Job Description :
Helped to manage governance risk compliance eGRC efforts in the business with projects involving cybersecurity, NERC-CIP, vulnerability, threat assessment , risk posture, risk assessment, security architecture and Cybersecurity.

? Researched and administered ways to secure corporate IT assets involving security patching and application of baseline standards ISO / IEC 27001:2018, FFIEC, NIST 800-53, HIPAA 164.310, PMBOK, GLBA, SOX section 4.

? Provided direction for cybersecurity within a 1,100-user network involving threat posture, secure application development practices, gap analysis and risk posture.

? Security tools utilized: IBM QRadar, CyberArk, PAM privileged access management, Password Vault module, DLP data loss prevention, Skybox Platform with Firewall, Network Assurance with Threat and Vulnerability Controls, Splunk, Syslog DTLS, Tenable Nessus 6.7, SIEM, Java scripting, Nexpose Rapid 7, Tripwire Enterprise 8.5.0, FireEye, Bit9 Carbon Black, Kerberos, Sophia, RedSeal, Proofpoint, WebSense, UEBA, Palo Alto, Juniper, Checkpoint, Bluecoat Proxy firewalls, Wireshark analyzer and other tools for intrusion detection and SIEM efforts.

? Provided IT Audit and Information Security guidance through standards: CoBIT 5, COSO, DISA STIGs, NIST 800-53, PCI / DSS 3.2 compliance and SCADA.

? Authored Programs in risk avoidance, risk transfer, factor analysis of information risk FAIR, suspicious activity reports, technical writing of policies and procedures, security plans and intrusion detection efforts.

? Proficient with PGP, RedSeal, QRadar, CyberArk, Tripwire Enterprise, Nexpose Rapid 7, Nessus 6.7, Sophos AV, Proofpoint, Bluecoats, Bit9-Carbon Black, Snort, Splunk, Syslog, Scrum, Agile, SDLC, SIEM.

? Provided IT Audit expertise involving Governance Risk Compliance GRC involving Capability Maturity Model CMM, ISO/IEC standards, OCTAVE, FAIR, TARA, OWASP top 10 controls, CoBit, NIST, FFIEC controls and Centers for Medicaid/Medicare CMS standards. Robotics study as it relates to Cybersecurity and SCADA controls and methods.