyze, and respond to security incidents and breaches
Executed deep dive forensics via system log reviews using multiple security tools, including QRadar and Fire Eye
Generate and modified incident response plans, SOP's, and project plans to improve and harden defense in depth security posture
Audit and compliance review experience with testing practices, policy checks and best practices
Contributed and lead Lessons Learned Meetings
Supported various additional endeavors which included authoring responses to RFPs and RFIs as requested
Managed the implementation of incident response plans to ensure PTO systems met NIST 800 - 53 audit standards
Conducted risk management planning to identify and mitigate the impact of threats to PTO technology assets
NETWORK SECURITY INCIDENT RESPONSE SPECIALIST/SUPERVISOR
Nov 2013 – Mar 2014
SAIC Contractor for PBGC Washington, DC
Managed the implementation of incident response plans to ensure PBGC’s systems met NIST audit standards
Routinely recommended information assurance solutions to support customer’s requirements
Led security team’s strategic planning to improve security incident response SLAs for customer
Managed the implementation of Splunk according to PBGC’s Information Technology standards and guidelines
Maintained reporting metrics and mechanisms used to execute and measure SOC activities
Conducted risk management planning to identify and mitigate the impact of threats to PBGC’s technology assets
SECURITY START-UP BUSINESS CONSULTANT - PROGRAM MANAGEMENT
Feb 2013 – Nov 2013
Clear Vision Consulting LLC Laurel, MD
Successfully oversaw the strategy development and distribution of a start-up security consulting firm
Interfaced with partners and large clients to develop and maintain security organizational strategies, operational efficiencies, and proposals for increasing security efficiency and improving profitability
Oversee and assisted the strategic management and operational oversight of the company's Global Business Development and Operations in order to provide streamlined operations, reduced operating costs, and greater profitability.
Initiated an on-going future business plan per Information Security development, in both institutional and strategic financing during difficult economic conditions.
SR. SME INCIDENT RESPONSE REMEDIATION SECURITY SPECIALIST/LEAD
Dec 2010 – Jan 2013
Social Security Administration Baltimore, MD
Coordinated incident response activities with monitoring groups and responded to security alerts as needed
Conducted analysis on Cyber security alerts in both On-Premises and Cloud environments
Contributed and lead Lessons Learned Meetings
Produced detailed incident reports and provided security recommendations
Reported and resolved recent security failures and trends to management and other impacted team members
Managed and the created adoption of new standards and procedures
Provided remediation recommendations for recovery and prevention to site network administrators
Identified deficiencies in processes and tools, recommended security controls and corrective actions to mitigate technical and business risks
Executed various malware remediation tools; performed on-going scans for threats and vulnerabilities
Collaborated with 3rd party vendors to assess solutions while identifying any security challenges
Performed forensic investigations of users’ activities, utilizing Encase, Malzilla, and other forensic tools
Validated alerting protocols from a variety of monitoring technologies, to include Intrusion Detection Sensors
Demonstrated the development and structure of Server Log Management team from scratch (Server Microsoft 2003 & 2008)
Writing inside and out reports, upholds with peer surveys and gives quality affirmation audits to junior faculty
Supporting Forensic Analysis and tutoring/giving direction to others on information assortment, investigation, and revealing in help nearby commitment
Arranging, organizing, and coordinating the stock, assessment, and thorough specialized investigation of PC related proof
Refining logical discoveries into leader rundowns and inside and out specialized reports
SECURITY SERVER LOG PROGRAM MANAGER (SOC)
May 2009 – Aug 2010
Northrop Grumman Columbia, MD/ Linthicum, MD
Demonstrated the development and structure of Server Log Management team from scratch (Server Microsoft 2003 & 2008)
Developed and implemented incident response policies and procedures
Mentored, Trained and lead team and Server Log Management issues and resolution
Worked hand & hand with customer and Management to ensure all requests are being met per customer to resolve any Security Log issues
Implemented cross function teams to address operational, strategic, & security challenges
Served as a leader for publishing strategic intellectual capital and development of formal frameworks and methodologies
Demonstrated strong l writing and presentation skills for customer/clients per Cyber Security enhancement and new policies
Approached customer requirements, leveraging existing
Contact this candidate