Women's Job List

The Most Visited Job Board For Women For Over 20 Years

Women's Job List

Post Jobs | Post Resumes

What's New? | Browse By Location | Browse By Category | Jobs Just Posted

IT Security Compliance Assessment and/or Risk Governance - CISA CISM CRISC Resume

Posted on: 2017-08-23

LOG IN OR REGISTER TO CONTACT ME

This button will open the login/register page in a new tab. After logging in, come back to this page and refresh your browser.

Resume:

LinkedIn: www.linkedin.com/in/marilyn-sousa-cisa-crisc-cism

------------

CAREER PROFILE:

  • Senior level experienced with regulatory requirements as an auditor; or as the person brought in to mitigate; or, to work with a client to bring a system to compliance standards. Includes security risk audit, scanning, security reports, policy development and writing.
  • Track record of over years’ experience with NIST, SCADA, HIPAA, PCI, and SOX and encompasses the understanding of current Risk Management Framework, DREAD & OWASP threat modeling, Data Privacy, ISO / application controls and processes.
  • Security and network consulting to include network compliance testing, vulnerability assessments, security risk analysis, security education and communication of issues.
  •  
  • Proficient and knowledgeable with security compliance of identifying issues; appropriate action implementation; and, development and review of IT security program strategy, policy and processes. Adept in analyzing system requirements.
  • Looking for a direct hire position that can utilize my vast experience. Background in network engineering for WAN, LAN, Telephony (ISP and video) and InfoSec. Prior military service veteran - U.S. Air Force.
  • Industry certified ISACA CSX, CISA, CRISC and CISM.

 

PROFESSIONAL EXPERIENCE:                 

Sr. Security & Compliance Project Manager Consultant

TechOne Staffing, Inc. – Denver, CO                                                       February – Present

  • Contracted consultant to Kaiser Permanente Infrastructure Management Group to schedule and implement assessments to the RACI model of compliance using NIST - for HIPAA and NIST - and NIST -a for baseline assessments.
  • Provides advance compliance program consulting to focus on identified IT controls to align for governance of HIPAA, PHI, ePHI, PII, PCI, SOX, FDA and Best Practice.

Sr Analyst – Vendor Information Security Oversight Consultant

Randstad USA – Denver, CO                                                             August – January

  • Contracted to Charles Schwab (Schwab Bank and Charles Schwab & Company) for Risk Management. Conducted complex vendor third party controls assessments; identified vendor gaps / deficiencies; ensured that applicable requirements were met for State and Federal Reserve regulations including NIST -, PCI, SOX, ISO and Best Practices.
  • Served as the responsible subject matter expert on vendor cyber security risk to include leading risk identification, quantification, and management efforts.
  • Assessed remediation plans and non-compliance acceptances where Information Security standards compliance could not be achieved; and validated evidence from vendors before findings were closed.

Sr. Security & Compliance Business Consultant

Rose International – Denver, CO                                                            April – August

  • Contracted consultant to Kaiser Permanente Technology Risk Management and HIPAA Security Program for risk profiling of applications and clinical devices for IT governance for HIPAA, PHI, ePHI, PII, PCI, SOX, FDA and Best Practice.
  • Performed IT security assessment to ensure consistency of internal controls to meet regulatory requirements for networks (Microsoft, IBM RACF, Cloud), Security Operations assets, Facility Operations assets and medical equipment with clients and vendors.
  • Gathered and documented risk & control assessment results, working as a liaison with business unit directors, managers and clients; provided security risk reports; conducted one-on-one meetings with the asset owners and performed quality assurance checks.

In Transition                                                                                        February – April

  • Completed consulting sub-contract and moved to the Greater Denver, CO area. Completed next Cybersecurity certification. Also collaborated with ISACA on their certification program for Cybersecurity Nexus (CSX) III.

Third Party Global Cyber Security (GCS) Assessment Consultant

InSight Global – Houston, TX                                                               July – February

  • Contracted consultant to Hewlett-Packard (HP) Global Cyber Security team to assess and
  • identify supporting documents for security governance audits of vendors and business partners. Tracked assessments in the risk engine database, RSA Archer.
  • Reviewed and interpreted legal, regulatory and contractual compliance requirements across multiple industries focusing on Data & Network Security and Privacy, customer security and privacy schedules. Identified needed updates to existing contracts for gaps to support security compliance assessments.
  • Assessed, interpreted and summarized results to determine the associated security risk following the associated standards - SIG, HIPPA, PCI, SOX, ISO/IEC /, NIST, Safe Harbor, EU Data Protection Directive and/or Best Practice.
  • Communicated best practices and risks to all parts of the business.

Sr. IT & Cyber Security Consultant

CSE ICON, Inc. (W-Industries, Inc.) – Houston, TX                                October – July

  • Contracted consultant to Energy Transfer Inc. to validate big three audit findings and assess their IT security policies and procedures posture for their oil and gas enterprise systems and automated industrial control systems (ICS / SCADA).
  • Managed the creation, enhancement, and adoption of information security policies and standards consistent with the needs of Energy Transfer’s business segments. Promoted practical information security risk assessments through a hybrid risk and standards-based approach for IT governance. (NIST - & -, ISO/IEC /, PCI DSS, CSC SAN Top , INGAA).
  • Contracted to consult with INGAA (Interstate Natural Gas Association of America) on defining how the NIST Cyber Security Framework (CSF) would enhance their current cyber security programs.

Sr. System IT Security Engineer

MRI Technologies – Houston, TX                                                            July – October

  • Sub-contracted consultant to Raytheon at Space Center Houston (NASA). Managed and provided security compliance verification and implementation for the Neutral Buoyancy Laboratory and the Space Vehicle Mock-up Facility of the International Space Station (ISS) industrial control systems (ICS) that utilizes Rockwell Automation software following ICS SCADA controls in NIST - and -a.
  • Developed, implemented and maintained IT security standards, procedures, policies and Risk Assessment Reports. Scheduled and performed quarterly vulnerability scans for continuous monitoring using McAfee Foundstone. Ensured security compliance activities to include data at rest for whole disk encryption, IT inventory, application health monitoring configuration documentation, patching and change management procedures.
  • Collaborated with network engineers and system administrators on implementation of information security protocols and practical controls framework for the ever-changing regulatory requirements and client standards.
  •  

In Transition                                                                                               April – July  

  • Completed consulting sub-contract. In transition. Keeping up to date on the latest in IT Security - (Cloud computing, reviewing the newest revision NIST -).

Sr. Network Security Engineer

Brandon Technology Consulting, Inc. – Alexandria, VA                          January – April

  • Sub-contracted to provide IT security compliance verification. Responsible for completing Security Compliance Testing (utilizing Nessus scans), Security Test Plans, Vulnerability Matrices, Accreditation Reports and Risk Assessment Reports in the support of the Defense Health Headquarters (DHHQ) TRICARE systems. Ensuring HIPAA, PCI DSS, DIACAP and FISMA / NIST requirements are met / identified.
  • Utilized the Defense Information Systems Agency (DISA) approved checklists. Reviewed (SRR) scripts and Production Gold Disk (PGD) scripts to assess servers, workstations and network equipment configuration for their compliance with regulatory standards.
  • Responsibilities included secure system engineering and development, system / security requirements analysis and secure system definition and development of Information Assurance specifications, policies, and procedures using technical and analytical skills.

Sr. Information Assurance Engineer

NCI Information Systems, Inc. – Colorado Springs, CO               September – January

  • Security advisor – IT support staff / network technical facilitator for the U.S. Air Force Space Command (AFSPC) Cyber Surety Division to provide Information Assurance (IA) guidance, clarification and governance direction to AF Wings and units.
  • Technical Subject Matter Expert (SME) tasked with reviewing and drafting guidance for both AFSPC and Air Force level guidance. Attended meetings and advised government officials on IT compliance with reference to IA from DoD and Federal regulations.

Sr. Computer Security & Information Protection Specialist

Yoh Inc. – Colorado Springs, CO                                           September – September

  • Sub-Contracted to The Boeing Company (consecutive and month sub-contracts) to evaluate, communicate and mitigate computing and information security risks for the Air Force SOPS GPS (Global Positioning System) systems.
  • Developed governance policies and provided oversight for protection of IT computing security systems. Lead in the development - creation of information assurance materials and processes for disaster recovery plans, contingency plans and business continuity plans of the individual GPS systems - sites.
  • Interfaced with the appropriate government agencies, customers, and company personnel in order to facilitate implementation of protective mechanisms and to ensure understanding of and compliance with computing security requirements.

In Transition                                                                                   June – September  

  • Government funding cut for last position. In transition. Moved back to Colorado. Studying for the CISM and CRISC. Keeping up to date on the latest NIST -.

Sr. Systems Analyst

Yoh IT, Inc - North Charleston, SC                                                               April – June   

 (Government funding cut and slot was eliminated)

  • Sub-Contracted to SAIC to provide Information Assurance (IA) Certification and Accreditation (C&A) and Cross Domain Solution (CDS) support to the Navy at the Space and Naval Warfare Systems Command (SPAWAR).
  • Provided engineering, integration, technical and administration support consistent with IA, C&A and CDS activities for both ship and shore locations.

Sr. Consultant - Systems Security Engineer

BAH, Inc. - North Charleston, SC                                                        December – April

  • Accomplished NIST and PCI DSS (Payment Card Industry Data Security Standard) compliance verification audits for the US Department of Veterans Affairs.
  • Reviewed monthly risk assessment reports for the senior executive team quantifying and verifying action plans to remediate identified risks; and, evaluated compliance closures for the Information Security Manager of audits performed for the NSF (National Science Foundation) Antarctica project.
  • Developed guidance documents for POA&Ms, Security Planning, policy/standards and presented to upper management at NSF in Arlington, VA.

Sr. C&A Security Analyst

G&B Solutions, Inc. - Lakewood, CO                             December – December

  • Contracted the Department of Interior’s (DOI) National Business Center Division (NBC) for FISMA / NIST -a auditing, FIPS assessment and InfoSec direction by identifying unique system characteristics, interviewing key organizational personnel (technical, administrative and executive); composed documentation (security categorizations, risk assessments, contingency planning, etc.); and, mapped technical requirements to prescribed security controls, policies and practices.
  • Conducted in-depth technical reviews of new and existing IT systems (Windows, UNIX, RACF) in order to identify the appropriate mitigation strategies required to meet compliance with policy and industry guidelines for the DOI and the Department of Transportation (DOT). Performed security analysis on multi-tiered systems according to vulnerability, risk, security features, and technical areas.

Sr. Systems Security Engineer

Boecore, Inc. – Colorado Springs, CO                                       December – December   

(Funding cut and slot was eliminated)

  • Contracted to Northrop Grumman Mission Systems to provide technical expertise in Information Assurance at the Joint National Integration Center (JNIC) and Missile Defense Agency for IT security compliance with classified / unclassified systems.
  • Responsibilities included providing technical security engineering support for complex software, hardware, and network systems; executed security tests and evaluations; vulnerability assessments and audits; and, risk mitigation and analysis of security threats.
  • Worked closely with other IT groups in ensuring the security administration and protection of information assets including data, systems, databases, networks, and other resources.
  • Supported the government in preparation of C&A documentation; ran RETINA scans and DISA Gold Disk; reviewed ArcSight logs; recommended computer security requirements of local area and wide area networks.

Sr. Systems Security Engineer

Hire Return - Lakewood, CO                                                               June – December

  • Sub-Contracted (six months) to G&B Solutions to provide the Department of Interior’s (DOI) National Business Center Division with FISMA / NIST auditing, assessment and INFOSEC direction for multiple systems (Windows, UNIX, RACF).
  • Developed System Security Plans (SSPs), Risk Assessments, and Asset Valuations. Proficient in information security concepts and application security “best practices”. Responsibilities included ensuring compliance with security standards and procedures.
  • Developed and executed C&A, ST&E and SSP documentation along with vulnerability testing. Conducted C&A security test and evaluations for the DOI. Performed FIPS and NIST security standards-compliant statistical security analysis on a multi-tiered system according to vulnerability, risk, security features, and technical areas.

Sr. Systems Security Engineer / Assistant Lead

Northrop Grumman Mission Systems – Colorado Springs, CO                 March – June

  • Responsible for coordination of system security engineering related projects and tasks. Provided technical expertise in Information Assurance (IA) for the Missile Defense Agency and Joint National Integration Center for security compliance support and cross domain information solutions of networks to meet regulatory requirements. Ensured IT and R&D follows established information security policies and procedures.
  • Conducted system-level design reviews and risk management assessments. Assisted with computer security engineering for classified / unclassified networks; planning and implementation by reviewing and developing program documentation, ran RETINA scans for compliance certifications. Recommended security mitigation.

 

 CERTIFICATIONS & EDUCATION: 

  • Studying for the CPIT - Certified Information Privacy              
  • ISACA Cybersecurity Nexus (CSX)  
  • Certified in Risk and Information Systems Control (CRISC)  
  • Certified Information Security Manager (CISM)  
  • Certified Information Systems Auditor (CISA)
  • Security+ Certified
  • Auditing and Monitoring Windows Server
  • Certified Multimedia Design Networks Specialist
  • State-of-The Art Program – Frame Relay, Fast Packet and ATM & ISDN  
  • A.A., General Studies, University of Maryland
  • A.A.S., Electronic Systems Technology, Community College of the Air Force

  

TECHNICAL TRAINING:

  • CISSP Boot Camp
  • Cyber Security Assessment Management (CSAM)
  • SANS System Forensics, Investigation & Response Course
  • eEye Retina REM Administrator CBT Course  
  • SANS Intrusion Detection Course    

ADD A JOB

Job Seekers

SUBMIT YOUR RESUME

Site Owners Get The Widget

Latest Employers