Women's Job List

The Most Visited Job Board For Women For Over 20 Years

Women's Job List

Post Jobs | Post Resumes

What's New? | Browse By Location | Browse By Category | Jobs Just Posted

IT Security Compliance Risk Governance Resume

Posted on: 2017-09-04

LOG IN OR REGISTER TO CONTACT ME

This button will open the login/register page in a new tab. After logging in, come back to this page and refresh your browser.

Resume:

LinkedIn: www.linkedin.com/in/marilyn-sousa-cisa-crisc-cism 

------------

CAREER PROFILE:

As a consultant, I have progressively maintained and expanded my skillset and proficiencies by taking on various contract projects. Committed to these projects, to seeing them through to conclusion, I’ve worked in different cultures, adapted and gained knowledge.

Looking to take on a permanent role in Colorado; sit down long-term with a company where my vast experience can impact an organization and bring value.

 

SKILLS:

  • Experienced Senior level of regulatory requirements as an auditor; or as the person brought in to mitigate; or, to work with a client to bring a system to compliance standards. Includes security risk audit, scanning, security reports, policy development and writing.

 

  • Industry certified ISACA CSX, CISA, CRISC and CISM.

 

  • Track record of over years’ contracting experience with NIST, SCADA, HIPAA, SIG, SOC, PCI, PII, SOX and Best Practices; encompasses the understanding of current Risk Management Framework, DREAD and OWASP threat modeling, Data Privacy, ISO / application controls - processes. Includes audits on internal networks and rd party associates.

 

  • Proficient and knowledgeable with network compliance testing, vulnerability assessments, identifying issues, security risk analysis, analyzing system requirements for internal audit and regulatory reporting, communication of issues. Adept in development and review of Information Technology security program strategy, policy and processes.

 

  • Background in network engineering for WAN, LAN, Telephony (ISP and video) and InfoSec. Military service veteran - U.S. Air Force.

  

CONTRACTING EXPERIENCE:  Projects completed for contract agencies for multiple projects.         

Project :  Denver, CO

Contract Consultant - Sr. Security & Compliance Project Manager to Kaiser Permanente

  • Contracted to Kaiser Permanente Infrastructure Management Group to schedule and implement assessments to the RACI model of compliance using NIST - for HIPAA and NIST - and NIST -a for baseline assessments.
  • Provides advance compliance program consulting to focus on identified IT controls to align for governance of HIPAA, PHI, ePHI, PII, PCI, SOC, FDA and Best Practice.

Duration:  February - Present         

 

Project :  Denver, CO

Contract Consultant - Sr. Analyst Vendor Information Security Oversight to Charles Schwab

  • Contracted to Charles Schwab (Schwab Bank and Charles Schwab & Company) for Risk Management. Conducted complex vendor third party controls assessments; identified vendor gaps / deficiencies; ensured that applicable requirements were met for State and Federal Reserve regulations including NIST -, PCI, SOC, ISO and Best Practices.
  • Served as the responsible subject matter expert on vendor cyber security risk to include leading risk identification, quantification, and management efforts.
  • Assessed remediation plans and non-compliance acceptances where Information Security standards compliance could not be achieved in the environment; and validated evidence from vendors before findings were closed. Tracked in RSA Archer.

Duration:  August - February

 

Project :  Denver, CO

Contract Consultant - Sr. Security & Compliance Business Consultant to Kaiser Permanente

  • Contracted to Kaiser Permanente Technology Risk Management and HIPAA Security Program for risk profiling of applications and clinical devices for IT governance for HIPAA, PHI, ePHI, PII, PCI, SOC, SOX, FDA and Best Practice.
  • Performed IT security assessment to ensure consistency of internal controls to meet regulatory requirements for networks (Microsoft, IBM RACF, Cloud), Security Operations assets, Facility Operations assets and medical equipment with clients and vendors.
  • Gathered and documented risk & control assessment results, working as a liaison with business unit directors, managers and clients; provided security risk reports; conducted one-on-one meetings with the asset owners and performed quality assurance checks.

Duration:  April - August

 

In Transition         

  • Completed contracted project. Moved to Denver, CO. Passed Cybersecurity certification. Collaborated with ISACA on their certification program for Cybersecurity Nexus (CSX) III.

Duration:  February - April

 

Project :  Houston, TX

Contract Consultant - Third Party Global Cyber Security (GCS) Assessment to HP   

  • Contracted to Hewlett-Packard (HP) Global Cyber Security team to assess / identify supporting documents for security governance audits of vendors and business partners. Tracked assessments in the risk engine database, RSA Archer.
  • Reviewed and interpreted legal, regulatory and contractual compliance requirements across multiple industries focusing on Data & Network Security and Privacy, customer security and privacy schedules. Identified needed updates to existing contracts for gaps to support security compliance assessments.
  • Assessed, interpreted and summarized results to determine the associated security risk following the associated standards - SIG, HIPPA, SOC, PCI, SOX, ISO/IEC /, NIST, Safe Harbor, EU Data Protection Directive and/or Best Practice.
  • Communicated best practices and risks to all parts of the business.

Duration: July - February

  

Project :  Houston, TX

Contract Consultant - Sr. IT & Cyber Security Consultant to Energy Transfer Inc. and INGAA   

  • Contracted to Energy Transfer Inc. to validate big three audit findings and assess their IT security policies and procedures posture for their oil and gas enterprise systems and automated industrial control systems (ICS / SCADA).
  • Managed the creation, enhancement, and adoption of information security policies and standards consistent with the needs of Energy Transfer’s business segments. Promoted practical information security risk assessments through a hybrid risk and standards-based approach for IT governance. (NIST - & -, ISO/IEC /, PCI DSS, CSC SAN Top , INGAA).
  • Contracted to consult with INGAA (Interstate Natural Gas Association of America), defining how the NIST Cyber Security Framework would enhance their cyber security programs.

 Duration:  October - July

 

Project :  Houston, TX

Contract Consultant - Sr. System IT Security Engineer to Space Center Houston (NASA)    

  • Sub-contracted to Raytheon at Space Center Houston (NASA). Managed and provided security compliance verification and implementation for the Neutral Buoyancy Laboratory and the Space Vehicle Mock-up Facility of the International Space Station (ISS) industrial control systems (ICS) that utilizes Rockwell Automation software following ICS SCADA controls in NIST - and -a.
  • Developed, implemented and maintained IT security standards, procedures, policies and Risk Assessment Reports. Scheduled and performed quarterly vulnerability scans for continuous monitoring using McAfee Foundstone. Ensured security compliance activities to include data at rest for whole disk encryption, IT inventory, application health monitoring configuration documentation, patching and change management procedures.
  • Proactively collaborated with network engineers and system administrators on implementation of information security protocols and practical controls framework for the ever-changing regulatory requirements and client standards.

Duration: July - October

 

In Transition    

  • Completed consulting project. Keeping up to date on the latest in IT Security. (Cloud computing, reviewing the newest revision NIST -).

Duration:  April - July  

 

Project :  Alexandria, VA

Contract Consultant - Sr. Network Security Engineer to Defense Health Headquarters (DHHQ) TRICARE

  • Sub-contracted to provide IT security compliance verification. Responsible for completing Security Compliance Testing (utilizing Nessus scans), Security Test Plans, Vulnerability Matrices, Accreditation Reports and Risk Assessment Reports in the support of the Defense Health Headquarters (DHHQ) TRICARE systems. Ensuring HIPAA, PCI DSS, DIACAP and FISMA / NIST requirements are met / identified.
  • Utilized the Defense Information Systems Agency (DISA) approved checklists. Reviewed (SRR) scripts and Production Gold Disk (PGD) scripts to assess servers, workstations and network equipment configuration for their compliance with regulatory standards.
  • Responsibilities included secure system engineering and development, system / security requirements analysis and secure system definition and development of Information Assurance specifications, policies, and procedures using technical and analytical skills.

Duration:  January - April

 

Project :  Colorado Springs, CO

Contract Consultant - Sr. Information Assurance Engineer to U.S. Air Force Space Command (AFSPC)

  • Security advisor - IT support staff / network technical facilitator for the U.S. Air Force Space Command (AFSPC) Cyber Surety Division to provide Information Assurance (IA) guidance, clarification and governance direction to AF Wings and units.
  • Technical Subject Matter Expert (SME) tasked with reviewing and drafting guidance for both AFSPC and Air Force level guidance. Attended meetings and advised government officials on IT compliance with reference to IA from DoD and Federal regulations.

Duration:  September - January

 

Project :  Colorado Springs, CO

Contract Consultant - Sr. Computer Security & Information Protection Specialist to The Boeing Company  

  • Sub-Contracted to The Boeing Company to evaluate, communicate and mitigate computing and information security risks for the Air Force SOPS GPS (Global Positioning System).
  • Developed governance policies and provided oversight for protection of IT computing security systems. Lead in the development - creation of information assurance materials and processes for disaster recovery plans, contingency plans and business continuity plans of the individual GPS systems - sites.
  • Interfaced with the appropriate government agencies, customers, and company personnel to facilitate implementation of protective mechanisms and to ensure understanding of and compliance with computing security requirements.

 Duration: September - September

 

In Transition            

  • Government funding cut and slot was eliminated for last position. Moved back to Colorado. Studying for the CISM and CRISC. Keeping up to date on the latest NIST -.

Duration:  June - September

 

Project :  North Charleston, SC

Contract Consultant - Sr. Systems Analyst to Navy at the Space and Naval Warfare Systems Command (SPAWAR)

  • Sub-Contracted by SAIC to provide Information Assurance (IA) Certification and Accreditation (C&A) and Cross Domain Solution (CDS) support to the Navy at the Space and Naval Warfare Systems Command (SPAWAR).
  • Provided engineering, integration, technical and administration support consistent with IA, C&A and CDS activities for both ship and shore locations.

Duration:  April – June

 

Project :  North Charleston, SC

Contract Consultant - Sr. Systems Security Engineer to VA, NSF and IRS

  • Contracted to accomplished NIST and PCI DSS (Payment Card Industry Data Security Standard) compliance verification audits for the US Department of Veterans Affairs.
  • Reviewed monthly risk assessment reports for the senior executive team quantifying and verifying action plans to remediate identified risks; and, evaluated compliance closures for the Information Security Manager of audits performed for the NSF (National Science Foundation) Antarctica project.
  • Developed guidance documents for POA&Ms, Security Planning, policy/standards and presented to upper management at NSF in Arlington, VA.

Duration:  December - April

 

Project :  Lakewood, CO

Contract Consultant - Sr. C&A Security Analyst to Department of Interior (DOI)

  • Contracted to the Department of Interior’s (DOI) National Business Center Division (NBC) for FISMA / NIST -a auditing, FIPS assessment and InfoSec direction by identifying unique system characteristics, interviewing key organizational personnel (technical, administrative and executive); composed documentation (security categorizations, risk assessments, contingency planning, etc.); and, mapped technical requirements to prescribed security controls, policies and practices.
  • Conducted in-depth technical reviews of new and existing IT systems (Windows, UNIX, RACF) to identify the appropriate mitigation strategies required to meet compliance with policy and industry guidelines for the DOI and the Department of Transportation (DOT). Performed security analysis on multi-tiered systems according to vulnerability and risk.

Duration:  December - December

 

Project :  Colorado Springs, CO

Contract Consultant - Sr. Systems Security Engineer to Joint National Integration Center (JNIC) and Missile Defense Agency

  • Contracted to Northrop Grumman Mission Systems to provide technical expertise in Information Assurance at the Joint National Integration Center (JNIC) and Missile Defense Agency for IT security compliance with classified / unclassified systems.
  • Responsibilities included providing technical security engineering support for complex software, hardware, and network systems; executed security tests and evaluations; vulnerability assessments and audits; and, risk mitigation and analysis of security threats.
  • Worked closely with other IT groups in ensuring the security administration and protection of information assets including data, systems, databases, networks, and other resources.
  • Supported the government in preparation of C&A documentation; ran RETINA scans and DISA Gold Disk; reviewed ArcSight logs; recommended computer security requirements of local area and wide area networks.

Duration:  December - December

 

Project :  Lakewood, CO

Contract Consultant - Sr. Systems Security Engineer to Department of Interior (DOI)

  • Sub-Contracted to G&B Solutions to provide the Department of Interior’s (DOI) National Business Center Division with FISMA / NIST auditing, assessment and INFOSEC direction.
  • Developed System Security Plans (SSPs), Risk Assessments, and Asset Valuations. Proficient in information security concepts and application security “best practices”. Responsibilities included ensuring compliance with security standards and procedures.
  • Developed and executed IT Security documentation along with vulnerability testing. Conducted C&A security test and evaluations for the DOI. Performed FIPS and NIST security standards-compliant statistical security analysis on a multi-tiered system according to vulnerability, risk, security features, and technical areas.

Duration:  June - December

 

Project :  Colorado Springs, CO

Contract Consultant - Sr. Systems Security Engineer / Assistant Lead to Joint National Integration Center (JNIC) and Missile Defense Agency

  • Contracted to be accountable for coordination of system security engineering related projects and tasks. Provided technical expertise in Information Assurance (IA) for the Missile Defense Agency and Joint National Integration Center for security compliance support and cross domain information solutions of networks to meet set requirements. Ensured IT and R&D follows established information security policies and procedures.
  • Conducted system-level design reviews and risk management assessments. Assisted with computer security engineering for classified / unclassified networks; planning and implementation by reviewing and developing program documentation, ran RETINA scans for compliance certifications. Recommended security mitigation.

Duration:  March - June

  

CERTIFICATIONS & EDUCATION: 

  • ISACA Cybersecurity Nexus (CSX)  
  • Certified in Risk and Information Systems Control (CRISC)  
  • Certified Information Security Manager (CISM)  
  • Certified Information Systems Auditor (CISA)
  • Security+ Certified
  • Auditing and Monitoring Windows Server
  • Certified Multimedia Design Networks Specialist
  • State-of-The Art Program – Frame Relay, Fast Packet and ATM & ISDN  
  • A.A., General Studies, University of Maryland
  • A.A.S., Electronic Systems Technology, Community College of the Air Force

  

TECHNICAL TRAINING:

  • CISSP Boot Camp
  • Cyber Security Assessment Management (CSAM)
  • SANS System Forensics, Investigation & Response Course
  • eEye Retina REM Administrator CBT Course  
  • SANS Intrusion Detection Course    

 

...

ADD A JOB

Job Seekers

SUBMIT YOUR RESUME

Site Owners Get The Widget

Latest Employers