Information Security Analyst
McKesson
Total des années d'expérience :22 years, 4 Mois
Responsible for Information Security and Risk Management throughout the entire security lifecycle, including but not limited to the following:
Incident Response
Threat and Vulnerability Management (OS, Application and Database layers)
Performing cross-functional risk assessments and developing remediation strategies
Conducting HIPAA assessment reviews across all points that contain PHI (protected health information)
Responsible for third-party vendor assurance reviews
Coordinate with Project Management teams on new security initiatives
Developed (from the ground up) the IT Internal Audit function in Qatar Foundation
Established audit schedule based on IT risk assessment (COBIT framework)
Conduct technology audits including applications, security, governance, project management
Created a strategy to provide enterprise-wide audit coverage for the domain of information technology
Developed a framework for information security compliance testing including:
-Vulnerability/Penetration audits on all critical infrastructure and applications on a quarterly schedule
-Firewall reviews
-User access and user provisioning reviews
-Application and Database layer assessments
Developed a standard framework to perform pre and post-application implementation reviews based on COBIT, ITIL and ISO
Assisted in the design strategy to implement an integrated audit methodology within the internal audit department, enabling the most thorough, comprehensive and efficient audits from a business risk perspective
Developed strategy for the enablement of the continuous auditing platform (i.e. fraud analytics)
Performed gap analysis of system deficiencies against standardized configuration, corporate & industry security standards, recommended and applied system updates & performed follow-up scans to verify updates
Drafted formal documentation of Corporate Information Security Policies, Procedures, Guidelines and Baselines in accordance to ISO 17799/27001
Served as a liaison between business units, corporate Information Technology (IT), finance & accounting, and the external auditors in all aspects of SOX
Key contributor to a unique security audit conducted as a result of Federal Trade Commission (FTC) order. The audit entailed delivering a documented control framework and providing documentation to support control testing
Managed corporate information systems vulnerability assessment and remediation program in accordance to regulatory compliance including PCI, SOX, and SAS70
Assisted clients with establishment of effective IT Security and Compliance Programs in order to achieve effective IT governance
Performed business and IT audit testing for clients conducting SOX 404, GLBA, HIPPA
Executed audit projects utilizing principals established within the Committee of Sponsoring Organizations’ (COSO) report on internal controls and Control Objectives for Information Technology (COBIT)
Provided vulnerability assessment remediation strategies and recommendations as well as consulting in preparation for regulatory and compliance audits.
Served as a fieldwork leader to assist clients in employing proper information systems, resources, and controls to maximize efficiencies and minimize risk
Worked with client personnel to analyze, evaluate, and enhance information systems facilitating the business internal control processes
Assisted clients and other team members in performing information technology control and security engagements
MBA - Edinburgh Business School (in progress)
Graduated with Honors 03/05 - 3.67 GPA
Graduated with Honors