• Conducting regular security assessments and vulnerability scans to identify and assess potential security risks and weaknesses in the organizations infrastructure and systems • Developing and implementing information security policies, procedures, and guidelines in compliance with industry standards and regulations• Conducting risk assessments and providing recommendations for mitigating identified risks• Developing and managing security incident response plans and coordinating… Show more • Conducting regular security assessments and vulnerability scans to identify and assess potential security risks and weaknesses in the organizations infrastructure and systems • Developing and implementing information security policies, procedures, and guidelines in compliance with industry standards and regulations• Conducting risk assessments and providing recommendations for mitigating identified risks• Developing and managing security incident response plans and coordinating with relevant stakeholders to ensure timely response and resolution of security incidents• Performing security audits and evaluations to ensure compliance with internal security policies and external regulations• Monitoring and analyzing security logs and alerts to detect and respond to potential security breaches or threats• Engaged in audits of critical third-party vendors to ensure security posture complied with the Firm's standards.• Completed security reviews of technologies, reported vulnerabilities and made recommendations to management.• Developed policies, guidelines, and procedures for various security operations.• Responded to external audits by clients and was involved in remediation plans for any gaps discovered.• Performed Nessus vulnerability scans of critical enterprise servers and devices, reported results to management.• Reviewed Sourcefire IDS events and alerts for potential security breaches.• Performed malware analysis utilizing the Cuckoo automated malware analysis platform.• Analyzed the security logs of various devices and servers.• Utilized Trend Micro DSM for server integrity monitoring. Show less

• Develop, review, and maintain core security artifacts such as System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action & Milestones (POA&M), checklists, templates, and other documentation in support of the FedRAMP and FISMA Assessment & Authorization (A&A) process.• Facilitate Security Control Assessment (SCA) and Continuous Monitoring Activities.• Execute examine, interview, and test procedures in accordance with NIST SP… Show more • Develop, review, and maintain core security artifacts such as System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action & Milestones (POA&M), checklists, templates, and other documentation in support of the FedRAMP and FISMA Assessment & Authorization (A&A) process.• Facilitate Security Control Assessment (SCA) and Continuous Monitoring Activities.• Execute examine, interview, and test procedures in accordance with NIST SP 800-53A.• Assist in the identification, research, mitigation, and remediation of system vulnerabilities as required for proper tracking and reporting via the POA&M sheet.• Develop, review, and update Information Security System Policies, System Security Plans, and Security baselines in accordance with NIST, FISMA, OMB App. III A-130 and industry best security practices. • Apply appropriate information security control for Federal Information System based on NIST SP 800-37 rev. 1, SP 800-53, FIPS 199, FIPS 200 and OMB A-130 Appendix III. • Perform Federal Information Security Management Act (FISMA) audit reviews using NIST SP 800-37 rev. 1.• Update IT security policies, procedures, standards, and guidelines according to departmental and federal requirements.• Develop and review System Security Plans (SSP) interfacing with system owners and engineers and system administrators. • Develop, review, and update E-Authentication, Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA). • Conduct the IT risk assessment and document security controls• Skilled in Impact Analysis• Ensure all POA&M actions are completed and tested in a timely manner to meet agency deadlines.• Interpret vulnerability and baseline scan results on department network. • Analyze security reports for security vulnerabilities. • Interface with IT Operators and Network Engineers to mitigate system vulnerabilities discovered in network devices (routers, switches, VPN Concentrator), servers, Show less

• Develop reports, dashboards, and processes to continuously monitor data quality and integrity• Design, set up, and maintain Salesforce standard objects, custom objects, junction objects, and structure users’ roles, security profile, and workflow rules• Ensure data quality by identifying and deleting or merging duplicate records, cleaning, and updating inaccurate data• Establishe system documentation for fields, processes, and workflows• Create profiles, permission… Show more • Develop reports, dashboards, and processes to continuously monitor data quality and integrity• Design, set up, and maintain Salesforce standard objects, custom objects, junction objects, and structure users’ roles, security profile, and workflow rules• Ensure data quality by identifying and deleting or merging duplicate records, cleaning, and updating inaccurate data• Establishe system documentation for fields, processes, and workflows• Create profiles, permission documentation, governance framework, data mapping, and reporting Show less

• Proficient in development of Security Authorization Package• I managed risks by implementing remediation, including policy and architecture recommendations.• I conducted risk assessments and implemented robust risk management processes to identify and mitigate potential threats and vulnerabilities.• I led internal audits and compliance reviews, ensuring adherence to regulatory requirements and internal control Frameworks.• I am experienced with the implementation and support… Show more • Proficient in development of Security Authorization Package• I managed risks by implementing remediation, including policy and architecture recommendations.• I conducted risk assessments and implemented robust risk management processes to identify and mitigate potential threats and vulnerabilities.• I led internal audits and compliance reviews, ensuring adherence to regulatory requirements and internal control Frameworks.• I am experienced with the implementation and support of Identity and Access Management solutions, including directory services, single sign on, authentication services, privileged access management, and federation• I developed and executed CGRC strategies, policies, and procedures to ensure compliance with relevant laws, regulations, and best practices.• I collaborate with cross-functional teams to develop and deliver training programs on CGRC policies, procedures, promoting a culture of compliance in the organization• Monitored and reported on key performance indicators (KPIs) to assess CGRC effectiveness and drive continuous improvement.• I ensured appropriate operational hygiene is in place for OS/Application patching and vulnerability remediation, adoption of latest images and provided guidance & support in addressing compliance issues, investigating incidents, and implementing corrective actions.• I maintained up-to-date knowledge of evolving regulatory landscape and industry trends to proactively adapt CGRC strategies.• Worked with customers or prospective customers to develop integrated solutions and lead detailed architectural dialogues to facilitate delivery of comprehensive solution.• Guided and influenced existing partners on recommended upgrades and enhancements to integrated solutions.• Communicated with partners and clients to update product and implementation status at technical or functional level.• Created and implemented innovative business solutions to support corporate objectives. Show less

• Served as security advisor for one or more project teams on all matters involving security of assigned information systems.• Maintained the Windows 2000 network infrastructure and administered the Windows 2000 professional server• Programmed overdrafts, loans, advances, and foreign exchange transactions• Additionally, produced internal audit trails• Automated account opening sequences, customer protection systems, unfreezing, account reactivation, domiciliary… Show more • Served as security advisor for one or more project teams on all matters involving security of assigned information systems.• Maintained the Windows 2000 network infrastructure and administered the Windows 2000 professional server• Programmed overdrafts, loans, advances, and foreign exchange transactions• Additionally, produced internal audit trails• Automated account opening sequences, customer protection systems, unfreezing, account reactivation, domiciliary, etc.• Established internet-based customer relationship and marketing technology for banking products• Booked risk assets and created some of the bank's e-products• Preserved the windows network infrastructure and structured the windows professional server• Planned overdrafts, loans, advances, and foreign exchange transactions then produced internal audit trails• Designed account opening sequences, customer protection systems, account reactivation, and unfreezing Show less