Experience

VA MARYLAND HEALTH CARE SYSTEM

• United States
• Medical Practices
• 1 - 100 Employee

• I/S Security Risk Analyst

  • Feb 2020 - Present

  • Conducted vulnerability scanning using Nessus and analyzed the result in support of security controls assessment. • Participated in weekly security team meetings to provide guidance and support for the development of enterprise security architecture. • Develop, Review and update System Security Plan (SSP) using NIST SP 800-18 Appendix A. • Conduct risk assessments on identified vulnerabilities per NIST 800-30 and developed risk assessment reports. • Facilitated Security Control Assessment, performed internal audits of systems prior to external auditing and Continued Monitoring Activities.2322 • Supported information systems through risk management framework NIST 800-37 • Reviewed security logs to ensure compliance with policies and procedures and identifies potential risks. • Worked with systems and network administrators to develop implementation statement for security controls. • Created, reviewed, and updated security documentations such as FIPS 199, SSP, PIA, PTA, IR, DR and BIA. prior to ATO step. • Improved security posture to effectively mitigate advanced threats. • Established company-wide security best practices and protocols to mitigate risk of data breach.



First Financial Federal Credit Union of Maryland

• United States
• Financial Services
• 1 - 100 Employee

• Risk Management Analyst

  • Jan 2017 - Feb 2020

  • Support the development and maintenance of enterprise risk management policies, standards, procedures, tools, and information systems. • Support development, implementation, and execution of enterprise risk management framework • Perform enterprise risk identification, assessment, prioritization, reporting, and monitoring. • Maintain a process for establishing enterprise risk management communications at all levels for gathering data and developing risk reports. • Assess defined risk to identify cross-functional root causes and consequences. • Coordinate with risk owners to develop recommendations for risk response and monitoring plans. • Validate RFI and RFP contracts evaluations when on boarding vendor when conducting Due diligence. • Assess completed service level agreements (SLAs) prior to vendors categorization. • Provide support for regulatory internal and external audit Process. • Identify process gaps or areas of concern and develop recommendations for risk response and monitoring plans. • Produce analytical and comparative risk reports and utilize various risk monitoring tools e.g security scorecards, Bitsight) to provide regularly (monthly/quarterly/annual) management reporting in support of the agency's enterprise-wide risk management program. • Participate in business development activities, project managem`1ent, and professional organizations awareness and training program. • Partake in organization third party risk management using Archer and ZenGRC, • Review evidence such as SIG, SOC2, PENTEST VUL scans results and policies.