Summary
Overview
Work History
Skills
Certification
Timeline
Generic

Aaron Hines

Shreveport,LA

Summary

Reliable GRC Professional working with Risk Management Framework (RMF) HIPPA & PCI-DSS Security Policies for mission essential systems. IT professional bringing 6 years of experience in GRC and Cybersecurity. Top- Secret/SCI Security Clearance.

Overview

7
7
years of professional experience
1
1
Certification

Work History

IT Risk Analyst

Deluxe
05.2024 - Current
  • Managing multiple SAQ-A & SAQ-D assessments for PCI compliance.
  • Gathering and testing evidence provided like rapid 7 scans, network diagrams and user access logs etc..
  • Collaborated with stakeholders to develop strategic plans for managing emerging technology risks effectively.
  • Staying updated with PCI governance framework regularly to address evolving organizational needs and industry best practices effectively.

INFORMATION SYSTEM SECURITY OFFICER/ISSO

Defense Health Agency, DHA
01.2023 - Current
  • Served as a principal advisor on all matters, technical and otherwise, involving security of multiple information systems
  • Maintain, and updates Program Action and Milestones (POA&M) documents necessary through eMASS for tracking IS security requirements to achieve and maintain system ATO
  • Monitor systems and its environment of operation to include developing and updating the System Security Plan (SSP)
  • Managing and controlling changes to systems, and assessing security impact of those changes following NIST, HIPPA and RMF standards
  • Conduct security auditing and cybersecurity incident response
  • Aided with NIST 800-37 Risk Management, FISMA and NIST 800-53 security control compliance.

Information Systems Security Officer / ISSO

Telos Corporation
02.2022 - 01.2023
  • Experienced with NIST 800 series special publications, specifically RMF and NIST security controls (SP 800-37, SP 800-53)
  • Experienced with supporting system Authority to Operate (ATO) processes, eMASS, control implementation details, and POAMs
  • Maintained and tracked tickets for NIPR and SIPR in BMC Remedy ServiceNow (ITSM).
  • Implemented software patches and security fixes to vulnerabilities found by ACAS (Tenable) .

Cybersecurity Analyst

XTO Energy
02.2021 - 02.2022
  • Maintained security through Vulnerability scans continual monitoring and going through phishing emails security alerts
  • Used Qualys to Monitor and protect over 300 user's devices against potential attacks
  • Through User Access Reviews (UAR) Audited Active Directory 300 user and workstation accounts.
  • Used Qualys to conduct Vulnerability scans
  • Review and evaluate clients' documentation, policies, and procedures to ensure compliance with SOX.

Cybersecurity Analyst

American Electric Power
01.2020 - 02.2021
  • Assisted with continuous cyber monitoring of security controls
  • Responsible for interpretation of Tenable vulnerability scans to assist in improving security posture.
  • Facilitated best user experience through continuous support, training classes, improvements, and communication of system changes
  • Assisted in the completion of various framework (PCI-DSS & RMF) risk assessments and compliance reviews.
  • We used CIS benchmarks to ensure our systems & network equipment were secure.

INFORMATION SYSTEM SECURITY OFFICER/ISSO

Barksdale Air Force Base
01.2019 - 02.2020
  • Using ACAS I conducted vulnerability scans to identify vulnerabilities
  • Reviewed violations of computer security procedures and developed mitigation plans
  • Able to interpret IBM BigFix and Nessus results
  • Works closely with infrastructure staff and departmental decision makers to identify, recommend technology solutions for over 1000 customers
  • Primary point of contact for Plan of Action and Milestones (POA&M) findings
  • Tasked with updating data within RCA
  • Archer Integrated Risk Management system
  • Aided new employees in onboarding
  • Aided with NIST 800-37 Risk Management, FISMA and NIST 800-53 security control compliance.

System Administrator

Eldorado Resorts, Inc
12.2017 - 01.2019
  • Used McAfee endpoint encryption to monitor and manage any potential threats
  • Ensured CDE was compliant with PCI-DSS framework
  • Managed and monitored assets given to customers
  • Used Active Directory to manage and deploy Group policies and manage OU's
  • Identified computer hardware and network system issues, performing troubleshooting techniques for remediation.

Skills

  • Risk Management
  • SOX
  • PCI-DSS
  • NIST Security Standards
  • HIPPA
  • EMASS
  • Tenable Nessus
  • Splunk

Certification

  • CISA - Certified Information Systems Auditor
  • CCNA - Certified CISCO Network Associate
  • CASP - Comptia Advance Security Practitioner
  • Security+ - Comptia Security+
  • Linux+ - Comptia Linux+
  • MCSA- Microsoft Server 2016

Timeline

IT Risk Analyst

Deluxe
05.2024 - Current

INFORMATION SYSTEM SECURITY OFFICER/ISSO

Defense Health Agency, DHA
01.2023 - Current

Information Systems Security Officer / ISSO

Telos Corporation
02.2022 - 01.2023

Cybersecurity Analyst

XTO Energy
02.2021 - 02.2022

Cybersecurity Analyst

American Electric Power
01.2020 - 02.2021

INFORMATION SYSTEM SECURITY OFFICER/ISSO

Barksdale Air Force Base
01.2019 - 02.2020

System Administrator

Eldorado Resorts, Inc
12.2017 - 01.2019
  • CISA - Certified Information Systems Auditor
  • CCNA - Certified CISCO Network Associate
  • CASP - Comptia Advance Security Practitioner
  • Security+ - Comptia Security+
  • Linux+ - Comptia Linux+
  • MCSA- Microsoft Server 2016
Aaron Hines