Shawn Burden Email & Phone Number

United States

Greater Atlanta Area

• Provide subject matter expertise, guidance, and assessment services to identify and manage risks associated with third-party service providers
• Ensures that these third-party service providers have controls that are adequately designed, implemented or remediated to meet Aaron’s control requirements and SOX, HIPAA, PCI, and internal policy compliance expectations
• Perform duties covering the full-span of vendor life-cycle include but not limited to: data gathering to establish a centralized Vendor Inventory across Aaron’s enterprise, determine and categorize vendor service.
• Provides consultancy services to business and project teams evaluating new vendor services and/or introducing new technologies to Aaron’s environments.
• Collaborates with team members to continuously improve VRM tools and processes to meet department objectives, applying creative solutions to address issues with people, processes, and technologies.
• Supports development, implementation, and maintenance of vendor risk and compliance documentation and procedures.

Greater Atlanta Area

• Performed IT Security Risk Assessment/Audits for The Home Depot 3rd Party vendors, internal applications/software, products, and services to identify and prioritize risk to assist the business in achieving compliance
• Conducted interviews with appropriate personnel such as architects, application managers and developers to understand the product purpose, functionality and data elements being processed, transmitted, and stored in the.
• Completed and reviewed IT Security Risk Assessment questionnaires to understand the overall IT Security posture of applications and operations in security areas such as Governance, Application, Platform, Network.
• Collected, reviewed and validated necessary documentation in support of security assessments/audits such as IT Security Systems Plans/Standards, Disaster Recovery Plans, Network and Security Architectural Diagrams and.
• Engineered operational and security solutions to mitigate risk and provide strategies to improve the security posture of internal processes and environments
• Ensured all risk/audit findings were documented in eGRC Archer tool and closed in a timely manner; communicated findings to senior leadership team for action and closure

Greater Atlanta Area

• Security Assessment and Authorization formerly Certification and Accreditation (C&A) Subject Matter Expert delivering SA&A support activities for Centers for Disease Control and Prevention (CDC)
• Deliverables include System Security Plans, Risk Assessments, Contingency/Disaster Recovery Plans, training plans and audits, various policies and procedures, and project timelines
• Developed SA&A deliverables schedule and work with customer to coordinate documentation review, updates, and final delivery
• Routinely documented procedures, processes, and current security state as part of the organization’s ongoing continuous improvement activities
• Heavily involved in security accreditation testing, POAM remediation oversight and weekly status reporting
• Interviewed subject matter experts to become familiar with existing procedures and solicit from them information required to develop robust documentation and reports

Greater Atlanta Area

• Identified and assess the security practice of 95+ countries operations
• Understand market and cultural pressures affecting security in each country
• Maintained a catalog of security capabilities for each country's operation
• Developed plans for executing a security strategy in each market
• Progressively mature countries security operations to meet security control standards
• Provided consultancy on security related issues

Greater Atlanta Area

• Assessed risk and security posture of IS programs, IS policies, IS procedures, regulatory compliance, IT systems, applications, logical, infrastructure, mobile, endpoint, windows and IT infrastructures
• Identified vendor risk appetite by identifying and documenting threats, vulnerabilities, risks, mitigating controls, and remediation plans
• Formally documented and communicated results and remediation plans to relevant stakeholders
• Aligned information security requirements with the needs of the business, IT policies and procedures
• Created and defined security assessment policies, guidelines, standards, and procedures for security and risk assessments
• Contract Review for security, business continuity and disaster recovery related language and regulatory compliance

Greater Atlanta Area

• Gathered and analyzed technical information, performed compliance risk assessments for external CDC contractors’ extranet connections to the CDC infrastructure, and prepared reports and recommendations related to.
• Openly discussed with contractor representatives all concerns with audit results and supporting documentation submitted to OCISO(Office of the Chief Information Security Office); documented answers provided and.
• Developed associated plan of action and milestone items, risk mitigation worksheets, risk assessment reports, corrective action plans, and tracked completion of remediation for IT security weaknesses and/or.
• Responsible for designing and implementing solutions to protect the confidentiality, integrity and availability of sensitive information
• Performed Security, Test & Evaluations during on-site inspections to determine contractors implemented the required IT security controls required by Federal Information Systems Management Act (FISMA) and Human Health.
• Reviewed 400+ request for proposals (RFP) and statements of work (SOW) to determine the correct IT Security and Privacy language was specified and met the Human Health Services (HHS) standards and policies

Greater Atlanta Area