Samuel B Email & Phone Number

United States

Baltimore, Maryland, US

• Maintained security compliance programs within a GRC or compliance automation solution
• Tracked audit remediation actions, help develop solutions, and report on the status.
• Coordinated with external auditors and Flexential’s operations teams to obtain audit evidence for in-scope IT systems to support the annual audit, such as SOC 1&2, ISO 27001, HITRUST, PCI-DSS.
• Developed and maintained flexential’s security policies, standards and guidelines.
• Supported Flexential’s response to Regulators, Auditors, Client inquiries, and Due Diligence Questionnaires.
• Conducted assessments of third-party vendors and partners to ensure they meet our security and compliance standards

Charlotte, North Carolina, US

• Coordinated with external auditors and operations teams to obtain audit evidence for in-scope IT systems to support the annual audit such as SOC 1&2, ISO-27001, HITRUST, and PCI-DSS.
• Supported the development and implementation of a risk register process.
• Performed quarterly risk register reviews; managed and monitored remediation and exceptions of cybersecurity risks.
• Provided guidance and support to business units on information security matters, including security awareness training and incident response.
• Developed and maintained information security policies, standards, and procedures aligned with industry best practices.
• Identified and communicated control gaps; evaluated management remediation action plans, and provided ongoing monitoring of resolution.

New York, NY, US

• Conducted comprehensive risk assessments to identify potential security vulnerabilities and threats.
• Implemented GRC processes to automate and continuously monitor information security controls, exceptions, risks, and control testing.
• Documented incidents and reported them per regulatory requirements.
• Conducted incident response activities, including investigation and remediation.
• Led external audits with frameworks such as SOC 1&2, ISO 27001, PCI-DSS, HITRUST CSF.
• Analyzed security logs to detect suspicious activities.

Allentown, Pennsylvania, US

• Reviewed technical systems controls and report on security weaknesses and communicate significant control and compliance risk to management.
• Identified and resolve any issue of noncompliance, with a related standard or framework
• Developed and implements information security policies, procedures, and standards to protect the confidentiality, integrity, and availability of information systems and data
• Responded to external requests for Security Questionnaires, Due Diligence, Vendor Risk Assessments, and other categories that require responses.
• Leveraged GRC tools to efficiently manage external authoritative sources, information technology controls, and risk management workflows.
• Actively offered internal security consulting on policies, controls, standards and best practices to business functions and end users.

US

• Examine SOC and HITRUST reports, vulnerability assessments, policies, procedures, and standard documents to evaluate compliance. This involves reviewing system configurations, security protocols, access controls.
• Ensure the protection of Confidential Unclassified Information (CUI), the standards outlined in DFARS and NIST 800-171
• Prepare a plan of action and milestones based on the findings and recommendations of a security assessment report excluding any remediation actions taken.
• Develop/Review deliverables associated with a FedRAMP security authorization package including, but not limited to: System Security Plan, Information System Contingency Plan, Security Assessment Plan, Security.
• Supports Security Control Assessments using NIST 800-53A Rev5 as guidance for current federal directives and policies.
• Performs System Security Categorizations using FIPS 199 and the NIST 800-60 Vol.11 Rev1 guidelines and templates to select provisional impact level assigned to the Confidentiality, Integrity and Availability (CIA).