Experience

Futurity First

• United States
• Insurance
• 200 - 300 Employee

• Information Technology Security Analyst

  • Feb 2016 - Present

  ❖ Update IT security policies, procedures, standards, and guidelines according to private and federal requirements. ❖ Develop and/or maintain POA&Ms for all accepted risks upon completion of system SCA, including the utilization of waivers/exceptions where appropriate ❖ Create remediation strategies for weaknesses based on priorities ❖ Provide review and progress reports of all Plan of Action and Milestones (POA&M) ❖ Review security logs to ensure compliance with policies and… Show more ❖ Update IT security policies, procedures, standards, and guidelines according to private and federal requirements. ❖ Develop and/or maintain POA&Ms for all accepted risks upon completion of system SCA, including the utilization of waivers/exceptions where appropriate ❖ Create remediation strategies for weaknesses based on priorities ❖ Provide review and progress reports of all Plan of Action and Milestones (POA&M) ❖ Review security logs to ensure compliance with policies and procedures and identifies potential anomalies ❖ Review, analyze, and research scan findings and coordinate remediation efforts in a timely fashion ❖ Liaise with audit team to investigate and respond to Financial and/or IG Audits. ❖ Perform IT risk assessment and document the system security keys controls ❖ Participate in all aspects of audit activities including risk assessments, planning, testing, control evaluation, work paper documentation, report drafting, issue clearance with cybersecurity and access management stakeholders, and follow-up/verification of issue closure ❖ Review security logs to ensure compliance with policies and procedures and identifies potential anomalies ❖ Review and update IT security policies, procedures, standards, and guidelines according to private and federal requirements. ❖ Create remediation strategies for weaknesses based on priorities as contained in vulnerability reports ❖ Coordinate with System administrators to provide fixes for vulnerabilities identified in systems. ❖ Support internal auditors on various compliance audits and assessments, such as PCI-DSS ❖ Provide data and guidance regarding current laws, rules and regulations related to IT controls ❖ Coordinate internal and external regulatory IT and Security audits; met with subject matter experts to facilitate reviews ❖ Assisted with administration, management, and reporting for security assessments and on-going monitoring activities; e.g., SOC 2 Type II, SOX, ISO/IEC 27001, PCI DSS, HIPAA, GDPR Show less



Premier Financial Services, LLC

• United States
• Financial Services
• 1 - 100 Employee

• Information Technology Security Analyst

  • Sep 2014 - Feb 2016

  Rockville, Maryland, United States ❖ Performed site HIPAA audits to ensure compliance with HIPAA regulations ❖ Assisted in performing periodic internal audits to ensure compliance as well as preparing material for any external IT audit from delegated Health Plans or State and Federal agencies as needed ❖ Monitored the regulatory requirements under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) law ❖ Coordinated initial and periodic information privacy risk assessments and conducts related… Show more ❖ Performed site HIPAA audits to ensure compliance with HIPAA regulations ❖ Assisted in performing periodic internal audits to ensure compliance as well as preparing material for any external IT audit from delegated Health Plans or State and Federal agencies as needed ❖ Monitored the regulatory requirements under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) law ❖ Coordinated initial and periodic information privacy risk assessments and conducts related ongoing compliance monitoring activities in coordination with the client ❖ Assisted in identifying and communicating application control deficiencies and the associated risks ❖ Provided expertise and assistance in the development of continuous monitoring programs and plans ❖ Performed the adequacy assessment, independently testing the controls and escalating control issues to Management ❖ Conducted assessment of the security safeguards compliance with PCI-DSS standards. ❖ Provided support and guidance for legal and regulatory compliance efforts, follow through on security response to audits, and audit support for all appropriate regulatory requirements including the Payment Card Industry Data Security Standard (PCI DSS) and Sarbanes Oxley. Show less