Profiles search
Christopher Edwards
Information Security Officer at First Financial Federal Credit Union of Maryland
Baltimore, MD, United States
Details
Education:
Master's degree
Cybersecurity
University of Maryland University College
2015 : 2016
Bachelor of Applied Science (B.A.Sc.)
Cybersecurity
University of Maryland Global Campus
2009 : 2012
Cybersecurity
University of Maryland University College
2015 : 2016
Bachelor of Applied Science (B.A.Sc.)
Cybersecurity
University of Maryland Global Campus
2009 : 2012
Experience:
• Implement information security strategies, initiatives and objectives
• Collaborate with management to understand new initiatives, and provide information on the inherent information security risk of these activities, and outlining ways to mitigate the risks.
• Partner with management to understand the flows of information, the risks to that information, and the best ways to protect the information.
• Monitor emerging risks and implementing mitigations.
• Inform the board, management, and staff of information security and cybersecurity risks and the role of staff in protecting information.
• Create and deploy security awareness and training programs.
2018 : Present
First Financial Federal Credit Union of Maryland
Information Security Officer
• Utilizing MediaLabs and Articulate Storyline 360 to create an enterprise-wide IT Security Awareness and Training Program which reinforced organizational policies, procedures, and best practices when conducting company business onsite and remotely.
• Created and communicated security newsletters which promoted information security awareness and best practices enterprise-wide.
• Conducted enterprise-wide phishing campaigns using PhishMe (Cofense) platform for scenarios and reporting.
• Reviewed IT systems for adequate management controls, efficiency, and compliance with policies, regulations and standards.
• Obtained supporting vendor documentation regarding compliance reports such as : Attestation of Compliance (AoC), Service Organization Controls (i.e. SOC 1, SOC 2 Type 2, etc.) for review and validation.
• Reviewed IT Security policies for appropriateness and provided recommendations to management for improvement.
• Contributed to building a risk management program using a risk-based approach for information security.
• Created an Application Portfolio which included an inventory of all applications, systems, and processes utilized to conduct company business.
• Created a Vendor Security Questionnaire which provided insight of the organization’s service providers’ capability in maintaining appropriate safeguards for business systems and information.
• Created an IT Risk Assessment Questionnaire which provides insight to the internal management of systems, applications, and processes which create, store, or transmit organizational information.
• Created Data Classification Guidelines and System Security Categorization document which established a framework for classifying organizational data based on its level of sensitivity, value, and criticality to the organization.
• Analyzed results from Vulnerability (Nessus) scan and communicated results to appropriate departments and personnel for remediation. .
2017 : 2018
Ameritox
Information Security Analyst
•Conduct risk assessments on 3rd party applications (In-House, COTS, Cloud) to all departments that store, transmit and/or process sensitive institutional data throughout the course of business.
•Identify information/data types, integration points and level of access for users.
•Submit findings and recommendations for the users of the application, to eliminate or mitigate risk to the University.
•Classify and assign risk levels to all 3rd party applications
•Produced a remediation process for lowering risk level and securing sensitive information.
•Maintain and utilize a Risk Management SharePoint site for information gathering/sharing, communicating to application owners and conducting application inventory/management
•Prepare an Executive Summary to present to the Director and CIO
•Conduct audits on the process and procedures for disposals of hard drives
•Contributed to building security policies, risk management program and guidelines to create a proactive environment for information security
2013 : 2016
Towson University
IT Risk and Compliance Analyst
• Collaborate with management to understand new initiatives, and provide information on the inherent information security risk of these activities, and outlining ways to mitigate the risks.
• Partner with management to understand the flows of information, the risks to that information, and the best ways to protect the information.
• Monitor emerging risks and implementing mitigations.
• Inform the board, management, and staff of information security and cybersecurity risks and the role of staff in protecting information.
• Create and deploy security awareness and training programs.
2018 : Present
First Financial Federal Credit Union of Maryland
Information Security Officer
• Utilizing MediaLabs and Articulate Storyline 360 to create an enterprise-wide IT Security Awareness and Training Program which reinforced organizational policies, procedures, and best practices when conducting company business onsite and remotely.
• Created and communicated security newsletters which promoted information security awareness and best practices enterprise-wide.
• Conducted enterprise-wide phishing campaigns using PhishMe (Cofense) platform for scenarios and reporting.
• Reviewed IT systems for adequate management controls, efficiency, and compliance with policies, regulations and standards.
• Obtained supporting vendor documentation regarding compliance reports such as : Attestation of Compliance (AoC), Service Organization Controls (i.e. SOC 1, SOC 2 Type 2, etc.) for review and validation.
• Reviewed IT Security policies for appropriateness and provided recommendations to management for improvement.
• Contributed to building a risk management program using a risk-based approach for information security.
• Created an Application Portfolio which included an inventory of all applications, systems, and processes utilized to conduct company business.
• Created a Vendor Security Questionnaire which provided insight of the organization’s service providers’ capability in maintaining appropriate safeguards for business systems and information.
• Created an IT Risk Assessment Questionnaire which provides insight to the internal management of systems, applications, and processes which create, store, or transmit organizational information.
• Created Data Classification Guidelines and System Security Categorization document which established a framework for classifying organizational data based on its level of sensitivity, value, and criticality to the organization.
• Analyzed results from Vulnerability (Nessus) scan and communicated results to appropriate departments and personnel for remediation. .
2017 : 2018
Ameritox
Information Security Analyst
•Conduct risk assessments on 3rd party applications (In-House, COTS, Cloud) to all departments that store, transmit and/or process sensitive institutional data throughout the course of business.
•Identify information/data types, integration points and level of access for users.
•Submit findings and recommendations for the users of the application, to eliminate or mitigate risk to the University.
•Classify and assign risk levels to all 3rd party applications
•Produced a remediation process for lowering risk level and securing sensitive information.
•Maintain and utilize a Risk Management SharePoint site for information gathering/sharing, communicating to application owners and conducting application inventory/management
•Prepare an Executive Summary to present to the Director and CIO
•Conduct audits on the process and procedures for disposals of hard drives
•Contributed to building security policies, risk management program and guidelines to create a proactive environment for information security
2013 : 2016
Towson University
IT Risk and Compliance Analyst
Company:
First Financial Federal Credit Union of Maryland
Years of Experience:
10
Spoken Language:
English, Spanish
Skills
Application Security, Cloud Applications, Cloud Computing, Cloud Security, Collaborative Problem Solving, Communication, Compliance PCI, Compliance Remediation, Computer Security, Crystal Reports, Customer Service, Custom Templates, Databases, Disk Management, Documentations, Enterprise Risk Management, FERPA, Healthcare Information Technology, HIPAA, Information Security, Information Security Management, Information Technology, IT Audit, IT Controls, Management, Microsoft Office, Mobile Applications, Network Security, Oracle Reports, PCI DSS, PCI Standards, PII, Remediation, Reporting & Analysis, Report Writing, Risk Analysis, Risk Assessment, Risk Management, SharePoint, SOC 1, System Architecture, Time Management, Training, Web Applications
About
Identifying and eliminating risks are my top priority. I have constructed and conducted risk assessments in line with national best practices as well as governing bodies to help identify information security weaknesses.
Profile Photo
