Principal Information Security Analyst
CurrentConduct a comprehensive cyber risk assessment, identify potential threats, evaluate their impact, and determine the likelihood of occurrence. This data-driven approach led to an improvement in resource prioritization efficiency, ensuring strategic allocation for risk mitigation.• Providing guidance on the rollout of security initiatives crafted to proactively identify, evaluate, and mitigate system vulnerabilities. Coordinating the execution of security programs across SAIC diverse platforms and instituting a clear and effective method for reporting vulnerabilities to the management.• Develop and implement a set of SAIC cybersecurity policies, standards, and procedures tailored to the organization's specific needs. These policies address areas such as risk management, data classification, data remanence, access controls, disaster recovery, business continuity, incident response, acceptable use, Vendor risk management, DevSecOps system security plan/implementation in CI/CD pipeline, password management and the impact include a reduction in security incidents.• Continuous evaluation of the security effectiveness of SAIC installed systems. Through a meticulous assessment process, I identified areas for improvement and led modifications that not only minimized vulnerabilities but also significantly strengthened our agency's cybersecurity posture that enhanced the availability, integrity, confidentiality, and accountability of SAIC ITO information system resources.• Champion the recommendation and implementation of DevSecOps methodology to the technical team during project development. This multifaceted contribution extended to active involvement in the design, testing, and maintenance of programs, resulting in a notable reduction in the development of applications tainted with vulnerabilities and bugs.