Women's Job List

IT Security & Compliance Audit Resume


LOG IN OR REGISTER TO CONTACT ME

This button will open the login/register page in a new tab. After logging in, come back to this page and refresh your browser.

Resume:


MARILYN SOUSA

| | Colorado

LinkedIn: www.linkedin.com/in/marilyn-sousa-cisa-cism 

------------

CAREER PROFILE:

Looking to leverage my years of Sr. Security Analyst and IT Cyber Security Regulatory Compliance Auditor. Experience and knowledge in security compliance and internal audit of networks and rd party associates for Health Care, Financial Institutions, Oil & Gas, Federal and Fortune companies to industry standards.

Following standards of NIST, HIPAA, SCADA, SOC, PCI, PII, SOX, SSAE and Best Practices; encompasses the understanding of current Risk Management Framework, DREAD and OWASP threat modeling, Data Privacy, SIG, ISO / application controls - processes.

Progressively expanded my skill-set and proficiency by taking on various Contract projects. Committed to these projects with integrity – reliability; seeing them through as complete. Looking for a full-time role in south Denver or Colorado Springs, CO or a Remote position where my contracting experience and interpersonal skills can bring value.

 

KEY COMPETENCIES:

  • Industry certified through ISACA: CISA and CISM.

                                                         Areas of Expertise

• Business Continuity - Disaster Recovery

• Security Risk Assessment & Management

• Privacy

• Auditing & Assessing

• Policy Management & Compliance

• Security Operations

 

  • Proficient and knowledgeable with network compliance, identifying issues, vulnerability assessments, security risk analysis. Adept in development and review of audit reports, Information Technology security program strategy, policy and process documentation.  
  • Collaborates with management to improve internal controls and processes - preparing risk assessments, identifying audit areas, setting audit scopes and engagement of annual audits.   
  • Technical background in network engineering for WAN, LAN, Telephony (ISP and video) and InfoSec. Military service veteran - U.S. Air Force.

 

CONTRACT - PROJECT CONSULTING EXPERIENCE                                  June - Present

Projects completed for contract agencies for multiple projects.      

 

TechOne Staffing, Inc. – Greenwood Village, CO              (Contract work for Kaiser Permanente)

Sr. Security & Compliance Consultant                                        Duration:  Feb – Present

  • Schedule and implement IT security audits with system owners using NIST - for HIPAA and NIST -, NIST -a and NIST - for baseline assessments.
  • Provide advance compliance draft audit consulting to focus on NIST Controls to align for governance of HIPAA, HITRUST, PHI, ePHI, PII, PCI, SOC, FDA and Best Practice.
  • Define the boundaries of applications / infrastructure, network diagram reviews (Visio) and gathers evidence to support the identified NIST Controls are in compliance with IBM.

 

Randstad Technologies, LP – Lone Tree, CO                      (Contract work for Charles Schwab)           

Sr. Analyst Vendor Information Security Oversight               Duration:  Aug - Feb

  • Conducted vendor third party financial control assessments - GRC; identified vendor gaps / deficiencies; ensured that applicable requirements were met for State and Federal Reserve regulations - NIST -a & -, PCI, SOC, ISO and Best Practices.
  • Responsible subject matter expert on financial services of vendor cyber security risk to include risk identification, quantification, and management efforts.Assessed (QA) remediation plans and non-compliance acceptances. Validated evidence from third parties to assist in closing identified findings. Tracked in RSA Archer.

 

Rose International - Greenwood Village, CO                    (Contract work for Kaiser Permanente)

Sr. Security & Compliance Business Consultant                  Duration:  April - Aug

  • Risk profiling of clinical devices and applications for IT governance for HIPAA, PHI, ePHI, PII, PCI, SOC, SOX, FDA and Best Practice.
  • Performed IT security assessments of networks (IBM RACF, Cloud), Security Operations assets, Facility Operations assets and medical equipment with clients and vendors.
  • Gathered and documented assessment results; a liaison – Point Of Contact with business unit directors, managers and clients; conducted one-on-one meetings with the asset owners.

 

In Transition                                                                               Duration:  Feb - April                                                                                  

  • Completed contracted project. Moved to Denver, CO. Passed Cybersecurity certification. Collaborated with ISACA on their certification program for Cybersecurity Nexus (CSX) III.

 

InSight Global - Houston, TX                                                (Contract work for Hewlett-Packard)

Third Party Global Cyber Security (GCS) Assessment           Duration: July - Feb

  • Annual audit of supporting documents - papers for security governance compliance of vendors and business partners. Tracked assessments in the RSA Archer for HP Global.
  • Reviewed regulatory requirements and contractual compliance requirements across multiple industries for Data & Network Security and Privacy. Identified updates to contracts for gaps to assess.
  • Assessed to the associated security risk standards - SIG, NIST -a & -, GRC, HIPPA, SOC, PCI, SOX, ISO/IEC /, Safe Harbor, EU Data Protection Directive of GDPR - General Data Protection Regulation Security Compliance and/or Best Practice.

 

W-Industries (CSE ICON) - Houston, TX            (Contract work for Energy Transfer and INGAA)

Sr. IT & Cyber Security Consultant                                           Duration:  Oct - July

  • Contracted to Energy Transfer Inc. to validate big three external audit findings and assess their IT security policies and procedures posture for their oil and gas enterprise systems and automated industrial control systems (ICS / SCADA). Collaborated with external auditors.
  • Oversaw the creation - draft, enhancement, and adoption of information security policies and standards with the needs of business segments. (NIST -, - & -, ISO/IEC /, PCI DSS, CSC SANS Top – CIS Critical Security Controls, INGAA).
  • Contracted to consult with INGAA (Interstate Natural Gas Association of America), defining how the NIST Cyber Security Framework would enhance their cyber security programs.

 

MRI Technologies - Clear Lake City, TX        (Contract work for Space Center Houston (NASA))

Sr. System IT Security Engineer                                                Duration: July - Oct

  • Sub-contracted to Raytheon at NASA. Provided security compliance verification and implementation for the Neutral Buoyancy Laboratory and the Space Vehicle Mock-up Facility of the International Space Station (ISS) industrial control systems (ICS) that utilizes Rockwell Automation software following ICS SCADA controls in NIST - and -a.
  • Implemented and maintained IT security procedures, policies and risk reports. Scheduled and performed quarterly vulnerability scans for continuous monitoring using McAfee Foundstone. Ensured security compliance activities, IT inventory and change management.

 

In Transition                                                                              Duration:  April - July

  • Completed contract consulting project. Keeping up to date on the latest in IT Security. (Cloud computing, reviewing the newest revision NIST -).

 

Brandon Technology Consulting - Alexandria, VA (Contract work for Defense Health HQ-DHHQ)

Sr. Network Security Engineer                                                   Duration:  Jan - April

  • Implemented IT Security Test Plans, Security Compliance Testing (Nessus scans), Risk Assessment Reports and Accreditation Reports of the DHHQ TRICARE systems. Ensuring HIPAA, PCI DSS, DIACAP and FISMA / NIST requirements are identified and met.
  • Utilized the Defense Information Systems Agency (DISA) approved checklists. Reviewed scans of servers, workstations and network equipment configurations.

 

NCI Information Systems - Col Springs, CO  (Contract work for U.S. Air Force Space Command)         

Sr. Information Assurance Engineer                                         Duration:  Sept - Jan

  • Security advisor - IT network support staff; director level - provided Information Assurance (IA) guidance and clarification direction to AF Wings and units.
  • Technical Subject Matter Expert (SME) tasked with reviewing and drafting operational guidance. Advised government officials on IT compliance to DoD and Federal regulations.

 

Yoh, Inc. - Colorado Springs, CO                                    (Contract work for The Boeing Company)

Sr. Computer Security & Information Protection Specialist   Duration: Sept - Sept

  • Provided oversight for protection of confidential information on IT computer systems. Developed consistent policies and processes of disaster recovery plans and business continuity plans of the individual GPS (Global Positioning System) sites.
  • Interfaced with the appropriate government agencies, customers, and company personnel to facilitate implementation of protective mechanisms and to ensure the understanding of.

 

In Transition                                                                               Duration:  June - Sept

  • Government funding cut and contract slot was eliminated for last position. Moved back to Colorado. Studying for the CISM and CRISC. Keeping up to date on the latest NIST -.

 

Yoh, Inc. - North Charleston, SC (Contract work for Space & Naval Warfare Systems Command)

Sr. Systems Analyst                                                                  Duration:  April – June

  • Sub-Contracted to SAIC to provide Information Assurance Certification and Accreditation (C&A) and Cross Domain Solution (CDS) support to the Navy at SPAWAR.
  • Provided engineering, integration, technical and administration support for both ship and shore locations. Review of Visio network designs.

 

 

Booz Allen Hamilton - North Charleston, SC                   (Contract work for the VA, NSF and IRS)

Sr. Systems Security Engineer                                                  Duration:  Dec - April

  • Accomplished NIST and PCI DSS (Payment Card Industry Data Security Standard) compliance verification audits for the US Department of Veterans Affairs (VA).
  • Reviewed risk assessment reports for senior executive team quantifying and verifying action plans to remediate identified risks; evaluated compliance closures for upper management of audits performed for the National Science Foundation (NSF) Antarctica.

 

G&B Solutions - Lakewood, CO                            (Contract work for Department of Interior (DOI))

Sr. C&A Security Analyst                                                            Duration:  Dec - Dec

  • FISMA / NIST -a auditing, FIPS & NIST -, SSAE internal control assessment; interviewed key organizational personnel (technical, administrative and executive); update reporting of eMASS state; composed quality documentation (risk assessments, contingency planning, etc.) for presentations.
  • Conducted in-depth technical reviews of new and existing IT systems (Windows, UNIX, RACF) for compliance with policy and industry guidelines for the DOI and the Department of Transportation (DOT) for ongoing monitoring of IT security controls.

 

Boecore - Schriever AFB, CO                           (Contract work for to the Missile Defense Agency)

Sr. Systems Security Engineer                                                   Duration:  Dec - Dec

  • Contracted to Northrop Grumman Mission Systems to provide technical IT Security expertise in Information Assurance (IA) for systems compliance support safeguarding associated classified and unclassified systems.
  • Provided technical security engineering support for complex software, hardware, network systems; design, develop, and execute security tests and evaluations (ST&E) of annual audit plan, vulnerability assessments and audits; risk mitigation and analysis of security threats.

 

CERTIFICATIONS & EDUCATION: 

  • ISACA Cybersecurity Nexus (CSX)  
  • ISACA Certified Information Security Manager (CISM)  
  • ISACA Certified Information Systems Auditor (CISA)
  • CompTIA Security+
  • Auditing and Monitoring Windows Server
  • Certified Multimedia Design Networks Specialist  
  • A.A., General Studies, University of Maryland
  • A.A.S., Electronic Systems Technology, Community College of the Air Force

 

TECHNICAL TRAINING:

  • CISSP Boot Camp
  • Cyber Security Assessment Management (CSAM)
  • SANS System Forensics, Investigation & Response Course
  • eEye Retina REM Administrator CBT Course  
  • SANS Intrusion Detection Course    

...