Ainhoa Iglesias Díaz
Information Security Risk Analyst at Ingalls- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
-
English Native or bilingual proficiency
-
Spanish Native or bilingual proficiency
-
German -
Topline Score
Bio
Credentials
-
MGT512: Security Leadership Essentials for Managers
SANS InstituteFeb, 2023- Oct, 2024 -
Certified in Cybersecurity (CC)
(ISC)²Dec, 2022- Oct, 2024 -
Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training
(ISC)²Dec, 2022- Oct, 2024 -
(ISC)2 Certified in Cybersecurity (CC) Cert Prep
LinkedInNov, 2022- Oct, 2024 -
Certified in Risk and Information Systems Control™ (CRISC)
ISACAOct, 2022- Oct, 2024 -
ISACA Certified Risk And Information System Controls (CRISC) Course
Training CampJun, 2021- Oct, 2024 -
SEC566: Implementing and Auditing the Critical Security Controls - In Depth
SANS InstituteAug, 2020- Oct, 2024 -
Curso de Introducción al Desarrollo Web/ Introduction to Web Development and Design
Instituto Internacional de Economía Universidad de Alicante/ Alacant University International Economics InstituteDec, 2015- Oct, 2024 -
Curso de Programación de Apps Móviles/ Intelligence Device Applications Development
Universidad Complutense de Madrid/ Complutense University of MadridDec, 2015- Oct, 2024 -
GIAC Security Leadership (GSLC)
GIAC CertificationsMar, 2023- Oct, 2024 -
GIAC Critical Controls Certification (GCCC)
GIAC CertificationsSep, 2020- Oct, 2024
Experience
-
Ingalls
-
United States
-
Hospitals and Health Care
-
700 & Above Employee
-
Information Security Risk Analyst
-
Oct 2020 - Present
Organizational lead to perform IT Risk Analysis on IT assets, processes and third-party vendors for the UChicago Health System.Organization lead to coordinate and direct third-party vendor risk assessments. Lead and coordinate remediation plan with business sponsors and designated third-party vendors to address the identified findings/risks.Primary contact for contract negotiations as it relates to ensuring third-party vendors meet UChicago Medicine security requirements prior to onboarding.Organization lead for corrective action planning and tracking of identified risks, facilitating the mitigation and remediation of identified risks with internal and external business partners throughout the Health System. Examples of this include creation and management of Corrective Action Plans and management of the security risk register, assist leadership in assessing the security and privacy risk posture for the organization, and participate and support organizational risk management governance.Serve as a key stakeholder in coordination with UCM Internal Audit, driving and facilitating organizational Management Responses related to IT audit findings for the UChicago Health System, gathering and analyzing evidence from audit finding owners, and partnering with Internal Audit for closure of Management Responses, including HIPAA Security Risk Analyses.Incident Response Command Center to coordinate, respond and track to completion and remediation of all security incidents affecting the UChicago Health systemPoint of Contact and Information Security Office representative for all things related to Security as the organization took on a transformational project to improve and modernize important foundational business, financial and human resources systems for the Health System by migrating and implementing such systems in the cloud.
-
-
Information Security Analyst
-
Sep 2017 - Oct 2020
Participate in the development, communication, and implementation of Information Security Program to ensure the confidentiality and integrity of Ingalls sensitive information as well as to assess current compliance. Created a HIPAA Book of Evidence on the organization’s compliance with HIPAA Privacy, Security and Breach RulesResponsible for conducting vulnerability scanning, analysis and reporting. Assist with the management of remediating vulnerabilities with corresponding IT custodians. Responsible for conducting risk assessments and risk analysis to help the organization develop security standards and policies/procedures that support strategic, tactical and operational objectives on a cost-effective basis. Responsible for Corrective Action Plans process which is meant to support Senior Management with a transparent understanding of what is occurring within the environment through efforts in cross functionality, shared accurate knowledge, updated information, centralization, and standardization. It is also meant as a way to establish and document a plan for remediating identified security issues with appropriate stakeholders. Assist with developing and maintaining security policies, procedures and guidelines that are in compliance with IMH policies and generally accepted information systems control requirements. Oversee the establishment, implementation and adherence to policies and procedures that guide and support the provision of information security services.Assist with the Security Incident Reporting program to ensure the prevention, detection, containment and correction of security deviation(s)/breach(s). Provide the coordination of problem resolutions for security violations/deviations to include investigation of improper information disclosures or security incidents utilizing defined policies/procedures.As SharePoint Administrator, built advanced SharePoint workflows and workflow-based solutions
-
-
-
UChicago Medicine
-
United States
-
Hospitals and Health Care
-
700 & Above Employee
-
Information Security Operations Intern
-
May 2017 - Aug 2017
Assisted the Security Operations team with the execution of the Information Security Program to ensure confidentiality and integrity of sensitive information Monitor and respond to Information Security operational tickets Assist the Security Operations Center with incident response activities Assist with Risk Management initiatives such as performing cyber-security risks assessments and building remediation plans Responsible for analyzing the results of vulnerability management activities and building corrective action plans Contribute to security awareness and training program by executing phishing awareness campaigns and drafting awareness articles
-
-
-
Western Carolina University
-
United States
-
Higher Education
-
700 & Above Employee
-
Graduate Research Assistant
-
Aug 2012 - May 2014
Full time graduate student, -Graduate Assistant Professor - at The Kimmel School of Engineering and Construction Management at WCU. Obtained a Master of Science in Technology. The Master's thesis project "Biomechanics of the overhead motion in tennis: Effect of ball impact location on the transfer of linear and angular momentum during game play" consisted on developing an instrumented racket capable of measuring the forces and torques transferred to the wrist as well as developing a mathematical model of a tennis racket to estimate joint reaction forces in the wrist, elbow and shoulder, and provide theoretical foundation for the instrumented racket.
-
-
Education
-
Illinois Institute of Technology
Master in Information Technology and Management, Information Technology -
Western Carolina University
Master of Science in Technology -
Western Carolina University
Bachelor's degree, Electrical Engineering -
Colegio Fundación Caldeiro