Experience

Amego, Inc.

• United States
• Individual and Family Services
• 100 - 200 Employee

• Program Director

  • Jun 2018 - Present

  • Review HIPAA Framework with clients to identify potential gaps in required documentation and processes. • Develop, review and evaluated System Security Plan based NIST Special Publications • Review ISO27001:2013 and ISO 27002:2013 standards with clients to identify potential gaps in required documentation and processes. • Assist with creation of Asset register and conduct a test for its relevance. • Document security gaps identified as findings that require remediation and/continuous monitoring. • Control documents for easy tracking and accountability. Create standard templates for recording data. • Conducts risk-based audits including all aspects of the audit lifecycle, risk assessment, planning, client coordination, fieldwork, data analysis, workpaper documentation, reporting, and remediation validation, with direction from senior team members. • Conduct Risk Assessment and Business Impact Analysis to identify risks that need to be remediated or continuously monitored. Conduct mock audits for various departments. • Support vulnerability management program by reviewing and communicating security weaknesses based on reports from vulnerability assessments, and developing recommendations for security issues and vulnerabilities identified during assessments. • Providing support for managing information security risk exceptions and other incidents as assigned. Show less



The Home Depot

• United States
• Retail
• 700 & Above Employee

• Security Analyst

  • Sep 2016 - May 2018

  • Subject matter expert for Third-Party Risk management policies and procedures and information security best practices. • Performed Third-Party risk assessments using the security controls implemented by the company as a baseline/guide • Performed PCI-DSS Assessments using PCI Compliance Guide • Identify and recommend appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to a level acceptable to the organization. • Identify and report on new and emerging security risk and risk trends, including participating in risk remediation solution discussions and recommending updates to policy and standards. • Conducted rigorous SOC 2 audit reports for clients focusing mainly on controls design and their operational effectiveness. • Performed Enterprise logs analysis using Splunk, Sumo Logic and monitored organizational endpoint security posture . Reviewed NIST Standard, Business Continuity and Disaster Recovery Plan with Vendor team during assessment processes. Show less