Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Farrah Taylor

Summary

Security-focused professional, specializing in information security with a focus on risk management, vulnerability assessment, and incident response. Proven capability in developing, implementing, and monitoring security measures that effectively safeguard sensitive data in cyberspace. Experienced in reviewing, maintaining, and enforcing information security policies and procedures to protect organizational systems. Skilled in conducting thorough risk assessments and business impact analyses, identifying security vulnerabilities, and recommending strategic solutions. Demonstrated comprehensive understanding of ISO 27001/27002 standards. Proficient in managing documentation for audit purposes and remediating identified security gaps. Accomplished in supporting vulnerability management programs and managing information security risk exceptions and incidents. Remarkable ability to collaborate with cross-functional teams, ensuring stability and integrity of organization's information systems. Technical Proficiencies Frameworks & Standards: CIS | COBIT |COSO ISO 27001 & 27002 | NIST 800 -53 | FedRAMP | HITRUST| HIPPA Methodologies: Agile | Scrum | Waterfall

Overview

13
13
years of professional experience
1
1
Certification

Work History

Senior Information Security Analyst

MVNET Consulting /Technology
Alpharetta, Ga
01.2018 - Current
  • Implement and administer information security systems, including Security Information Event Management (SIEM) systems, data & access management systems, conduct vulnerability assessments, and maintain robust security procedures; align with best practices and cybersecurity frameworks such as NIST, CIS, and ASD Essential Eight
  • Collaborate with Information Security Analysts across industries on security trends, product evaluations, and emerging threats; actively participate in CSIRT, coordinating annual incident response testing and documenting results
  • Conduct regular security control tests and maintain enterprise-wide vulnerability scanning regimen; investigate and mitigate security incidents in line with established policies
  • Provide information security risk expertise for system risk assessments, recommend strategic changes to Information Security Program (ISP) based on needs and best practices
  • Serve as security consultant to IT and business units, offering guidance on securing cloud services, infrastructure, and new system evaluations; prioritize continual learning and delivers ongoing security training for all employees
  • Spearheaded security awareness programs, boosting company-wide knowledge of best practices and adherence to security policies
  • Streamlined incident response process, enhancing company's ability to manage security incidents
  • Leveraged Tenable Nessus for vulnerability management, improving overall security posture of company by identifying and remediating vulnerabilities in timely manner
  • Executed robust Plan of Action & Milestones (POA&M), addressing security findings, and devising comprehensive remediation plans
  • Led security assessments and audits, identifying, and recommending measures to rectify IT infrastructure vulnerabilities.

Information Security Analyst

SunTrust Bank
Atlanta, GA
01.2011 - 01.2018
  • Developed and oversaw Information Security program; assessed security posture and led third party risk management and remediation activities
  • Monitored compliance with security policies; validated documentation and enforced least privilege environment
  • Facilitated seamless integration of the security program across departments; engaged with business process owners and third parties; communicated security posture to stakeholders
  • Enhanced security awareness program; guided selection of new technologies; coordinated disaster recovery and incident response planning
  • Identified and documented security gaps, implementing remediation steps and initiating continuous monitoring protocols
  • Conducted comprehensive Risk Assessment and Business Impact Analysis, identifying and remediating risks through mock audits across multiple departments
  • Enhanced effectiveness of vulnerability management program, identifying and communicating security weaknesses from assessment reports and developing proactive mitigation strategies
  • Oversaw information security risk exceptions and other incidents, ensuring stability and integrity of organization's information systems.

Senior Information Technology Auditor

01.2011 - 01.2017
  • Conducted SOX and PCI compliance audits, ensuring adherence to SEC regulations
  • Verified control design adequacy and operating effectiveness of IT General Controls (ITGCs) and IT Application Controls (ITAC)
  • Executed risk-based audit approaches for IT projects, determining control design appropriateness
  • Performed Cloud computing control testing, focusing on security access management, confidentiality, integrity, availability, encryption, and compatibility
  • Collaborated with external auditors during annual SOX and special projects
  • Reviewed SDLC implementation during pre and post phases
  • Conducted IT application control testing on ERP systems (SAP, Oracle Financials) to verify design adequacy and operating effectiveness
  • Executed IT infrastructure control testing on Servers, Network Devices, Operating Systems, and Databases
  • Documented work through accurate work papers capturing results of walkthroughs and control tests
  • Identified control gaps and testing exceptions, providing recommendations for improving the overall control environment
  • Executed SOC I, II, III, SOC 1 type I audits, and reviewed SOC 1 type II and SSAE18 reports in compliance with management directives and leading practices
  • Conducted Cybersecurity audit testing for corrective, detective, preventive, and compensating controls, ensuring design adequacy, and operating effectiveness
  • Developed test programs, test plans, and test procedures, presenting audit results with value-adding recommendations.

Education

Bachelor of Science - Information Systems Management & Business Administration

University of Maryland Baltimore County

Skills

  • Skills & Competencies:
  • Information Security Management Governance, Risk and Compliance Project Management Business Impact Analysis Incident Response & Management Risk Assessment & Mitigation Disaster Recovery Security info0rmation and event Management, (SIEM) technology logging and analysis Cloud Security Authentication & Access PCI DSS Compliance System Monitoring Vulnerability Assessment & Management Security Audit & Compliance
  • Remediation Strategy Development Information Systems Integrity Maintenance Audit
  • Identification Access management TSM tools, Service Now, Jira Network Security
  • Third Party Risk Management Firewall Rule IPS Identity and Access Management IAM

Certification

  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Manager (CISM) Affiliations
  • Information Systems Audit and Control Association {ISACA}
  • Information Systems Security Association {ISSA} 2 | Page

Timeline

Senior Information Security Analyst

MVNET Consulting /Technology
01.2018 - Current

Information Security Analyst

SunTrust Bank
01.2011 - 01.2018

Senior Information Technology Auditor

01.2011 - 01.2017

Bachelor of Science - Information Systems Management & Business Administration

University of Maryland Baltimore County
Farrah Taylor