Download PDF

Summary

Experienced Compliance and Security Specialist seeking a challenging position that will utilize, expand, and further develop my technical skill set.

Work History

Oct 2010Present

Security Compliance Specialist

Early Warning®

Promoted from Security Compliance Intern in 2012

  • Conduct PCI pre-assessments including interviewing, documenting, and producing final assessment reporting
  • Assist with FISMA readiness assessments including: planning, preparation, execution and reporting
  • Review, develop, and revise security compliance processes and procedures ensuring standards maintain current/relevant; assisted in the development of concise and efficient annual security assessment process
  • SME for Allgress GRC tool; implement annual policy review process into Allgress workflow, created and implement internal support documentation for application end users; developed and addressed administrative support for Allgress GRC project
  • Developed and maintained compliance mapping standards and frameworks to policy via Allgress
  • Facilitate in risk acceptance process ensuring risk is accurately evaluated are reported

Education

20102012

Bachelor of Science Degree in Information Systems Security

ITT Technical Institute

September 2012

Highest Honors

Professional Associations / Affiliations

Information Systems Security Association – 2010 Scholarship Winner     

AVNET Tech Games winner: Build the Fastest Computer Challenge 2012 Scholarship Winner

AZNEXIS – President Elect/Co-founder (Student Organization)

Allgress Project

Accomplishments include, but not limited to:

  • Continued development of security policy review process and risk acceptance process
  • Maintained application and system support development for Allgress GRC tool since 2012
  • Successfully implemented annual policy review process into Allgress GRC workflow
  • Developed and published internal support document for Allgress application 
  • Developed and addressed administrative support tasks relevant to Allgress GRC project
  • Continued vendor relationship to enhance GRC tool and align to internal processes
  • Developed, maintain, and implemented security compliance mapping standards and frameworks to security policy via Allgress GRC tool. Mappings including: SIG 7.0, PCI 3.0, 3.1, FISMA, ISO 27000 series

Support Corporate Ethics and Compliance program

  • Participated in the EECP event in Q2 April 21-25th.
  • Worked with Enterprise Compliance Manager to design and implement the Legal and Compliance Impact Assessment (LCIA) standard and assessment in Allgress GRC tool.
  • Enterprise Compliance Manager was able to complete pilot and historical assessments to support ongoing Legal and Compliance Impact Assessment (LCIA) compliance efforts in Allgress GRC tool in Q4.

Support Internal Business Customers (2016)

  • Develop and align GRC workflows with internal processes for HR, Legal, and Enterprise Risk Managers
  • Deployed annual handbook acknowledgments project for HR -Q1
  • Continued to support Legal hold process in Assessment module
  • Develop and align Risk Register items with company tailored risk scenarios to support ERM KRI metrics

Compliance

2015 Related

Customer Audits and Standards Information Gathering assessment (SIG) 7.0

  • Annually update and maintain the Shared Assessments SIG in preparation of annual onsite customer audits. I assisted in documenting evidence in behalf of the Security Department managers and external department control owners into Allgress. Allgress GRC tool enabled the ability to map Early Warning responses to customer questionnaires and to internal security policies.

Payment Card Industry (PCI) Assessment DSS 3.1

  • Assisted in the coordination and active participation of this annual assessment. Consisting of five months of planning, preparation, and execution with external vendor QSA, as well as internal departments. Security Compliance team collected and provided in excess of over 180 evidence documents for the pre-assessment phase, prior QSA onsite assessment. I actively assisted with conducting research for security policies, cross mapped controls utilizing the (UCF) Unified Compliance Framework tool, and mapping PCI standards in Allgress GRC tool. The assessment revealed no outstanding issues and resulted in Early Warning meeting compliance requirements established by the PCI Council, allowing us to collect credit card data from our customers.

Federal Information Security Management Act (FISMA) Readiness Assessment

  • I assisted in coordinating, planning, preparation and execution with internal departments and Accuvant staff. Our team collected and provided in excess of 25 documents for the assessment prior to the onsite engagement. Security Compliance coordinated and scheduled internal interviews including our own department’s interview. The assessment revealed 7 findings, however Early Warning assessed well within the contractual agreements of being compliant to a moderate baseline of security controls.

2016 Related

References

(Upon Request)