Data Loss Prevention - Data In Motion-Internet

Data Loss Prevention - Data At Rest Team:● Increased incident findings by expanding the globally accessible file share discovery scanning process.● Review incident alerts and remediate Data Loss Prevention violations found every month.● Evaluate new DLP tools from third parties for purchase to bring into the bank.● Create process for integrating indicators of compromise from known intel in the Mitre Attack framework into DLP tool policies.

● Act as Confluence SME for all Governance and Policy teams● Create new processes for team collaboration using Confluence and JIRA● Coordinate data movement of policy/control data to and from RSAM (the system of record)● Manage ecosystem wide tooling and architecture changes for the Governance and Policy teams

Bank of America Contractor - Global Information Security Control Alignment Project---------------● Established and maintain a notification process to alert Control Owners of modified information pertaining to theirpolicies and controls. This allows efficient identification of new potential risks.● Align Laws, Rules, and Regulations to Bank of America policies and standards to ensure compliance.● Compare regulatory requirements to established Identity and Access Management policies, controls, and evidence.● Address compliance gaps found during multiple phases of analysis and make recommendations of remediation.● Act as Confluence SME for all Governance and Policy teams● Create new processes for team collaboration using Confluence and JIRA

Perform internal Security Assessment to assess the current security posture, identify risks, and close security gaps.Monitor Palo Alto firewalls via Panorama for suspicious alerts/breaches/viruses and triage issues foundConfigure Palo Alto firewalls for supported Federal Public Defender OfficesExecute vulnerability scans for supported district networks with Nessus and Tenable Security CenterPerform security tasks in a help desk environment for the Computer System Administrators of all Federal Defender Offices in the US

--Utilized Data Loss Prevention applications for scanning open file shares to identify PII and other sensitive data at rest--Tested and created new policies for newly acquired McAfee Data Loss Prevention application.--Evaluate new applications from third parties to assess their security level and any risks that may be associated--Performed Security Assessments for multiple platforms to ensure compliance with security controls.--Created security controls and policies for teams that did not have any established.--Leverage password cracking tools to analyze the strength of passwords used on multiple applications in the company, and remediate weak/easily cracked passwords.--Perform vulnerability scans on enterprise wide systems and worked with the patch team for remediation of issues--Used Splunk to analyze real time logs for malicious security events or network issues--Organized team building outings to cultivate trust and foster more positive working relationships

--Worked with Information Security team to establish and improve process maps for Access Provisioning process--Support the Brokerage Conversion by submitting MARS(OIM customization) access requests to proper profiles for trading applications (FBSI, Streetscape, and View Direct.)--Mapped entitlements from Oracle Identity Analytics (OIA) to profiles in MARS tool for newly established profiles

--Security liaison for Access Control process. Included creating and improving the process flow, and ensuring all audit checkpoints are met when user access is granted to applications with sensitive data.--Troubleshoot account issues for customers that needed access to the Maryland Health Connections (Affordable Care Act) website.--Tested new automatic account unlock application for users of the website.--Suspend, terminate, unlock and activate accounts in Tivoli Identity Manager according to change requests issued by the Maryland State Government office.--Create report of all requests going through TIM and analyze all errors, warnings or pending actions from the requests. Performed troubleshooting when issues were found.

Application Security Team:--Provide role-based access support with authentication and authorization for over 40 financial applications.--Provisioned and de-provisioned users, system accounts, user access roles and additional resources across 100+ applications (internal and external).--Built test plans and performed regression and User Acceptance Testing to ensure continued functionality of existing security tools--Performed workflow and functionality testing for all new applications being incorporated into the provisioning function of the Application security team. --Led shakeout testing efforts (smoke testing) after new applications were deployed.--Worked with project management teams to provide requirements and test plans for enhancements to the corporate Identity Management system--Investigated potential security violations and incidents discovered from QA checks in an effort to identify issues and areas of non-compliance that require new security measures or policy changes.--Created Standard Operating Procedure documents for the team’s processesBuilt relationships with internal and external customers by providing technical support for access to requested applications.

Access Lifecycle Management Team--Led testing team to coordinate efforts for new Transfer and Termination (T&T) application; wrote and executed test cases, organized and facilitated meetings for defect remediation efforts, and reporting all testing results to upper management. Project completed on time.--Executed the T&T process to determine what internal accounts were affected and needed their passwords changed due to a transfer or termination within the company. --Monitored process mailbox, updated tracking sheet with evidence of password changes, and contacted multiple employees through e-mail and phone to make sure they were in compliance by changing the appropriate password before the due date.--Performed Security Model Maintenance by completing requests from ClearQuest. Requests included activating, deactivating, modifying and adding groups and information for all accounts and applications used.--Created Standard Operating Procedure documents for the team’s processes.--Completed Annual Business Security Review for all non-human system accounts with access to applications and no documented owners. Found owners for over 200 accounts and removed accounts no longer used to close out the review.

Test Analyst: -- Analyzed lengthy requirements documents to become fully aware of what was being tested -- Wrote, executed, and documented, hundreds of effective test cases efficiently within HP Quality Center -- Led regression testing defect remediation for the Reconciliation Database projectInformation Security Specialist: -- Analyzed data from multiple platforms in order to comply with internal audit regulations -- Tracked findings and errors within internal data being analyzed by the Application Access Assessment Team -- Executed the Transfer and Termination process (described above)Microsoft Tools Administrator: SharePoint and Microsoft Project Server: -- Supported over 3300 users of Microsoft SharePoint and Microsoft Project server on a two-person team -- Created SharePoint sites by request through Remedy work orders -- Assisted customers’ requests through e-mails, telephone, and Remedy work orders for SharePoint and MS Project Server -- Submitted Information Security Requests to add requested users to restricted groups for addition to SharePoint sites

Placed in charge of java and c++ programming class lab periodsAssist students with programming assignments and homework when neededGrade tests, quizzes, and lab assignments

Assist with medical records by entering patient information into database, recording immunizations in NC registry, scheduling appointments, and organizing lab reportsOrganize, assemble, and file patient charts

Collaborated in groups to organize, implement, and facilitate all aspects of orientationAided in resolving new student issues prior to the fall and springProvided a positive image of the university to new students and parents

Privileged Access Audit - Created spreadsheet of Single Sign On IDs that had unnecessary access to systems, products, or services, fixed the issue by getting requests submitted to remove certain accesses. My template is now the standard for future audits throughout the Enterprise Computing Services team.Facilitated Enterprise Change Management meeting for the Systems Management team by running the reports of all changes to products, prepared the reports for the team, created the agenda, and narrated the meeting.Command Center Calendar and Coverage - Organized Command Center coverage calendar by placing people in shifts to ensure correct coverage for conversion. Updated command center "playbook" for Retirement Plan Services conversion.

Carried out extensive test plans for software testingOrganized the Information Services Group database foldersShadowed Business and Technical Analysts to ascertain roles and responsibilities