Shiela Bife
Hanover Township,PA
Summary
Highly motivated and results-driven IT Cybersecurity Specialist with years of experience in audits, compliance, policy and procedure reviews, and enterprise risk management. Proven track record of success in security risk assessment, remediation planning, regulatory compliance, and vendor risk assessment. Seeking a challenging role where I can leverage my skills and strategic mindset to enhance an organization’s cybersecurity posture and protect valuable assets. Committed to delivering measurable outcomes and driving continuous improvement in formation security practices.
Overview
4
4
years of professional experience
3
3
Certification
Work History
IT Cybersecurity Specialist
Federal Deposit Insurance Corporation (fdic)- Office of the chief information officer
06.2022
- A cybersecurity professional primarily engaged in enterprise risk management monitoring, audit mailbox monitoring and reporting, and policy reviews
- Proven ability to ensure regulatory compliance with industry standards such as NIST through meticulous policy and procedure reviews, gap analysis, and remediation planning
- Lead the initiative to automate the OCISO Audit mailbox and the Audit SharePoint site using Power BI to ensure timely updates of requests and evidence to facilitate tracking and executive reviews
- Improved the audit mailbox process by developing a Standard Operating Procedure (SOP)and organizing the mailbox by Audit Name to facilitate tracking, coordination, and reporting of audit requests
- Collaborated with Senior Cybersecurity Specialist to create concise, high-level presentations to inform the CISO about projects the Risk Management team has undertaken
- Collaborated with colleagues to develop and deliver engaging security awareness and training programs to educate employees on best practices, resulting in improved security awareness and reduced phishing campaign failed incidents
- Assisted in performing phishing campaigns to gauge employees' security awareness using the Cofense PhishMe platform.
IT Compliance Analyst II
Geisinger Health Services
07.2021 - 07.2022
- Perform tasks to ensure compliance with regulatory obligations, corporate policy and selected internal procedures
- Assist and compliance reviews, monitor and report on compliance status while contributing to continuous improvement and refinement of existing compliance activities
- Developed an employee engagement program to promote mutual understanding, collaboration, and an overall sense of belonging across the compliance department, increasing the department’s rating during the annual employee pulse survey
- Assure software/hardware inventories and documentation accuracy in ServiceNow, which contributes to the Key Performance Indicator (KPI) scorecard
- Conducted regular reviews of policies and procedures to ensure compliance with relevant regulations (HIPAA, PCI DSS) and standards
- Reviewed Disaster recovery test plans to ensure business continuity in the event of a disruption of service
- Assessed and evaluated risks associated with the organization’s systems, applications, and processes, improving the organization's overall risk posture
- Monitor and report on the progress of remediation plans to address identified risks and continuously update the risk register.
Information Security Associate
Metropol-tech Consulting
08.2019 - 07.2021
- Institute robust security plans to protect or safeguard computer files against accidental/unauthorized modification, destruction, and disclosure
- Review reports of existing computer viruses to ensure timely updates of virus protection systems
- Assisted in planning and executing updates to System Security Plans (SSP) leveraging NIST 800-18 as a guide to develop SSP
- Assisted in conducting a vulnerability assessment, identifying security weaknesses, and providing recommendations for remediation
- Participated in security awareness training sessions to educate employees on security policies and procedures
- Collaborated with security teams to select and implement security controls leveraging NIST SP 800-53
- Assist in vendor onboarding by reviewing the vendor risk assessment questionnaire, following up with vendors to get clarity, and finally developing a risk summary with impact levels to guide business in decision-making
- Conducted research on emerging risks and regulatory changes, providing valuable insights to the team.
Scrum Master
Aspen Dental
Wilkes-Barre, PA
10.2018 - 09.2019
- Facilitated Scrum framework – sprint planning, backlog grooming, daily scrums, sprint reviews, and sprint retrospectives.
- Applied agile methodology to shorten cycle time and achieve target margins.
- Led sprint reviews and planning meetings to promote full team engagement.
- Collaborated with product owners, team members, technologists, and other scrum masters to define solutions and drive progress.
- Coached teams in Agile practices and provided necessary training to create positive mindset to Agile methodologies.
- Worked closely and listened to team members' feedback to identify issues and resolve conflicts.
Education
MSc. Cybersecurity Management and Policy -
University of Maryland Global Campus
12.2022
Computer Networks and Cybersecurity -
University of Maryland Global Campus
04.2021
AAS Cybersecurity Management -
Luzerne County Community College (LCCC)
05.2019
Skills
- Risk Management Framework
- Security awareness and training
- Policy and procedure reviews
- Compliance Monitoring and reporting
- Security Audits Coordination
- POA&M tracking and reporting
- Communication and collaboration
- Documentation and records management
- RSAM (GRC too)
- Microsoft suite
- SharePoint
- Nessus Pro
- Cofense PhishMe
- ServiceNow
- Cybersecurity Asset Management (CSAM)
- OneTrust
- Jira
- Power BI
- Third-Party Collaboration
- Critical Thinking
- Plan of Actions & Milestones (POA&M)
- Identifying Risks
Certification
- Certified Governance, Risk and Compliance (ISC)2 (Active)
- CompTIA Security + Certification (Active)
- Certified Scrum Master (Active)
- ISACA Certified in Risk and Information Systems Control (in progress)
- ISACA Certified Information Systems Auditor (in progress)
Awards And Activities
- International Scholar Laureate Program (Beijing China) 2019
- Cybersecurity Talent Initiative Fellow (2022 to present )
- Volunteer/Board Member Quality Smile Restorers Inc. (2013 to present)
- ISACA New Jersey Chapter member (2021 to present)
- Honor Society of Phi Kappa Phi (2022 to present)
Timeline
IT Cybersecurity Specialist
Federal Deposit Insurance Corporation (fdic)- Office of the chief information officer
06.2022
IT Compliance Analyst II
Geisinger Health Services
07.2021 - 07.2022
Information Security Associate
Metropol-tech Consulting
08.2019 - 07.2021
Scrum Master
Aspen Dental
10.2018 - 09.2019
MSc. Cybersecurity Management and Policy -
University of Maryland Global Campus
Computer Networks and Cybersecurity -
University of Maryland Global Campus
AAS Cybersecurity Management -
Luzerne County Community College (LCCC)