Cybersecurity Compliance & SOC Analyst

ELEXSIS MCROY

Hampton, USA ***** 609-***-**** *.*.*****@*****.***

SUMMARY

Cybersecurity Analyst with a strong focus on aligning security architecture, policies, and operational processes with regulatory requirements, industry security frameworks, and organizational business objectives. Experienced in security compliance and IT governance, including the development, implementation, and testing of controls aligned to NIST-based frameworks. Proven background supporting SOC threat hunting, incident response activities, audit readiness, and risk remediation efforts through structured documentation and ensuring systems maintain a strong security posture.

EDUCATION

Master of Science: Cybersecurity 05/2018

Norfolk State University - Norfolk, VA

Bachelor of Arts: Sociology/Criminal Justice 05/2014

Norfolk State University - Norfolk, VA

CERTIFICATIONS & CLEARANCE

CompTIA Security+ (Active)

Eligible for Secret Clearance / MBI-T2 Public Trust

CORE COMPETENCIES

Cyber Compliance

Vulnerability Management

Risk Assessment

Splunk SIEM

ServiceNow and GRC

Threat Hunting

Security Engineering

Nessus

SCAP Compliance Checker

NIST SPs 800- 53, 60, and 171

RMF Life Cycle

POAM Management

Incident Response

Work History

Criminal IT Intelligence Analyst II 09/2023 - Current

Virginia Beach Police Department – Virginia Beach, VA

Support law-enforcement-style investigations by correlating technical findings with user activity timelines.

Monitor and analyze security alerts, system logs, and network traffic to identify potential cyber threats, intrusions, and policy violations.

Supported incident response activities including detection, containment, eradication, and recovery for security events.

Implement user and access management, create security policies for web access, firewall rules through ZScaler.

Apply zero trust framework while tracking investigating alerts across multiple domains involving but not limited to ransomware, malware, and phishing.

Assist with cyber investigations by analyzing compromised systems, user activity, and digital artifacts while maintaining evidentiary integrity.

Document incidents and findings in clear, non-technical reports suitable for leadership and investigative review.

Conduct vulnerability assessments and supported remediation efforts to reduce organizational risk.

Worked within NIST-aligned security frameworks to ensure compliance with government cybersecurity standards.

Support investigations involving unauthorized access, insider threats, and data misuse.

Ensure proper handling of digital evidence in accordance with chain-of-custody principles.

Assist leadership with risk assessments related to sensitive data, criminal justice information, and internal systems.

Senior IT Compliance Analyst 04/2022 - 09/2023

Innovative Emergency Management – Newport News, VA

Conducted enterprise cyber risk assessments and policy compliance audits aligned with NIST Cybersecurity Framework (CSF), ISO/IEC 27001, and DHS/FEMA cybersecurity guidance, identifying control gaps, systemic risk trends, and compliance deficiencies across people, processes, and technology.

Led vulnerability management and risk prioritization initiatives, correlating technical findings to mission-critical business processes, data sensitivity, and operational impact.

Developed POAMS for risk compliance and tracking to ensure controls are implemented and validated by 180 days.

Created Access Control Matrix, Asset Inventories, and system compliance artifacts and deliverables.

Advised engineering, infrastructure, and operations teams on Zero Trust security principles, including identity-centric access control, least-privilege enforcement, and compliance-driven network segmentation aligned with government security expectations.

Supported ServiceNow GRC and security operations workflows, tracking incidents, access reviews, audit findings, and remediation milestones to ensure traceability, accountability, and continuous monitoring.

Delivered technical and compliance-focused training to staff and stakeholders, strengthening awareness of secure data handling, cloud access

Governance and regulatory responsibilities in public-sector and regulated environments.

Cybersecurity Analyst 01/2019 - 01/2024

Baxter Clewis – Dallas, TX

Performed cyber risk and compliance activities aligned with NIST SP 800-53, supporting government and public-sector information systems.

Conducted security control assessments (SCAs) to validate the implementation, effectiveness, and documentation of administrative, technical, and operational controls.

Assisted with risk assessments by identifying threats, vulnerabilities, likelihood, and impact to systems handling sensitive and law-enforcement-related data.

Reviewed and validated system security documentation including System Security Plans (SSPs), policies, procedures, and control evidence.

Supported continuous monitoring activities, including control tracking, deficiency identification, and remediation validation.

Developed and maintained Plans of Action & Milestones (POA&Ms) to document control gaps, remediation strategies, and risk acceptance decisions.

Evaluated access control, audit logging, incident response, system integrity, and configuration management controls for compliance with federal and state requirements.

Collaborated with IT, security operations, and leadership to translate technical findings into risk-based recommendations.

Assisted with audit preparation and responses by collecting, reviewing, and organizing evidence for internal and external assessors.

Produced clear, defensible documentation suitable for management review, audits, and potential legal scrutiny.

Case Manager 10/2019 - 04/2022

Marage Homes, LLC – Norfolk, VA

Conducted behavioral and digital risk assessments for high-risk cases, identifying early warning indicators through data correlation, trend analysis, and structured risk methodologies.

Administered secure case management systems, enforcing role-based access controls and data handling procedures in accordance with HIPAA and applicable state and federal privacy regulations.

Partnered with IT, legal, and compliance stakeholders to establish incident documentation, escalation, and mitigation procedures supporting data protection, audit readiness, and regulatory compliance.

#HRJ#aae90b55-9b01-48de-b349-f03886782f9c#

Contact this candidate