As information Security Analyst my responsibilities are to work on Vulnerability Management and Risk Assessments for Customer. I develop and implement the solutions for Risk Assessments (Vendor Compliance, Internal Controls Security, PCI) using RSAM GRC software.
- INFORMATION SECURITY ANALYST, TCS at Vendor Compliance, Internal Controls Security, PCI
- SYSTEM ADMINISTRATOR at
- APPLICATION SECURITY TESTER at
- TRAINEE, TCS at
4 years, 5 months at this Job
Information Security Analyst Novant Health 09/2017 - Present Charlotte Medium-sized company focused on patient care Achievements/Tasks Scanned machines with Qualys and automated the scanning processes and procedures Analyzed events in ArcSight and promoted anomalies to level 2 security analysts Created BASH scripts to organize large datasets Ran phishing campaigns to educate users on the importance of cyber security Contact: Ed Russell - Available upon request
- Information Security Analyst at Novant Health
1 year, 4 months at this Job
- - Computer Science
- - Computers & Their Impact
* Assist in documenting the Vulnerability Remediation Tracking process and work collaboratively with the consultants of Service-Now, in-house cyber security and IT infrastructure teams as the designated subject-matter expert (SME) on the implementation of the automation project. * Created RACI, process documentation and workflows * Work closely with Stakeholders on managing and tracking projects * Facilitator of weekly and monthly meetings, take meeting notes, provide status reports * Assisted in developing project plans, assigned duties, executed, controlled and achieved on time implementation of Vulnerability and IT VR systems projects * Trained the new Information Security Analyst by writing Standard Operating Procedures (SOP) and providing mentorship until proficient skills were obtained. * Received a First American (FA) Recognition Award for my hard work and efforts, while taking a training course, working on multiple projects, providing continuous mentoring and project expertise. * Maintained internal and external communications efforts to ensure audit deadlines were met and effectively completed by confirming accurate documentation were produced and recorded for audit resolutions. * Updated Information Technology General Controls (ITGC) narratives with IT Compliance Team by organizing meetings with response owners to complete audit requirements. * IT Lender Requests - Coordinated IT Lender Audit meetings for IT Compliance and clients (which include most of the top 20 lenders and all of the top 5 banks). * Generated successful results for Client requested Corporate IT lender assessments. Recipient of positive feedback from client assessors on my skilled resolutions to audit requests.
- Information Security Analyst at FIRST AMERICAN
- Project Coordinator at COAST SIGN, INC
- Procurement Specialist at MERCURY INSURANCE GROUP
4 years, 3 months at this Job
- Bachelor of Science in Information Technology - Project Management
As an Information Security Analyst I create, modify, and delete accounts in Microsoft Active Directory Users and Computers Console based on tickets opened for new employees to the firm after approvals are met. Manage Inter and Cross Domain Accounts Migration in Active Directory for my team while coordinating with several teams to ensure that the migrations are done without any errors and within he Service Level Agreement. Process entitlements request by users to company resources with ResolveIT tickets, making sure users is not over entitled and all approvals have been provided. As part of the Active Directory Team for CITI I learned to work interdependently and as a Team member while working on Projects for the Business. either Calling the a single user or getting involve the correct groups that will help me resolve the issue. While working these project I would run Powershell scripts to add and remove hundreds users from groups that did not need access anymore. If need be I'm willing to learn new tools. I'm in charge of the training of the new Active Directory employees, I make sure that my new coworkers are set up with the correct entitlements before they are able to work. Ensured that tickets assigned to me do not go past SLA, this way meeting CSS GIDA Metrics.
- Information Security Analyst at CITI\CCS GIDA
- Help Desk Support at USAA
- Help Desk Support at IBM
2 years, 4 months at this Job
- Associate of Applied Science degree - Computer Networking Systems Technology
Served as a Senior Information Security Analyst in charge of building the entire Cyber Threat Intelligence program for the enterprise from the ground up. As the leader of the threat intelligence program my duties consisted of collaborating across multiple lines of business, proposing and purchasing a threat intelligence platform tool to senior leadership, while coordinating integrations for that tool. Additional duties of leading the threat intelligence program consisted of categorizing APT actors, stopping advanced phishing campaigns, and providing real quantitative ROI metrics with automation to demonstrate cost avoidance to senior leadership. While building the threat intelligence program I also served as a technical SME to the organizations data encryption initiative as well as serving a integral role in the organizations HiTRUST certification effort to comply with multiple regulatory bodies such as HIPAA, PCI, and other compliance regulatory guidelines. Worked closely with the Chief Privacy officer and Legal Team to ensure the threat intelligence program complied with relevant laws, regulations and policies to minimize risk and audit findings. I also managed internal fraud intelligence gathering to track and contain insider threats and used a variety of different data sources to provide usable intelligence to IT teams regarding vulnerabilities and active threats against the organization in hopes to manipulate criticality of remediation plans.
- Information Security Analyst, Sr at Wellcare Health Plans - Tampa
- Cyber Security Analyst at Digital Hands
- Computer System's Engineer at Vigilant Services Corporation
- Lead Communication Technician at TanMar Companies, LLC
1 year, 6 months at this Job
- Associate of Applied Science - Network Security
- Associate of Applied Science - Software Programming
Associate Information Security Analyst University of California, Los Angeles (UCLA) Correlated logs from 5 sources to SIEM; created and analyzed dashboards to monitor and alert on anomalies in log data Identified scope and conducted risk assessments, compliance audits, and gap analyses Developing Information Security Consultant Tevora TORY SINGER IN FORMATION S ECU RITY AN ALY S T Run and interpret vulnerability scans of 1.5m campus IP range Successfully identify false positives and parse/analyze 1k row report Triage and track 25k remediations through email/ticketing system Create unique web scraping script to validate 30k web exploits PROFESSIONAL PROJECTS Technical Lead UCLA Vulnerability Management Develop and present 50+ step waterfall deployment plan to 20 IT executives for internal approval Develop and document campus password policies and procedures. Deliver product features, access, and NIST based FAQ to 100k faculty, students, and staff via high traffic consumer facing websites Advise department enterprise rollout and provide ongoing support UCLA Password Manager Contact [email protected] (661) 993-0912
- Information Security Analyst at IT Services - UCLA
1 year at this Job
- Bachelor's - Philosophy
- BS - Applied Mathematics
Responsibilities including Pre-Sales & Technical consultancy, Presentations and POCs, Assessment, Designing and Deployment of Multiple Security Products. Kaspersky Lab Rapid7 Forcepoint Endpoint Security Nexpose Vulnerability Assessment Data Loss Prevention Security for servers Metasploit (Automated Penetration testing) Security for Exchange Consultancy Security for SharePoint Avecto ISO 27001 Gap Analysis Secure mail gateway Defendpoint PAM ISO 27002 Control Framework Encryption Risk Assessment Patch Management IBM Security IT Governance / ITSM Mobile Device Management SIEM - foundation level
- Information Security Analyst at Trillium Information Security Systems
- Network Engineer at Geo Entertainment Television (Pvt) Ltd
- Resident Engineer (Systems) at IBL-Unisys Private Ltd
- Management Trainee Officer (Solutions) at DWP Technologies Private Ltd
2 years, 3 months at this Job
- Masters - Computer Science
- High school
- High school
- Associate - Commerce
• Act as Information Security Analyst on GSA Cybersecurity, Information Assurance and Privacy (CIAP) team on the following initiatives: ◦ Providing support to the GSA Risk Management and Analysis Support Services (RMASS) Team in ensuring all GSA Office of Integrated Technology Services systems are compliant with all NIST 800-53 Series Special Publications ◦ Development of the GSA Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) for Penetration Testing, Incident Response, Cyber Hunt, and Risk and Vulnerability Assessment services ◦ Development of IT Schedule 70 SIN for Cybersecurity products and services ◦ Development of Supply Chain Risk Management (SCRM) strategy for IT Schedule 70 vendors ◦ Development of government wide IT Security Hallway where agencies can find information regarding all available IT Security vehicles throughout the Federal Government ◦ Development of lessons learned document for IaaS BPA offered by GSA Information Technology Services (ITS) Security Services Division (SSD) ◦ Providing Federal agencies that are not TIC (Trusted Internet Connection) Compliant with options to protect themselves from DDoS attacks using GSA products and services. ◦ Development of a proposal for a GSA service which would assist agencies in becoming compliant with HSPD-12 and utilizing PIV for logical access. ◦ Performing analysis of acquisition language for the inclusion of information security requirements and provide recommendations on updates and additions. ◦ Development of a process for engaging with GSA customers and deliverables from such engagements including reports and communications forums discussing results. ◦ Attendance in multiple engagements with GSA Customers and Vendors. ◦ Development of CIAP quarterly Newsletter. ◦ Development of a sample updated GSA Cybersecurity Website. ◦ Performance of Security History Audit Report Program (SHARP) reviews on various Federal agencies. ◦ Development of CIAP Chatter submissions. ◦ Work with GSA CIAP team on many internal tasks including working on GSA SAPI's, GSA's Category Management Initiative, and the CIAP Business Case document. ◦ Attendance in multiple meetings on a weekly basis including SSD meetings and CIAP Collaboration meetings.
• Security Analyst supporting the review of System Security Plans for a Cloud Infrastructure vendor going through the FedRAMP authorization process; experienced with FedRAMP security controls and related requirements, and the application of FedRAMP requirements to a cloud Infrastructure-as-a-Service (IaaS); conduct in-depth analysis of SSP to identity missing or incorrect information and provide guidance to system owner for correction of deficiencies.
• Security Analyst conducing Security Control Assessment of an EPA Integrated Compliance Information System (ICIS) using the NIST SP 800-53A security controls.
• Security Analyst supporting multiple NGA system owners in developing a System Boundary Determination Document, System Security Categorization Document, and System Security Plan.
• Performed Security Control Assessments (SCA) on multiple Major Applications within the National Gallery of Art including development of the Security Assessment Report, Risk Assessment Report, and Plan of Actions and Milestones
• Experience with the latest revisions of all NIST documents related to Certification and Accreditation including NIST SP 800-53, 800-53a, 800-37, 800-30, 800-18, 800-60, 800-137 and FIPS 199, FIPS 200
• Information Security Analyst conducting multiple Personal Identity Verification (PIV) Facility assessments for the National Aeronautics and Space Administration (NASA). These assessments checked compliance with requirements from FIPS 201 and related standards; the assessment was performed using the NIST SP 800-79-1 guideline. Created PIV Assessment Reports for NASA and developed NASA's Corrective Action Plan (CAP) for all findings discovered during assessments
• Reviewed Privacy Impact Assessments for accuracy and completeness for all systems under the various Operation Divisions of Health and Human Services
• Reviewed Federal Aviation Administration (FAA) Office of Security and Hazardous Materials Safety (ASH) level policies and interviewed ASH managers and engineers to develop procedures for the ASH program
• Wrote ASH level procedures to cover the various programs under ASH
• Interviewed ASH AIN-500 staff and developed the Program Objectives and Vision document
• Performed Independent Verification and Validation (IV&V) of Certification and Accreditation assessments for the United States Patent and Trade Office (USPTO) and the U.S. Environmental Protection Agency (EPA)
• Accessed the Cyber Security Assessment and Management (CSAM) system to ensure that POA&M's were created for each deficient control, and that milestones were up to date
• Performed a FISMA based Gap Analysis of the General Support System (GSS) at the Congressional Budget Office (CBO)
• Prepared the Gap Analysis report with recommendations for change to get the system ready for a full Certification and Accreditation (C&A) effort
• Performed Security Test and Evaluation (ST&E) on a General Support System at the EPA
• Analyzed Nessus and WebInspect vulnerability scans and prepared risk reports
• Conducted Annual Assessment project with the FAA
• Conducted interviews with System Owners, Business Owners and other essential personnel
• Assessed security of FAA systems and made recommendations accordingly by: ◦ Performing risk assessments ◦ Assessing information security policies and procedures ◦ Conducting an assessment of threats, including their likelihood and impact ◦ Evaluating how well security policies are working ◦ Compiling an inventory of software and hardware assets ◦ Conducting an evaluation of access, physical, and other security controls ◦ Testing procedures for reporting and responding to security incidents ◦ Assessing processes for addressing any deficiencies reported ◦ Assessing contingency plans to ensure continuity of operations
• Created and updated many documents for the Certification and Accreditation (C&A) process including: ◦ Information System Security Plan ◦ System Characterization with System Boundaries Noted ◦ Executive Summary ◦ Self Assessment ◦ Contingency Plan and Results ◦ Privacy Threshold Analysis ◦ Privacy Impact Assessment
• Performed quality assurance on all documents for the C&A process
• Researched and created a summary document on Security Content Automation Protocol (SCAP)
• Conducted demonstrations on ThreatGuard Secutor Prime and QualysGuard SCAP validated tools
• Researched and created MS PowerPoint tutorials on several security topics: ◦ FIPS 199 process ◦ Routers, Switches and Hubs ◦ Firewalls ◦ Privacy requirements within the Federal government
• Prepared multiple systems to be used for scanning tasks
- Information Security Analyst at Electrosoft Services, Inc
- Assistant Manager at AT&T
9 years, 10 months at this Job
- B.S. - Security and Network Administration
• Develop, review and update Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance with NIST, FISMA, OMB, NIST SP 800-18 and industry best security practices.
• Develop and update System Security Plan (SSP), Privacy Impact Analysis (PIA), System Security Test and Evaluation (ST&E) and the Plan Of Actions and Milestones (POA&M)
• Designate systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60
• Developed policy and procedural controls relating to Management, Operational and Technical Controls for the Organization.
• Conduct Security Control Assessment on General Support Systems (GSS), Major Applications and Systems to ensure that such Information Systems are operating within strong security posture.
• Update IT security policies, procedures, standards, and guidelines according to department and federal requirements.
• Reviewed and updated some of the system categorization using FIPS 199.
• Carried continuous monitoring after authorization (ATO) to ensure continuous compliance with the security requirements.
• Put together Authorization Packages (SSP, POA&M and SAR) for Information systems to the Authorization Officer.
• Develop Security Assessment Plan (SAP) to initiate Security Assessment for low, moderate and high control information systems.
- Information Security Analyst at Foreground Security
- System Analyst at Verizon Wireless
- Helpdesk Support at 9-Solution inc
4 years, 4 months at this Job
- Masters - Business Administration
- BS - Marketing
Rolling Meadows, IL Leading provider of accounts receivable management solutions for government and private education partners. Information Security Analyst (temporary position) 10/2018 - 12/2018 - Review and update policies and procedures documentation - Verify approved applications with currently installed applications - Assist information security team with daily duties and projects
- Information Security Analyst at Ceannate Corp
- Borrower Services Clerk at US Dept. of Ed
- Default Resolution Specialist at Collection services on the US Department of Education
- Sales and Leasing Associate at Grossinger Chevrolet
2 months at this Job