Reliable GRC Professional working with Risk Management Framework (RMF) HIPPA & PCI-DSS Security Policies for mission essential systems. IT professional bringing 6 years of experience in GRC and Cybersecurity. Top- Secret/SCI Security Clearance.
Overview
7
7
years of professional experience
1
1
Certification
Work History
IT Risk Analyst
Deluxe
05.2024 - Current
Managing multiple SAQ-A & SAQ-D assessments for PCI compliance.
Gathering and testing evidence provided like rapid 7 scans, network diagrams and user access logs etc..
Collaborated with stakeholders to develop strategic plans for managing emerging technology risks effectively.
Staying updated with PCI governance framework regularly to address evolving organizational needs and industry best practices effectively.
INFORMATION SYSTEM SECURITY OFFICER/ISSO
Defense Health Agency, DHA
01.2023 - Current
Served as a principal advisor on all matters, technical and otherwise, involving security of multiple information systems
Maintain, and updates Program Action and Milestones (POA&M) documents necessary through eMASS for tracking IS security requirements to achieve and maintain system ATO
Monitor systems and its environment of operation to include developing and updating the System Security Plan (SSP)
Managing and controlling changes to systems, and assessing security impact of those changes following NIST, HIPPA and RMF standards
Conduct security auditing and cybersecurity incident response
Aided with NIST 800-37 Risk Management, FISMA and NIST 800-53 security control compliance.
Information Systems Security Officer / ISSO
Telos Corporation
02.2022 - 01.2023
Experienced with NIST 800 series special publications, specifically RMF and NIST security controls (SP 800-37, SP 800-53)
Experienced with supporting system Authority to Operate (ATO) processes, eMASS, control implementation details, and POAMs
Maintained and tracked tickets for NIPR and SIPR in BMC Remedy ServiceNow (ITSM).
Implemented software patches and security fixes to vulnerabilities found by ACAS (Tenable) .
Cybersecurity Analyst
XTO Energy
02.2021 - 02.2022
Maintained security through Vulnerability scans continual monitoring and going through phishing emails security alerts
Used Qualys to Monitor and protect over 300 user's devices against potential attacks
Through User Access Reviews (UAR) Audited Active Directory 300 user and workstation accounts.
Used Qualys to conduct Vulnerability scans
Review and evaluate clients' documentation, policies, and procedures to ensure compliance with SOX.
Cybersecurity Analyst
American Electric Power
01.2020 - 02.2021
Assisted with continuous cyber monitoring of security controls
Responsible for interpretation of Tenable vulnerability scans to assist in improving security posture.
Facilitated best user experience through continuous support, training classes, improvements, and communication of system changes
Assisted in the completion of various framework (PCI-DSS & RMF) risk assessments and compliance reviews.
We used CIS benchmarks to ensure our systems & network equipment were secure.
INFORMATION SYSTEM SECURITY OFFICER/ISSO
Barksdale Air Force Base
01.2019 - 02.2020
Using ACAS I conducted vulnerability scans to identify vulnerabilities
Reviewed violations of computer security procedures and developed mitigation plans
Able to interpret IBM BigFix and Nessus results
Works closely with infrastructure staff and departmental decision makers to identify, recommend technology solutions for over 1000 customers
Primary point of contact for Plan of Action and Milestones (POA&M) findings
Tasked with updating data within RCA
Archer Integrated Risk Management system
Aided new employees in onboarding
Aided with NIST 800-37 Risk Management, FISMA and NIST 800-53 security control compliance.
System Administrator
Eldorado Resorts, Inc
12.2017 - 01.2019
Used McAfee endpoint encryption to monitor and manage any potential threats
Ensured CDE was compliant with PCI-DSS framework
Managed and monitored assets given to customers
Used Active Directory to manage and deploy Group policies and manage OU's
Identified computer hardware and network system issues, performing troubleshooting techniques for remediation.