Uploaded File
Nicholas
nicjeje@yahoo.com
469-438-0863
Dallas, TX 75201
Information Security Analyst
4 years experience W2
0
Recommendations
Average rating
23
Profile views
Summary

Experienced Senior Information Technology Specialist with a demonstrated history of working blue chip & global Enterprise. Skilled in IT Auditing, IT InfoSec protocols, Regulatory & Compliance Requirements, Vendor Risk Management, and Business Process Improvement. Strong InfoSec professional. Additional skillset Professional competence, Experience, and Skills: Manage the IT SOX program which involves building a sustainable control framework referenced by both the internal and external audit teams Manage successful completion of testing of significant IT general controls in accordance with the Sarbanes-Oxley Act of 2002

  • Skilled in directing and leading IT Security Audits for each of the following areas;
  • Operating systems (Windows, UNIX flavors & Mainframe)
  • Databases including data warehouse appliances
  • Application Security including ERM systems
  • Network Security and System Development Life Cycle (SDLC) including AGILE methodology
  • Auditing IT Service Management (ITIL) for incident, problem and change management
  • Regulatory compliance with SOX, PCI, GLBA, FFIEC, and ISO27001
  • Working knowledge of Audit and data analytic applications: Teammate, ACL, and IDEA

Experience
Information Security Analyst
Oct 2019 - present
  • Utilized knowledge of the IT security environment to effectively identify issues, assess their impact and develop solutions with company divisions
  • Conducted vulnerabilities and risks assessment in accordance with the NIST series and agency policy of information systems.
  • Implemented company policies, technical procedures, and standards for preserving the integrity and security of data, reports, and access.
  • Performed risk assessments of vendors/third-party applications, systems, tools, and infrastructure.
  • Performed risk analyses to identify appropriate security countermeasures and recommend security standards, guideline and procedures to management.
  • Reported to management concerns of residual risk, vulnerabilities and other security exposures, including misuse of information assets and on-compliance.
  • Created detailed risk assessment reports on identified security weaknesses, describe potential business risks, and prioritized recommendations for remediation.
  • Performed risk assessments for numerous acquisition and re-evaluated sensitivity of the systems, risks, and mitigation strategies.
  • Utilized government security standard around IT security assessment for management, operations, and technical controls.
  • Developed cybersecurity awareness training and promoted security awareness to internal and acquired personnel.
  • Drafted reports to management including recommendations regarding systems, internal controls, policies, and procedures.
  • Conducted network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures Helpdesk.
  • Working with ITSEC team members collaborating with various security teams
  • System Engineering, Network Engineering, IT Web services, IT desktop support services, Business and data owners to resolve and remediate security as it affects the enterprise. •
Compliance Cyber Security Information Security NIST Risk Analysis Risk Assessment Security Analyst Vulnerability Assessments
Remove Skill
IT Security Analyst US Expert Consultant
Apr 2019 - Oct 2019
  • Security Assessments of end client’s cybersecurity effectiveness attack surfaces -Endpoint Security, IAM security, Perimeter Security Emailing Security, Cloud Security, Applications Security, 3rd parties Risk Management (TPRM), and Security Awareness to report on visibility, hardening, and control across the global enterprise.
  • Creating metrics and Performing walkthroughs with Domain and Subdomain metrics owners to better understand the various attack surfaces in order to carry out an assessment to identify security gaps in enterprise global infosec policies against general industry best practices.
  • Work with various domain and subdomain owners implement the Information Security design for cloud usage throughout the enterprise, enforce compliance with security policies, controls, and function as a technical security SME on various projects. Help synthesize radical ideas, define new security strategies and persevere to get the job done Globally.
  • Drive various due diligence risk and security assessments to quantified and qualified around digital assets transfer within a restricted internal process to determine data leakage and to recommend strict adherence enterprise global process. Give advisory on best DLP application to implement to prevent and forestall continuous leakage as a result of process override.
  • Assess program and security controls using Organization Information Security Policy, NIST Special Publications, Privacy shields, EU – GDPR, HIPAA. PCI
  • DSS frameworks to provide information necessary to determine overall cybersecurity effectiveness across the global enterprise.
  • Conducting Information Security Third Parties Risk Management Assessment and other ad hoc across ends client’s infrastructures to identify gaps in cloud and applications security architecture and documenting key control findings.
Applications Security Compliance Cyber Security HIPAA IAM Information Security NIST PCI Risk Management Security Analyst
Remove Skill
IT Security and Risk Analyst
Aug 2018 - Jan 2019
Dallas, TX
Global InfoSec Vendor Risk Assessments Team
  • engaged in Global Enterprise Vendor Risk Assessments from End to End for BCG internal/external onboarding infoSec clients.
  • Review Security Framework, establish Cloud Governance standards, educate Business / Technology teams. Design and build Cloud Security solutions that balance the need for speed and flexibility of Cloud infrastructure and IaaS/PaaS/SaaS applications with the need to protect Cloud Service Clients against ongoing and potential security threats.
  • Implement the Information Security design for Cloud usage throughout the enterprise, enforce compliance with Security policies, controls, and function as a technical security SME on various projects. Help synthesize radical ideas, define new security strategies and persevere to get the job done Globally.
  • Review, assess and analyze infrastructure access request questionnaires business Team/Vendor’s granting of access according to organization policy requirements and procedures in alignment to Vendor needs on targeted platforms.
Compliance Information Security Risk Assessment
Remove Skill
Sr. IT Risk & Compliance Specialist
Aug 2017 - Jul 2018
  • Work with IS Directors to assist in ensuring their teams are compliant with established compliance practices, standards and IT policies and procedures.
  • Manage the SOX compliance calendar, control execution schedule, and Technology audit checklists, programs and guidelines.
  • Work with local IS Directors to ensure all SOX control documentation is up
  • to – date and accurate for all IT area.
  • Prepare the IT department for our regular external audit SOX testing.
  • Support Internal Audit in SOX Management Testing by conducting Semi-annual User Security access audit and quarterly Segregation of Duties
  • SOD reviews and assessment.
  • Define, develop, and execute testing of segregation of duties – run and review SOD validation, violations and implement mitigations on violations.
  • Serve as a member of the change advisory board (CAB) and provide all necessary review of security objects of customized security programs before they are migrated to the production environment by running validation and violations reports. Work with software’s security engineers, Business analyst, Business Process Owner to resolve issues of security violations.
  • Provide regular status metrics on compliance initiatives and audit activities to Director of Project Management Office.
  • Assist in the migration of decentralized control documentation across multiple technology groups into a consolidated repository.
  • Participate in the development and oversight of required management action plans relating to compliance issues.
  • Monitor and support compliance initiatives for related 3rd parties (e.g. SOC1,2).
  • Assist with the education of process/control owners so they better understand the controls framework and their responsibilities.
  • Stay up-to-date on current compliance regulations and changes in policy.
  • Work closely with functional teams to develop user profiles and levels of access that meet both audit and functional requirements.
No skills were added
Remove Skill
IT Audit Consultant
Jun 2017 - Jul 2017
Dallas, TX
  • Responsible for the execution and delivery of audit assignments by ensuring that all IT-related business risks are identified and appropriately reviewed in alignment with the departmental audit plan and initiatives.
  • Support Internal Audit in SOX Management Testing by conducting ITGC SOX Compliance review and testing. Involved in various Semi-annual User Security access audit and quarterly Segregation of Duties
  • SOD reviews and assessment, change management audit etc.
  • Reviews of IT and Investments-related integrated processes for compliance with company policy and control standards, regulatory requirements, leading practices, and procedural efficiency and accuracy;
  • Identification, drafting, and communication of audit issues and audit reports as well as review of management’s proposed mitigation plans for appropriateness.
  • Recommendations and implementation of changes to the control environment or operating processes.
  • Support integrated systems pre
  • & post-implementation audits on major systems transformations.
Auditing Change Management Compliance SOX
Remove Skill
Edit Skills
Non-cloudteam Skill
Education
Accountancy
Mountain View College, 2014 - 2016
Accounting
Rivers State University of Science and Technology, 2001 - 2004
Accounting and Finance
Delta State University , 1994 - 1997
Certifications
Certified Information Systems Auditor® (CISA)
ISACA, 2017
Information Technology Infrastructure Library. ITIL® V3
AXELOS Global Best Practice, 2017
Certified Fraud Examiner (CFE).
Association of Certified Fraud Examiners (ACFE), 749913
Skills
Compliance
2021
2
Information Security
2021
2
Risk Assessment
2021
2
Cyber Security
2021
1
NIST
2021
1
Risk Analysis
2021
1
Security Analyst
2021
1
Vulnerability Assessments
2021
1
Accounts Payable
0
1
Accounts Receivable
0
1
Analysis
0
1
Applications Security
2019
1
Audit
0
1
Auditing
2017
1
Budgeting
0
1
Case Management
0
1
CentOS
0
1
Change Management
2017
1
Customer Service
0
1
GLBA
0
1
HIPAA
2019
1
IAM
2019
1
Mental Health
0
1
Microsoft Excel
0
1
Microsoft Office
0
1
Microsoft PowerPoint
0
1
Microsoft Word
0
1
Network Security
0
1
OLAP
0
1
PCI
2019
1
Process Improvement
0
1
Project Management
0
1
Quality Assurance
0
1
Regulatory Compliance
0
1
Risk Management
2019
1
Sarbanes-Oxley
0
1
SCADA
0
1
Sourcing
0
1
SOX
2017
1
Strategic Planning
0
1
Team Build
0
1
Training
0
1
UNIX
0
1