Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Dana Waddell

St Louis,MO

Summary

As a long time security practitioner, I have obtained both hard and soft skills in technical, administrative, and operational tasks for 30+ enterprise SAP modules, cloud services and providers across enterprise business functions. I have been able to work at the application layer, as part of the infrastructure, compliance and controls, governance, threat and vulnerability management, and risk management. All of my years in security has always centered around data privacy and protection.

Overview

20
20
years of professional experience
1
1
Certification

Work History

Lead Business Systems Analyst

Cloud Security
08.2019 - Current
  • Founding member of corporate Cloud Security team in 2019.
  • Program success has been significant in gaining organizational trust and cloud adoption from executive level management.
  • Currently migrating all on premises applications to cloud.
  • Provides security expertise for large Fortune 24 corporation with Hybrid multi-cloud (AWS/Azure) environment in a highly regulated industry (Healthcare).
  • Advisor to IT Security leadership team on cloud security strategy, security tools selection, multi-year roadmap, current security trends, and industry standardization of cloud security tools.
  • Launched Cloud Adoption Program by evangelizing, created roadmap, roadshow, and open forums where anyone could come and ask cloud questions regardless of their role.
  • Liaison between IT and business partners getting insight to end-users’ problem statements and turn them into solutions.
  • Experienced working with vendor Pro Services partners.
  • Demo cloud native security services capabilities to preview out of box and/or custom capabilities, gauge feedback, adjust or proceed with defining use cases.
  • Assessed all cloud native AWS event-driven security services that integrate with AWS Security Hub.
  • Assessment included solution architecture, compliance best practices, automation capabilities, integrations, logging and monitoring playbooks, and tool rationalization for Security Hub, GuardDuty, Detective, IAM Access Analyzer, and other third-party integrations.
  • Security Hub health check and logging cost optimization strategy.
  • Experienced with Agile methodology, backlog refinement, Jira, Confluence, and other related tools as Cloud Security Scrum Master for 3 years in addition to Lead Business Systems Analyst.
  • Infrastructure as Code Scanning – Prisma Code Security.
  • Moving organization “left,” managing and provisioning of infrastructure through code vs manual processes.
  • A project team leader in scoping use case documentation, development unit testing to troubleshoot error messages, organizational software blockers, licensing considerations, when integrating or downloading new software.
  • Identified application developer tools already in use within landing zones.
  • Created run books for IDE options; Pris;ma Code Security, with Visual Studio Code (IDE), Chekov CLI, with Terraform (.tf) code configuration files
  • Gained knowledge of CI/CD tools like Terraform, Prisma Code Security (Infrastructure as Code), Chekov, VS Code, PyCharm, Gitlab, Azure DevOps, AWS CloudFormation, and basic Python programming.
  • Through this process identified which capabilities, or combination of capabilities, to a implement minimum viable product.
  • Captured each of vetted process steps for training and knowledge share with pilot group and eventual public consumption.
  • Cloud Security Internal Assessments – determines security assessment readiness for application teams to begin development.
  • As-built verification of application security readiness for applications moving into cloud.
  • Data protection, AWS Macie, AWS Key Management Service (KMS), and other data security related services such as Microsoft Cloud Access Security Broker (MCAS).
  • Supported Palo Alto’s Prisma Cloud tool deployment (CSPM, Cloud Compute, and Infrastructure as Code - Prisma Code Security) to monitor all cloud security misconfigurations across large hybrid multi-cloud environments.
  • Member of Cloud Security Posture Management (CSPM) project, providing guidance to threat and vulnerability management teams to successfully deploy Checkpoint’s Dome 9 and then Palo Alto Networks Prisma cloud for compliance checks in all AWS accounts, including creation of rule exclusion and performing risk assessment in collaboration with risk management team.
  • Experienced implementing cloud security services in AWS/Azure including IAM, logging and monitoring, incident response, risk management, compliance, security assessments, data security, vulnerability assessments, and more.
  • Represent Cloud Security for any Compliance/audit related work.
  • Collaborated with multiple teams to create successful testing plan for PCI, HIPAA, NIST, SOX, SOC, SOC2 and other regulations.
  • Serve as a SME helping IT Security Governance team update old on-premises security policies and creating new cloud related policies and procedures and third-party risk assessments.
  • Created and managed IT Cloud Security Agile processes as team Scrum Master.
  • Jira board configuration, management of scrum ceremonies, identification of data input criteria and tagging, became standard for all new team’s reporting to Director of Cloud Security Engineering.
  • Efforts provided baseline for security standardization, operational optimization and visibility into metrics and overall team performance and deliverables.
  • Created Jira Dashboards for reporting through gadgets, structures, and macros.
  • Integrated Jira with IT Cloud Security’s Confluence wiki site for enhanced visibility and reporting for management for both Jira metrics and Confluence wiki content for team home page and customers.
  • Confluence Administrator for IT Cloud Security Confluence wiki site (self-taught).
  • Created wiki presence as a Cloud Security “center of excellence” to provide automated & transparent security guardrails to public cloud services.
  • Created and published content for business and technology communities visiting Cloud Security wiki to learn all things happening in Cloud Security for enterprise.

Senior Information Risk Analyst

Centene
10.2017 - 08.2019
  • Oversee design, implementation and continued monitoring of Enterprise controls for core applications and systems
  • Serve as liaison between auditing bodies, IT Security Management, Compliance and Business Stakeholders
  • Performed regulatory assessment for California Privacy Rights Act (CPRA) and have worked with GDPR in SAP Security as well as NYDFS Cybersecurity Regulation
  • Lead and assist with others in designing IT environment to conform to relevant industry standards (ISO, HIPAA, SOX, PCI, NIST, and NYDFS) and related state requirements
  • Assess application risks, systems risks and data processes within IT, address risks with applicable general controls, and recommend solutions
  • Design monitor and evaluate controls for effectiveness and efficiency to mitigate areas of risks as well as adherence to audit and security best practices
  • RSA Archer Administrator to support implementation of enterprise Archer GRC tool
  • Co-authored policy and standard language for Enterprise Common Control Framework (ECCF) published to organization in RSA Archer
  • Provide subject matter expertise, support, and guidance to project team members
  • Analyze IT data to assess risk and improve processes and efficiency.

IT Audit & Compliance Analyst/

Hussmann Corporation, SAP
06.2016 - 02.2017
  • Applications System Support (dual role)
  • Audit & Compliance Analyst collaborating with key business functions, internal IT staff and external auditors to ensure that SOX compliance program and key controls for IT processes and procedures are in place and monitored across organization
  • Also, supported multiple applications and operating systems in a technical role supporting IT platforms for access management and maintenance
  • Provide and ensure that in scope systems, databases, applications, and IT processes comply with all SOX IT General Controls
  • Full responsibility for IT Controls Testing, Annual Design Assessment, Annual Access Reviews and Segregation of Duties reviews and reporting
  • Full Responsibility for cellular program, including compliance with mobile device policy, periodic audits to ensure compliance, monthly reporting, and daily support in conjunction with third-party cellular management provider
  • Responsibility for global security application access for employees; including Oracle, Active Directory, Windows Network platform administration, AS400 Mainframe, CRM, Business Objects as well as access to Microsoft Office Suite of products
  • Track and support batch jobs/scheduling/error troubleshooting resolution and communication
  • Support new IT system implementations and ensure compliance with existing policies
  • Support and participate in all internal and external Audits and Audit processes as required
  • Work with team to plan quarterly/annual internal and external audits
  • Manage and communicate schedule with application development teams
  • Provide guidance and facilitate understanding of SOX and Compliance controls throughout IT Organization
  • Create and or maintain SOX documentation as required
  • Monitor business and IT access control processes (adds, changes, and terms)
  • Ensure adoption of CURE system
  • Ensure appropriate segregation of duties within IT and consult with business partners on appropriate roles; provide reports that monitor violations
  • Prepare all audit materials (support determination of population of a change, pull material for test cases chosen
  • Implement new SOX requirements working closely with IT staff
  • Work with third party provides to ensure SSAE16 compliance implementing processes improvements where applicable
  • IT Special Projects as assigned.

SAP Security / Basis Principal Systems Analyst

Olin Corporation
01.2013 - 02.2016
  • Principal security contact for all of SAP Security, SOX Compliance for HIPAA, Safe Harbor and PCI deliverables
  • Basis and UNIX support for Winchester Division
  • Liaison for systems/datacenter outages, DR, outsourcing and provide assessment on modern technologies and overall system architecture and maintenance
  • Interface with all levels of management, colleagues, and external partners
  • SAP Security role design and user provisioning (overall enterprise RBAC and security infrastructure architecture)
  • Utilized Approva Segregation of Duties (SOD) tool
  • SOX compliance (internal and external-HIPAA/Safe Harbor/PCI)
  • Basis support (Transport Mgmt./OSS/Versioning/Refreshes/Copies/Monitoring)
  • Batch/Job scheduling management
  • SAP installation and post installation activity
  • UNIX commands and file permissions for external imports for SAP
  • Project implementation and operational support
  • Gold Client functionality and Solution Manager
  • 24/7 SAP systems application and technical support
  • Vendor Management (IBM and all other IT related vendors)
  • Core ECC 6.0, Open Text, Gentran (EDI), Redwood, Red Prairie, BI Edge, CUA, SSO (AD), Approva.

SAP Security Supervisor (Analyst/Engineer)

Sigma-Aldrich
05.2004 - 01.2013
  • Managed international team across multiple time zones, budgeting, and resource allocation for daily support (internal and external vendor management) as well as being security expert for small, medium, and large project implementations with I.T
  • PMO
  • Managed and mentored junior analyst team members in how to support enterprise SAP Security design, infrastructure support, compliance, and governance functions
  • Contact and SME for internal and/or external audit reviews for Sarbanes Oxley compliance (HIPAA/Safe Harbor) and PCI standards for Payment Cards on behalf of Security
  • Basis functions
  • Support internal governance team for regulatory requests and coordination with authorities
  • Work with business and finance to develop global mitigating control documentation and supporting process flows
  • Deployed Enterprise portal, NWBC clients, SSO, Password Manager and Identity Management software IDM/SSO Suite
  • Implemented GRC 10.1 RAR (Risk Analysis Remediation)
  • Investigate and work with Basis to apply OSS notes, OSS User Administration upgrades/patches and transports via Solution Manager
  • Mentor and develop Analyst team members on internal policies, processes, and procedures in all areas relative to SAP Security
  • Prepare semi-annual employee performance appraisals and set improvement objectives and goals for team members
  • Project Management – cross functional meetings, projects, and initiatives
  • Implemented Structural Profile authorization structure for HCM
  • Ensure maintenance schedules are timely for removal of expired, terminated user accounts, and/or roles no longer in use
  • NetWeaver portal applications for HR Benefits enrollment (ESS-IBM web) application, BI portal, RPM, CRM interfaces
  • Ensure system integrity and SOX compliance by collaborating with Auditors, as well as business process owners, to resolve deficiencies identified through specific I.T
  • Audits and/or site reviews
  • SAP installation and post installation activity
  • Creation of Transports and Change Control Management (Solution Manager)
  • SAP License assessment for appropriate User Type settings for enterprise SAP modules
  • Troubleshot and resolved problems with programs and systems
  • Contributed to successful field deployment of business systems improvements
  • Determined areas in need of enhancements and identified relevant and feasible systems to address concerns
  • Organized and enhanced business rules governing enhancements to existing systems
  • Coordinated installation of updated computer programs and systems
  • Assessed organization technology infrastructure and managed cloud migration process
  • Evaluated firewalls and monitored threats to establish secure cloud environments
  • Offered decision-makers ROI and cost-benefit projections to guide project development and implementation
  • Collected data in field, evaluated findings and produced reports and presentations
  • System maturation with new features and structural components
  • Organized and executed strategies for migrating and consolidating data
  • Formulated and designed computer systems using data modeling, information engineering and structured analysis
  • Collaborated with various departments to improve communication and deliver individualized customer solutions
  • Acted with minimal direction in self-directed capacities to resolve issues and implement strategies
  • Developed strategic plan for client relationships, proactively consulting with senior individuals and anticipating needs
  • Conducted due diligence and fulfilled compliance requirements, communicating with other departments to complete requests
  • Collaborated with managers to identify and develop new markets according to strategic plan, analyzing potential opportunities and challenges
  • Delivered positive experiences to customers at every touch point through clear communication and implementing strategies to improve satisfaction
  • Established strong client relationships to drive business development
  • Used excellent verbal skills to engage customers in conversation and effectively determine needs and requirements
  • Recognized security risks to effectively manage situations
  • Directed risk assessment operations and system test execution
  • Evaluated performance indicators to assess security control quality
  • Safeguarded data through installation of firewalls and data encryption programs
  • Implemented software tools to assist in threat detection, prevention, and analysis
  • Directed vulnerability assessments or analysis of information security systems
  • Investigated information security breaches to identify vulnerabilities and evaluate damage
  • Monitored systems for indications of threats, security breaches or intrusions
  • Lead and executed risk management projects to identify deficiencies and possible corrective actions
  • Devised and executed contingency plans to maintain operational continuity during events such as data backup and cross-training
  • Implemented operational vision for data analytics and reporting, including identification of key requirements and continuous improvement opportunities
  • Designed programs and protocols to control company loss and minimize adverse financial impacts
  • Analyzed reporting strategies and data to create educational programs
  • Directed reporting automation to reduce errors and labor requirements
  • Reported findings on risk exposures to senior executives and board of directors.

Education

Bachelor of Science - Cybersecurity

Lindenwood University
Saint Charles, MO
12.2024

Skills

  • Collaborate and encourage collaboration
  • Strategic thinking
  • Assertiveness and diplomacy
  • Skilled negotiating and problem-solving
  • Relationship-building
  • Focus on business value and solutions
  • Breaking down organizational silos
  • Strong writing, speaking, and presenting skills
  • Leadership
  • Data Security and Compliance Laws

Certification

AWS Certified Cloud Practitioner

Microsoft Certified: Azure Fundamentals

Timeline

Lead Business Systems Analyst

Cloud Security
08.2019 - Current

Senior Information Risk Analyst

Centene
10.2017 - 08.2019

IT Audit & Compliance Analyst/

Hussmann Corporation, SAP
06.2016 - 02.2017

SAP Security / Basis Principal Systems Analyst

Olin Corporation
01.2013 - 02.2016

SAP Security Supervisor (Analyst/Engineer)

Sigma-Aldrich
05.2004 - 01.2013

Bachelor of Science - Cybersecurity

Lindenwood University

Similar Profiles

CREATE PROFILE
Dana Waddell