Kharlifa Abbey

• I created cybersecurity best practice communications to educate staff against known threats and potential I develop and maintained incident response protocols to mitigate damage and liability during security breaches.
• I conducted kick off meetings to collect systems information (information type, boundary, inventory, etc.) and categorize systems based on NIST SP 800-60.
• Conducted security control assessments to assess the adequacy of management, operational privacy, and technical security controls implemented. Security Assessment Reports (SAR) were developed detailing the results of the assessment along with Plan of Action and Milestones (POA&M).
• Prepared Security Assessment and Authorization (SA&A) packages to ascertain that management, operational and technical security controls adhere to NIST SP 800-53 standards.
• Performed vulnerability assessment, making sure risks are assessed and proper actions taken to mitigate them.
• Collaborated with third-party payment card industry (PCI-DSS) compliance partners.
• Authored [Timeframe] security incident reports, highlighting breaches, vulnerabilities and remedial measures.
• Maintained company-wide compliance with industry standards such as [Area of certification].
• Conduct IT controls risk assessments including reviewing organizational policies, standards and procedures and providing advice on their adequacy, accuracy and compliance with industry standards.
• Reviewed violations of computer security procedures and developed mitigation plans.
• Developed risk assessment reports. These reports identified threats and vulnerabilities. In addition, it also evaluates the likelihood that vulnerabilities can be exploited, assess the impact associated with these threats and vulnerabilities, and identified the overall risk level.
• I make sure Encrypted data and erected firewalls to protect confidential information.
• Created and updated the following Security Assessment and Authorization (SA&A) artifacts;, Security Test and Evaluations (ST&Es), Risk assessments (RAs), Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, Contingency Plan

I Verified that new and existing clients are not on the Ofac list, minimized money laundering activities, prevented and I detected fraud incidents and tracked key performance indicators. Identified areas that required increased security controls to protect the organization and its end users from future fraud, communicated with client fraud staff, outside authorities and law enforcement on fraud case inquiries via email, phone and fax, I was responsible for building and maintaining a strong level of customer service. I Corresponded with the IT group to help close possible fraud gaps.

• I Investigated and resolved customer inquiries and complaints quickly.
• I Responded proactively and positively to rapid change.
• Maintained up-to-date knowledge of product and service changes.
• Trained new personnel regarding company operations, policies and services.
• Developed highly empathetic client relationships and earned reputation for exceeding service standard goals.

• I Identified control gaps in processes, procedures and systems through in-depth research and assessment and suggested methods for improvement.
• I Complied with established internal procedures by examining reports, processes and documentation.
• I Perform systematic IT security audits of information systems to ensure compliance with PCI DSS, SOX (SOX 404, 802, COSO, COBIT), HIPAA, ISO risk management and security standards, NIST and other related IT security frameworks and standards.
• I Performed strategic planning, execution and finalization of audits.
• I Conduct assessment of security control implementation through interviews, questionnaires, tests and examination of evidence and documents such as System Security Plan (SSP) and policies and procedures.
• I Document audit tests and findings and discuss with Security Analysts, System Owners and System Administrators for collaborated remediation process
• I Prepare Security Assessment Reports and document recommendations and to track remediation of findings relating to implementation of security controls.
• I Conduct legal research on federal, state and local security legal requirements to stay updated and advise management on necessary actions

• I assist in communicating and facilitating the requirements for security risk assessments for both custom developed and third-party applications within the Freddie Mac Infrastructure. As part of a team, I develop the technology risk matrix to highlight areas of high risk for each of the critical/SOX applications within Freddie Mac.
• I assist in identifying and communicating application control deficiencies and the associated risks. Develop action plans and/or recommends alternate solutions to resolve exceptions to standard operating procedures
• I Provide security consulting and advisory services to business units and project teams.
• I made sure Encrypted data and erected firewalls to protect confidential information are all up to date.
• I Supports requirements gathering and design efforts of critical projects as needed. Responsible for implementing and maintaining a continuous process improvement work environment while executing security risk assessments in accordance with industry standards and best practices.

• I reviewed reports and individual transactions which appeared suspicious to uncover possible fraudulent activity.
• I analyzed large amounts of data to find patterns of fraud and anomalies.
• I reviewed and conducted in-depth analysis on regulatory and legal changes affecting institution. I Prepared written reports and analysis for compliance management.
• I assisted on projects, exams, audits and other tasks as assigned.
• I prepared currency transaction reports in compliance with the Bank Secrecy Act. Managed projects required to implement regulatory and legal changes, including setting project goals, coordinating efforts between multiple departments, and monitoring for effectiveness.